# HG changeset patch # User rpatil # Date 1507717059 -19800 # Node ID 8072a355d3c010595e2d6269cdf05a92b656b843 # Parent 7c5821691ba56d3c03059b8441b4c753a8e3597e 8169080: Improve documentation examples for crypto applications Reviewed-by: wetmore Contributed-by: prasadarao.koppula@oracle.com diff -r 7c5821691ba5 -r 8072a355d3c0 src/share/classes/java/security/MessageDigest.java --- a/src/share/classes/java/security/MessageDigest.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/java/security/MessageDigest.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -57,7 +57,7 @@ * and catching the CloneNotSupportedException:
* *
-* MessageDigest md = MessageDigest.getInstance("SHA"); +* MessageDigest md = MessageDigest.getInstance("SHA-256"); * * try { * md.update(toChapter1); @@ -442,7 +442,7 @@ /** * Returns a string that identifies the algorithm, independent of * implementation details. The name should be a standard - * Java Security name (such as "SHA", "MD5", and so on). + * Java Security name (such as "SHA-256"). * See Appendix A in the * Java Cryptography Architecture API Specification & Reference diff -r 7c5821691ba5 -r 8072a355d3c0 src/share/classes/java/security/Signature.java --- a/src/share/classes/java/security/Signature.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/java/security/Signature.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -52,11 +52,10 @@ * authentication and integrity assurance of digital data. * *The signature algorithm can be, among others, the NIST standard - * DSA, using DSA and SHA-1. The DSA algorithm using the - * SHA-1 message digest algorithm can be specified as SHA1withDSA. - * In the case of RSA, there are multiple choices for the message digest - * algorithm, so the signing algorithm could be specified as, for example, - * MD2withRSA, MD5withRSA, or SHA1withRSA. + * DSA, using DSA and SHA-256. The DSA algorithm using the + * SHA-256 message digest algorithm can be specified as SHA256withDSA. + * In the case of RSA the signing algorithm could be specified as, for example, + * SHA256withRSA. * The algorithm name must be specified, as there is no default. * *
A Signature object can be used to generate and verify digital diff -r 7c5821691ba5 -r 8072a355d3c0 src/share/classes/java/security/SignedObject.java --- a/src/share/classes/java/security/SignedObject.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/java/security/SignedObject.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -81,13 +81,12 @@ * verification in an attempt to bypass a security check. * *
The signature algorithm can be, among others, the NIST standard - * DSA, using DSA and SHA-1. The algorithm is specified using the + * DSA, using DSA and SHA-256. The algorithm is specified using the * same convention as that for signatures. The DSA algorithm using the - * SHA-1 message digest algorithm can be specified, for example, as - * "SHA/DSA" or "SHA-1/DSA" (they are equivalent). In the case of - * RSA, there are multiple choices for the message digest algorithm, - * so the signing algorithm could be specified as, for example, - * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA". The algorithm name must be + * SHA-256 message digest algorithm can be specified, for example, as + * "SHA256withDSA". In the case of + * RSA the signing algorithm could be specified as, for example, + * "SHA256withRSA". The algorithm name must be * specified, as there is no default. * *
The name of the Cryptography Package Provider is designated diff -r 7c5821691ba5 -r 8072a355d3c0 src/share/classes/javax/crypto/Cipher.java --- a/src/share/classes/javax/crypto/Cipher.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/javax/crypto/Cipher.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,7 +59,7 @@ *
A transformation is a string that describes the operation (or * set of operations) to be performed on the given input, to produce some * output. A transformation always includes the name of a cryptographic - * algorithm (e.g., DES), and may be followed by a feedback mode and + * algorithm (e.g., AES), and may be followed by a feedback mode and * padding scheme. * *
A transformation is of the form:
@@ -75,17 +75,16 @@ * For example, the following is a valid transformation:
* *
- * Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding"); + * Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding"); ** * Using modes such asCFB
andOFB
, block * ciphers can encrypt data in units smaller than the cipher's actual * block size. When requesting such a mode, you may optionally specify * the number of bits to be processed at a time by appending this number - * to the mode name as shown in the "
DES/CFB8/NoPadding
" and - * "DES/OFB32/PKCS5Padding
" transformations. If no such - * number is specified, a provider-specific default is used. (For - * example, the SunJCE provider uses a default of 64 bits for DES.) + * to the mode name as shown in the "{@code AES/CFB8/NoPadding}" and + * "{@code AES/OFB32/PKCS5Padding}" transformations. If no such + * number is specified, a provider-specific default is used. * Thus, block ciphers can be turned into byte-oriented stream ciphers by * using an 8 bit mode such as CFB8 or OFB8. * @@ -235,7 +234,7 @@ /* * array containing the components of a Cipher transformation: * - * index 0: algorithm component (e.g., DES) + * index 0: algorithm component (e.g., AES) * index 1: feedback component (e.g., CFB) * index 2: padding component (e.g., PKCS5Padding) */ @@ -281,8 +280,8 @@ // transform string to lookup in the provider final String transform; // the mode/padding suffix in upper case. for example, if the algorithm - // to lookup is "DES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING" - // if loopup is "DES", suffix is the empty string + // to lookup is "AES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING" + // if lookup is "AES", suffix is the empty string // needed because aliases prevent straight transform.equals() final String suffix; // value to pass to setMode() or null if no such call required @@ -367,11 +366,11 @@ } if ((mode == null) && (pad == null)) { - // DES + // AES Transform tr = new Transform(alg, "", null, null); return Collections.singletonList(tr); } else { // if ((mode != null) && (pad != null)) { - // DES/CBC/PKCS5Padding + // AES/CBC/PKCS5Padding Listlist = new ArrayList (4); list.add(new Transform(alg, "/" + mode + "/" + pad, null, null)); list.add(new Transform(alg, "/" + mode, null, pad)); @@ -407,7 +406,7 @@ * the {@link Security#getProviders() Security.getProviders()} method. * * @param transformation the name of the transformation, e.g., - * DES/CBC/PKCS5Padding. + * AES/CBC/PKCS5Padding. * See Appendix A in the * @@ -483,7 +482,7 @@ * the {@link Security#getProviders() Security.getProviders()} method. * * @param transformation the name of the transformation, - * e.g., DES/CBC/PKCS5Padding. + * e.g., AES/CBC/PKCS5Padding. * See Appendix A in the * @@ -536,7 +535,7 @@ * does not have to be registered in the provider list. * * @param transformation the name of the transformation, - * e.g., DES/CBC/PKCS5Padding. + * e.g., AES/CBC/PKCS5Padding. * See Appendix A in the * diff -r 7c5821691ba5 -r 8072a355d3c0 src/share/classes/javax/crypto/CipherSpi.java --- a/src/share/classes/javax/crypto/CipherSpi.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/javax/crypto/CipherSpi.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,7 +59,7 @@ * A transformation is a string that describes the operation (or * set of operations) to be performed on the given input, to produce some * output. A transformation always includes the name of a cryptographic - * algorithm (e.g., DES), and may be followed by a feedback mode and + * algorithm (e.g., AES), and may be followed by a feedback mode and * padding scheme. * *
A transformation is of the form:
@@ -75,7 +75,7 @@ * For example, the following is a valid transformation:
* *
- * Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding"); + * Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding"); ** *A provider may supply a separate class for each combination @@ -125,32 +125,32 @@ * * *
For example, a provider may supply a subclass of
CipherSpi
- * that implements DES/ECB/PKCS5Padding, one that implements - * DES/CBC/PKCS5Padding, one that implements - * DES/CFB/PKCS5Padding, and yet another one that implements - * DES/OFB/PKCS5Padding. That provider would have the following + * that implements AES/ECB/PKCS5Padding, one that implements + * AES/CBC/PKCS5Padding, one that implements + * AES/CFB/PKCS5Padding, and yet another one that implements + * AES/OFB/PKCS5Padding. That provider would have the following *Cipher
properties in its master class:* *
* *
@@ -158,7 +158,7 @@ *- *
- ** *Cipher.
DES/ECB/PKCS5Padding + *Cipher.
AES/ECB/PKCS5Padding *- *
- ** *Cipher.
DES/CBC/PKCS5Padding + *Cipher.
AES/CBC/PKCS5Padding *- *
- ** *Cipher.
DES/CFB/PKCS5Padding + *Cipher.
AES/CFB/PKCS5Padding *- *
- ** *Cipher.
DES/OFB/PKCS5Padding + *Cipher.
AES/OFB/PKCS5Padding *Another provider may implement a class for each of the above modes * (i.e., one class for ECB, one for CBC, one for CFB, * and one for OFB), one class for PKCS5Padding, - * and a generic DES class that subclasses from
CipherSpi
. + * and a generic AES class that subclasses fromCipherSpi
. * That provider would have the following *Cipher
properties in its master class:* @@ -166,7 +166,7 @@ * *
* - ** * diff -r 7c5821691ba5 -r 8072a355d3c0 src/share/classes/javax/crypto/Mac.java --- a/src/share/classes/javax/crypto/Mac.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/javax/crypto/Mac.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -50,7 +50,7 @@ * *Cipher.
DES + *Cipher.
AES *A MAC mechanism that is based on cryptographic hash functions is * referred to as HMAC. HMAC can be used with any cryptographic hash function, - * e.g., MD5 or SHA-1, in combination with a secret shared key. HMAC is + * e.g., SHA256 or SHA384, in combination with a secret shared key. HMAC is * specified in RFC 2104. * * @author Jan Luehe diff -r 7c5821691ba5 -r 8072a355d3c0 src/share/classes/javax/crypto/SealedObject.java --- a/src/share/classes/javax/crypto/SealedObject.java Tue Feb 27 19:59:31 2018 -0800 +++ b/src/share/classes/javax/crypto/SealedObject.java Wed Oct 11 15:47:39 2017 +0530 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -40,7 +40,7 @@ *
Given any Serializable object, one can create a SealedObject * that encapsulates the original object, in serialized * format (i.e., a "deep copy"), and seals (encrypts) its serialized contents, - * using a cryptographic algorithm such as DES, to protect its + * using a cryptographic algorithm such as AES, to protect its * confidentiality. The encrypted content can later be decrypted (with * the corresponding algorithm using the correct decryption key) and * de-serialized, yielding the original object.