Skip to content

Elliptic Curve Support

Jump to bottom Edit New page
David Blacka edited this page Mar 30, 2024 · 3 revisions

The latest version of jdnssec-tools supports ECDSAP256SHA256, ECDSAP384SHA384, ED25519, and ED448.

  • As of version 0.13, jdnssec-tools supports ECDSAP256SHA256 (algorithm 13) and ECDSAP384SHA384 (algorithm 14) using the normal Sun crypto provider (SunEC).
    • Algorithm 12 (ECC-GOST) is supported if the "bouncycastle" crypto provider is present in the classpath. The easiest way to do that is to put the bouncycastle provider jar (fetched from http://www.bouncycastle.org/latest_releases.html) in the lib/ directory of the distribution.
  • As of version 0.14, jdnssec-tools supports ED25519 (algorithm 15) using the Creative Commons licensed eddsa library (https://github.com/str4d/ed25519-java), included.
  • As of version 0.20, jdnssec-tools supports ED25519 (algorithm 15) and ED448 (algorithm 16) using the normal Sun crypto provider (SunEC). This requires Java 15 or later.

Note that Algorithm 12 (ECC-GOST) support will be entirely removed in a near future version of jdnssec-tools. This will remove any need for the bouncycastle crypto provider, and is prompted by https://datatracker.ietf.org/doc/draft-hardaker-dnsop-must-not-ecc-gost/

Add a custom footer
Add a custom sidebar
Clone this wiki locally