JDK 22 Enhances Security with New CA Certificates, Key Interfaces, and Settings Display Option
Java Development Kit (JDK) 22, which was released on March 19, introduces several important security enhancements aimed at improving cryptographic capabilities and making it easier for developers to manage and inspect security settings. The latest update from Oracle brings new features and changes that bolster the security infrastructure of Java applications.
One of the notable additions is the enhanced -Xshowsettings option. Previously used for displaying various system settings and configurations, this option now includes -Xshowsettings:security, which provides detailed information on security-related settings. Developers can now view security properties, the list of installed security providers and their supported algorithms, and enabled TLS protocols and cipher suites. This enhancement aims to streamline the process of verifying and debugging security configurations.
In the realm of cryptography, JDK 22 introduces a new standard interface, java.security.AsymmetricKey. This interface is a subinterface of java.security.Key and represents both private and public asymmetric keys. By extending the existing java.security.PublicKey and java.security.PrivateKey classes to be subinterfaces of AsymmetricKey, the update provides a more unified approach to handling asymmetric keys. Additionally, this change prepares the framework for easier integration of future asymmetric algorithms by allowing the representation of algorithm parameters using NamedParameterSpec.
Another significant update in JDK 22 is the deprecation of the jdk.crypto.ec module. This module, which previously contained code for elliptic curve cryptographic algorithms, has been moved to the java.base module along with the SunEC security provider. While the jdk.crypto.ec module remains in place for now, it is slated for eventual removal. This move aims to simplify the deployment of applications that rely on elliptic curve cryptographic algorithms and improve overall module management.
Moreover, JDK 22 enhances the Public Key Infrastructure (PKI) by adding 10 new root CA certificates to the cacerts keystore. These include certificates from notable authorities such as eMudhra Technologies, DigiCert, Let’s Encrypt, Telia, and Certigna. The inclusion of these certificates expands the range of trusted certificates available within the JDK and supports a broader array of secure communications.
Overall, these updates in JDK 22 reflect Oracle’s ongoing commitment to enhancing Java’s security features. By improving the management and inspection of security settings, standardizing cryptographic interfaces, and updating root CA certificates, JDK 22 offers developers a more robust and secure platform for building Java applications.