Fix/java8 signature format#2
Open
oleksandrlazarenko-pi wants to merge 3 commits into
Open
Conversation
BUILD: Target Java 8 for the published library.
This was referenced Jul 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces the
SHA256withECDSAinP1363Formatsignature algorithm with thestandard
SHA256withECDSA, converting between ASN.1 DER and the raw 64-byte(IEEE P1363) form in code. The wire format is unchanged; the library now signs
and verifies on Java 8 instead of requiring Java 15+.
Motivation
SHA256withECDSAinP1363Formatwas only added to the JDK in Java 15. Sincethis library targets Java 8 (
maven.compiler.release=8), any consumer on Java8-14 hit
NoSuchAlgorithmException: SHA256withECDSAinP1363Format Signature not availablethe moment they signed or verified — which surfaced as CI failures ina downstream Java 8 project:
So the Java-8 compile target was misleading: the crypto still needed Java 15+.
The PHP implementation already avoids this (it uses
SHA256withECDSA+derToRaw/rawToDer); this change brings owid-java in line.Changes (
Crypto.java)SIGNATURE_ALGORITHM→SHA256withECDSA(DER; available since Java 7).signByteArrayconverts the DER signature to the raw 64-byte form via a newderToRaw;verifyByteArrayconverts the raw 64 bytes back to DER viarawToDerbefore verifying.derToRaw,rawToDer,readDerLength,readDerInteger,padCoordinate,encodeDerInteger,encodeDerLength,trimLeadingZeros) — all pure byte manipulation, Java 8 safe.Compatibility
followed by the 32-byte s. The existing
WireVectorsTestandFixturesTest(cross-language vectors) pass unchanged, confirming byte-for-byte interop with
owid-js / owid-php / owid-python / owid-dotnet.
Testing
mvn clean test— 35/35 pass (incl.CryptoTestsign/verifyround-trips and the wire-format fixtures).
java18APIcheck confirming only Java 8 APIs are used.