PING: RFR: JDK-4347142: Need method to set Password protection to Zip entries
Yasumasa Suenaga
yasuenag at gmail.com
Mon May 30 12:44:15 UTC 2016
Hi Mark,
I also agree to you.
We had aimed to handle *traditional* zip encryption at first.
However, we also want to handle *strong* zip encryption. (e.g. AES)
As discussion in this mail thread, I'm sure that Java developers
need this feature. So I want to move forward with this proposal.
For example, I hope that JDK supports plugins to add encryption
engines for zip archive. If JDK provides this enhancement, we are
happy because we can focus to implement the zip encryption engine
when we want another encryption algorithms.
For that reason, I would like to propose a new JEP if it is appropriate.
According to JEP 1 [1], OpenJDK committer can propose new JEP.
If so, I will make a JEP in accordance with JEP 2 [2], and will send it
to core-libs-dev for review.
(I'm OpenJDK committer (ysuenaga), so I think I can send JEP request.)
If you have better idea, I'm glad to hear your advice.
Thanks,
Yasumasa
[1] http://openjdk.java.net/jeps/1
[2] http://openjdk.java.net/jeps/2
On 2016/04/25 17:49, KUBOTA Yuji wrote:
> 2016-04-20 7:57 GMT+09:00 <mark.reinhold at oracle.com>:
>> I have to agree. I don't think it makes sense to add a known-vulnerable
>> encryption algorithm to the JDK. It might work perfectly well for one
>> use case but it will eventually be used by someone who doesn't take the
>> time to understand it, assumes that it provides strong encryption when
>> it doesn't, gets burned, and then blames Java.
>
> Yes, Mark. We never hope to make OpenJDK be blamed with our proposal.
>
> Mark, I am glad if you are interested in this proposal if using any strong
> encryption algorithm like Sherman's implementation (AES encryption).
> If so, we hope to continue discussion the better way to fill our needs
> and given comments for improving OpenJDK.
>
> Thanks,
> Yuji
>
More information about the core-libs-dev
mailing list