[jdk21u-dev] RFR: 8354469: Keytool exposes the password in plain text when command is piped using | grep
Goetz Lindenmaier
goetz at openjdk.org
Mon Feb 23 11:23:28 UTC 2026
On Thu, 19 Feb 2026 14:15:30 GMT, Ralf Schmelter <rschmelter at openjdk.org> wrote:
>> Edit of src/java.base/share/classes/sun/security/util/resources/security.properties
>> applied to sun/security/util/Resources.java as
>> "8345940: Migrate security-related resources from Java classes to properties files" not in 21.
>>
>>
>> test/jdk/sun/security/util/Resources/Usages.java
>> Trivial resolve as "8338411: Implement JEP 486: Permanently Disable the Security Manager" is not in 21.
>>
>> The new test jdk/sun/security/tools/keytool/EchoPassword.java fails for passwords with non-ascii characters.
>> I think this is because many changes to pass the encoding around are missin in 21, especially https://bugs.openjdk.org/browse/JDK-8330276: Console methods with explicit Locale. Removed the part of the test using non-ascii.
>
> Regarding the manual EchoPassword test, you could check for the readPassword() method taking a locale in Console and if not found don't include the instructions for the last two tests (if any poor soul really does them manually).
Hi @schmelter-sap
I checked anyways: if I backport [JDK-8330276](https://bugs.openjdk.org/browse/JDK-8330276) "Console methods with explicit Locale" and [8348732](https://bugs.openjdk.org/browse/JDK-8348732) "SunJCE and SunPKCS11 have different PBE key encodings" the non-ascii parts of the test work.
-------------
PR Comment: https://git.openjdk.org/jdk21u-dev/pull/2617#issuecomment-3944177588
More information about the jdk-updates-dev
mailing list