[8] Code review request for 8006591: Protect keystore entries using stronger PBE algorithms

Weijun Wang weijun.wang at oracle.com
Sat Jan 19 09:28:16 UTC 2013



+        /**
+         * Gets the name of the protection algorithm.
+         * If none was set then the default algorithm name is returned.
+         * The default algorithm name for a given keystore type is set using the
+         * {@code 'keystore.<type>.entryProtectionAlgorithm'} Security property.
+         * For example, the
+         * {@code keystore.PKCS12.entryProtectionAlgorithm} property stores the
+         * name of the default entry protection algorithm used for PKCS12
+         * keystores.
+         *
I didn't see the security property used in the pkcs12 codes.

-Max
On Jan 19, 2013, at 3:53, Vincent Ryan <vincent.x.ryan at oracle.com> wrote:

> Hello,
> 
> Please review the fix for 8006591. It introduces a mechanism to enable
> stronger PBE algorithms to be specified when encrypting a keystore entry.
> This allows developers to make use of the new PBE algorithms delivered in
> JEP-121. Note however that PKCS12 is currently the only keystore that
> supports this new feature.
> 
> It is a component of the JEP-166 delivery.
> 
> Webrev: http://cr.openjdk.java.net/~vinnie/8006591/webrev.00/
> 
> Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20130119/d03d101e/attachment.htm>


More information about the security-dev mailing list