[9] request for review 8044445: Create PKCS12 Keystores by Default

Wang Weijun weijun.wang at oracle.com
Thu Dec 18 14:59:43 UTC 2014


> On Dec 18, 2014, at 22:12, Vincent Ryan <vincent.x.ryan at oracle.com> wrote:
> 
> Thanks for reviewing, Max.
> 
> 
> On 18 Dec 2014, at 06:52, Wang Weijun <weijun.wang at oracle.com> wrote:
> 
>> 
>>> On Dec 18, 2014, at 07:58, Vincent Ryan <vincent.x.ryan at oracle.com> wrote:
>>> 
>>> FYI I’ve updated the webrev to include the changes below:
>>>  http://cr.openjdk.java.net/~vinnie/8044445/webrev.05/
>> 
>> PKCS12KeyStore.PKCS12_HEADER_PATTERNS.
>> 
>> Is there a possibility for this?
>> 
>> 30 82 -- -- 02 01 03 30 81 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 -- 04
>> 
>> That is to say, the length of ContentInfo is only slight smaller than 128. My understanding this is more likely than existing pattern #5 and #6.
> 
> In theory it may be possible but the smallest non-empty content that I could generate was about 200 bytes.

Oh, so #2 is reserved for an empty keystore. :-)

> Do you have an example?

No. I tried to store a DES key there but see "NoSuchAlgorithmException: unrecognized algorithm name: DES". Maybe DES is obsolete? What would be the size if another tool creates a DES key? Will it be small enough?

I use keytool to -genseckey an AES key, ContentInfo has size D0. A little bigger.

> KeyStore.getInstance(file,pass,param,hasP):
>> 
>> It seems if one engineProbe() returns true but loading fails you will try the next storetype. Right? If so, dataStream.reset() should be called.
> 
> No. If loading fails then an exception is thrown - no further storetypes are checked.

I see. I thought new KeyStore(impl, (Provider)objs[1], type) could throw some exception. That's where I called "loading".

--Max

> 
> 
>> 
>> Thanks
>> Max
>> 
> 




More information about the security-dev mailing list