[9] request for review 8044445: Create PKCS12 Keystores by Default
Wang Weijun
weijun.wang at oracle.com
Thu Dec 18 14:59:43 UTC 2014
> On Dec 18, 2014, at 22:12, Vincent Ryan <vincent.x.ryan at oracle.com> wrote:
>
> Thanks for reviewing, Max.
>
>
> On 18 Dec 2014, at 06:52, Wang Weijun <weijun.wang at oracle.com> wrote:
>
>>
>>> On Dec 18, 2014, at 07:58, Vincent Ryan <vincent.x.ryan at oracle.com> wrote:
>>>
>>> FYI I’ve updated the webrev to include the changes below:
>>> http://cr.openjdk.java.net/~vinnie/8044445/webrev.05/
>>
>> PKCS12KeyStore.PKCS12_HEADER_PATTERNS.
>>
>> Is there a possibility for this?
>>
>> 30 82 -- -- 02 01 03 30 81 -- 06 09 2A 86 48 86 F7 0D 01 07 01 A0 -- 04
>>
>> That is to say, the length of ContentInfo is only slight smaller than 128. My understanding this is more likely than existing pattern #5 and #6.
>
> In theory it may be possible but the smallest non-empty content that I could generate was about 200 bytes.
Oh, so #2 is reserved for an empty keystore. :-)
> Do you have an example?
No. I tried to store a DES key there but see "NoSuchAlgorithmException: unrecognized algorithm name: DES". Maybe DES is obsolete? What would be the size if another tool creates a DES key? Will it be small enough?
I use keytool to -genseckey an AES key, ContentInfo has size D0. A little bigger.
> KeyStore.getInstance(file,pass,param,hasP):
>>
>> It seems if one engineProbe() returns true but loading fails you will try the next storetype. Right? If so, dataStream.reset() should be called.
>
> No. If loading fails then an exception is thrown - no further storetypes are checked.
I see. I thought new KeyStore(impl, (Provider)objs[1], type) could throw some exception. That's where I called "loading".
--Max
>
>
>>
>> Thanks
>> Max
>>
>
More information about the security-dev
mailing list