JDK-8182879: Add warnings to keytool when using JKS and JCEKS
Sean Mullan
sean.mullan at oracle.com
Fri Jul 14 15:25:03 UTC 2017
On 7/14/17 11:12 AM, Weijun Wang wrote:
>
>> On Jul 14, 2017, at 7:00 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> I think we should add a Release Note to 8182879 indicating that keytool now emits a warning for JKS/JCEKS keystores.
>>
>
> https://bugs.openjdk.java.net/browse/JDK-8184671 filed. Please take a review.
>
> "When keytool is operating on a JKS or JCEKS keystore
It doesn't show the warning if it only contains trusted certificate
entries, right?
I wonder if you should be more specific, ex - "on a JKS or JCEKS
keystore containing private or secret key entries". But that might
reveal too much.
Maybe just change "will" to "may" below.
--Sean
, a warning will be shown that the keystore uses a proprietary format
and migrating to PKCS12 is suggested. The keytool's -importkeystore
command is also updated so that it can convert a keystore from one type
to another if the source and destination point to the same file.”
>
> Thanks
> Max
>
More information about the security-dev
mailing list