JCEKS Keystore problem

Brendan McKenna Brendan.Mckenna at mdscem.com
Wed Jan 17 12:26:04 UTC 2018


Hi,

                My apologies if this isn't the correct place to send this email.

                We're using OpenJDK and a part of our application makes use of JCEKS keystores.  When moving from Java 1.8.0_141 to Java 1.8.0_151, however, we are no longer able to open keystores written using earlier versions of the JVM.  We now get a SecurityException with the message "Invalid secret key format", which appears to be coming from the com.sun.crypto.provider.JceKeyStore class, line 856, in response to receiving an InvalidClassException.  The keystores are still usable, so long as we avoid moving to _151, however.   Although I'm not certain, it appears that the DeserializationChecker that was added in _151 is triggering this issue.

                My question though is, is there a work-around for this, or do we have to re-create our keystores using _151?


                Thanks,

                                Brendan


Brendan McKenna | Product Technology Manager MDS
m +353 (0) 61 207423 | e brendan.mckenna at mdscem.com<mailto:brendan.mckenna at mdscem.com> w mdscem.com | follow us on Twitter @MDSglobal

*******************************************************
MDS is a leading provider of convergent real-time charging, billing and customer management solutions for digital service providers. Our solutions support millions of subscribers, with customers including BT, Dixons Carphone, eir, TalkTalk and Telefónica UK.

This email has been sent from Martin Dawes Systems Limited trading as MDS, a registered company incorporated in England and Wales with registered number 02263085 . The registered office is The Point, 410 Birchwood Boulevard, Warrington, Cheshire WA3 7WD. MDS may monitor email traffic data and also the content of email for the purposes of security, ensure compliance with company policies and staff training.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20180117/ec281c6c/attachment.html>


More information about the security-dev mailing list