[11] RFR 8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore

Weijun Wang weijun.wang at oracle.com
Wed Jul 18 08:57:34 UTC 2018

Please take a review at

   JBS: https://bugs.openjdk.java.net/browse/JDK-8202837
   Fix: http://cr.openjdk.java.net/~weijun/8202837/webrev.00/

The redundant encoding/decoding of the extra PBES2 OID is removed. The encoding/decoding of keyLength and prf in PBKDF2-params is also made optional-aware.

In PKCS12KeyStore, the decrypting of cert is fixed. See line 404 for the correct usage when decrypting the key.

The new test contains a hardcoded PKCS 12 file, but I've included the exact commands to create it.


More information about the security-dev mailing list