[11] RFR 8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore

Xuelei Fan xuelei.fan at oracle.com
Wed Jul 18 15:31:48 UTC 2018

Looks fine to me except a minor nit.

  282         String kdfAlgo = "HmacSHA1"; // default
I may suggest you move the declaration down to line 314.  It is clear 
about what the "default" means.


On 7/18/2018 1:57 AM, Weijun Wang wrote:
> Please take a review at
>     JBS: https://bugs.openjdk.java.net/browse/JDK-8202837
>     Fix: http://cr.openjdk.java.net/~weijun/8202837/webrev.00/
> The redundant encoding/decoding of the extra PBES2 OID is removed. The encoding/decoding of keyLength and prf in PBKDF2-params is also made optional-aware.
> In PKCS12KeyStore, the decrypting of cert is fixed. See line 404 for the correct usage when decrypting the key.
> The new test contains a hardcoded PKCS 12 file, but I've included the exact commands to create it.
> Thanks
> Max

More information about the security-dev mailing list