RFR CSR 8202590: Customizing the generation of a PKCS12 keystore
Weijun Wang
weijun.wang at oracle.com
Sat May 5 07:38:47 UTC 2018
Please take a review of
https://bugs.openjdk.java.net/browse/JDK-8202590
This enhancement has two major purposes:
1. Provide a way to change encryption and Mac algorithms used in PKCS 12.
2. The ability to create a password-less PKCS 12 keystore containing unencrypted certificates and no Mac.
Especially, the long paragraph in the spec on behavior of an existing keystore makes sure that once a password-less keystore is generated (with -Dkeystore.pkcs12.certProtectionAlgorithm=NONE and -Dkeystore.pkcs12.macAlgorithm=NONE), one can add new certificates to it without any special setting and keep it password-less.
Thanks
Max
More information about the security-dev
mailing list