Is Entry.Attribute meant to be encrypted for a PrivateKeyEntry?
Sean Mullan
sean.mullan at oracle.com
Mon Jun 3 14:18:23 UTC 2019
On 6/2/19 10:28 PM, Weijun Wang wrote:
> I am playing with KeyStore.Entry.Attribute and found out it's only retrievable with Entry::getAttributes. This means for a PrivateKeyEntry that is protected with a password, you will have to provide that password to get the entry first to get the attributes.
>
> Is this by design? So there is no way to add public attributes to these entries? If I read PKCS12 correctly, the attributes is out of the bag value. Therefore even if I cannot decrypt a pkcs8ShroudedKeyBag, the attributes are still visible.
>
> Or am I missing something?
Probably not. Maybe we need something like a
KeyStore.getAttributes(String alias) method?
--Sean
More information about the security-dev
mailing list