Is Entry.Attribute meant to be encrypted for a PrivateKeyEntry?
Weijun Wang
weijun.wang at oracle.com
Mon Jun 3 14:49:10 UTC 2019
I just filed https://bugs.openjdk.java.net/browse/JDK-8225181.
Thanks,
Max
> On Jun 3, 2019, at 10:18 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> On 6/2/19 10:28 PM, Weijun Wang wrote:
>> I am playing with KeyStore.Entry.Attribute and found out it's only retrievable with Entry::getAttributes. This means for a PrivateKeyEntry that is protected with a password, you will have to provide that password to get the entry first to get the attributes.
>> Is this by design? So there is no way to add public attributes to these entries? If I read PKCS12 correctly, the attributes is out of the bag value. Therefore even if I cannot decrypt a pkcs8ShroudedKeyBag, the attributes are still visible.
>> Or am I missing something?
>
> Probably not. Maybe we need something like a KeyStore.getAttributes(String alias) method?
>
> --Sean
More information about the security-dev
mailing list