RFR: 8007632: DES/3DES keys support in PKCS12 keystore

Alexey Bakhtin abakhtin at openjdk.java.net
Tue Oct 27 12:35:25 UTC 2020


Hi All,

DES and DESede keys are supported by JKS/JCEKS but not supported by PKCS#12 keystores.
This issue prevents the migration of legacy applications to PKCS#12 keystore. For example, an application has some old 3DES keys that are required for certain legacy features. Java PKCS12 keystore does not support DES/3DES keys, thus, application can’t migrate to PKCS#12
This patch adds OIDs for the DES/DESede algorithms. It is the only changes required to support DES/3DES keys in the PKCS#12 keystore.
sun/security/pkcs12/P12SecretKey test is updated to verify new secret keys in the PKCS#12 keystore.

-------------

Commit messages:
 - 8007632: DES/3DES keys support in PKCS12 keystore

Changes: https://git.openjdk.java.net/jdk/pull/877/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=877&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8007632
  Stats: 16 lines in 2 files changed: 6 ins; 1 del; 9 mod
  Patch: https://git.openjdk.java.net/jdk/pull/877.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/877/head:pull/877

PR: https://git.openjdk.java.net/jdk/pull/877



More information about the security-dev mailing list