RFR: 8007632: DES/3DES keys support in PKCS12 keystore
Alexey Bakhtin
abakhtin at openjdk.java.net
Tue Oct 27 14:47:25 UTC 2020
On Tue, 27 Oct 2020 14:19:00 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hi All,
>>
>> DES and DESede keys are supported by JKS/JCEKS but not supported by PKCS#12 keystores.
>> This issue prevents the migration of legacy applications to PKCS#12 keystore. For example, an application has some old 3DES keys that are required for certain legacy features. Java PKCS12 keystore does not support DES/3DES keys, thus, application can’t migrate to PKCS#12
>> This patch adds OIDs for the DES/DESede algorithms. It is the only changes required to support DES/3DES keys in the PKCS#12 keystore.
>> sun/security/pkcs12/P12SecretKey test is updated to verify new secret keys in the PKCS#12 keystore.
>
> src/java.base/share/classes/sun/security/util/KnownOIDs.java line 355:
>
>> 353: // OIW secsig 1.3.14.3.*
>> 354: OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC"),
>> 355: OIW_DES_ECB("1.3.14.3.2.6", "DES/ECB", "DES"),
>
> What OID are other vendors using?
At least BouncyCastle uses the same OIDs: http://javadox.com/org.bouncycastle/bcprov-jdk15on/1.51/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.html
-------------
PR: https://git.openjdk.java.net/jdk/pull/877
More information about the security-dev
mailing list