RFR: 8007632: DES/3DES keys support in PKCS12 keystore
Alexey Bakhtin
abakhtin at openjdk.java.net
Tue Oct 27 16:56:26 UTC 2020
On Tue, 27 Oct 2020 16:12:14 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> At least BouncyCastle uses the same OIDs: http://javadox.com/org.bouncycastle/bcprov-jdk15on/1.51/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.html
>
> Yes I can see the OIDs. I was just wondering if other vendors are also using the OID for DES/ECB when storing a DES key. After all, this is only a key and it can can be used with all Cipher modes.
Verified with BC: BouncyCastle uses DES/CBC OID for DES secret key in PKCS#12.
So, the patch for "DES" can be simplified to
- OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC"),
+ OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC", "DES"),
-------------
PR: https://git.openjdk.java.net/jdk/pull/877
More information about the security-dev
mailing list