RFR: 8007632: DES/3DES keys support in PKCS12 keystore
Weijun Wang
weijun at openjdk.java.net
Tue Oct 27 17:33:18 UTC 2020
On Tue, 27 Oct 2020 16:52:03 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
>> Yes I can see the OIDs. I was just wondering if other vendors are also using the OID for DES/ECB when storing a DES key. After all, this is only a key and it can can be used with all Cipher modes.
>
> Verified with BC: BouncyCastle uses DES/CBC OID for DES secret key in PKCS#12.
> So, the patch for "DES" can be simplified to
> - OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC"),
> + OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC", "DES"),
Good. I also just noticed that the BC provider uses 1.3.14.3.2.7 as alias for KeyGenerator.DES.
-------------
PR: https://git.openjdk.java.net/jdk/pull/877
More information about the security-dev
mailing list