RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
Weijun Wang
weijun at openjdk.java.net
Fri Apr 30 17:43:16 UTC 2021
`PKCS12KeyStore` always uses a 20-byte salt in encryption but PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt used for this algorithm will be 8 bytes.
RFC 2898 only requires the salt to be at least 8 bytes, but I don't intend to modify the `PBES1Core.java` to accept a long salt. Otherwise, a newly generated PKCS #12 file using a long salt will not be recognized by an old JDK.
Also, although `PBES1Core.java` also take cares of another algorithm named PBEWithMD5AndDESede but it's not usable in a PKCS #12 keystore as we have not defined its Object Identifier anywhere.
-------------
Commit messages:
- 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
Changes: https://git.openjdk.java.net/jdk/pull/3822/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=3822&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8266293
Stats: 18 lines in 2 files changed: 15 ins; 0 del; 3 mod
Patch: https://git.openjdk.java.net/jdk/pull/3822.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/3822/head:pull/3822
PR: https://git.openjdk.java.net/jdk/pull/3822
More information about the security-dev
mailing list