Regression bug in PKCS12 key wrapping
Wei-Jun Wang
weijun.wang at oracle.com
Thu Nov 25 03:10:13 UTC 2021
> On Nov 24, 2021, at 11:14 AM, Anders Rundgren <anders.rundgren.net at gmail.com> wrote:
>
> Hi List,
>
> Although this bug is for BC, I believe the problem is rather in JDK 17:
> https://github.com/bcgit/bc-java/issues/823#issuecomment-977919380
Can you point out which part in JDK 17 the problem is?
Please note that in JDK 17 the default encryption algorithm for PKCS12 is upgraded to PBEWithHmacSHA256AndAES_256. If BC's decryption is not an exact reverse of SUN's encryption, then definitely the output will be garbage and you will not see the correct padding bytes.
Thanks,
Max
>
> Thanx,
> Anders
More information about the security-dev
mailing list