Regression bug in PKCS12 key wrapping
Anders Rundgren
anders.rundgren.net at gmail.com
Thu Nov 25 05:39:44 UTC 2021
Apparently there was a bug in BC. The GitHub issue has been updated.
Case dismissed :)
thanx,
Anders
On 2021-11-25 4:10, Wei-Jun Wang wrote:
>
>> On Nov 24, 2021, at 11:14 AM, Anders Rundgren <anders.rundgren.net at gmail.com> wrote:
>>
>> Hi List,
>>
>> Although this bug is for BC, I believe the problem is rather in JDK 17:
>> https://github.com/bcgit/bc-java/issues/823#issuecomment-977919380
>
> Can you point out which part in JDK 17 the problem is?
>
> Please note that in JDK 17 the default encryption algorithm for PKCS12 is upgraded to PBEWithHmacSHA256AndAES_256. If BC's decryption is not an exact reverse of SUN's encryption, then definitely the output will be garbage and you will not see the correct padding bytes.
>
> Thanks,
> Max
>
>>
>> Thanx,
>> Anders
>
More information about the security-dev
mailing list