RFR: 8288050: Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and PBES2 impls in SunJCE provider [v4]

Bernd duke at openjdk.org
Sat Dec 17 01:45:48 UTC 2022

On Wed, 14 Dec 2022 00:23:44 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> This RFE enhances existing PBE algorithms with the "SHA512/224" and "SHA512/256" support. 
>> Current transformation parsing in javax.crypto.Cipher class is re-written to handle the additional "/" in the "SHA512/224" and "SHA512/256" algorithm names. Existing tests are updated with the additional new algorithms.
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>   address review feedbacks

I checked again, it is in the Javadoc, but a bit hidden since it’s not listed near the algorithm name (in the JCE algorithm names doc).

the PBEKey limits it to single byte ASCII only: https://github.com/openjdk/jdk/blob/6dc4d891c3ad043405c65e0e0eeef28e9e5a2156/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java#L69 (which would be compat with utf8), that is indeed a good info to document that restriction as the Javadoc only says “takes low byte”.


it also mentions that the pkcs12 factory uses ucs2 (well “2 bytes”). But still would be nice to have that info in the algorithm spec doc as well.

Regarding a pkcs8 mode with utf8, what’s the easiest to propose a rfe for a non-commited?


PR: https://git.openjdk.org/jdk/pull/11339

More information about the security-dev mailing list