Case-sensitive Keystore for PKCS#12

Ravi Patel8 Ravi.Patel8 at ibm.com
Wed Jul 13 11:38:18 UTC 2022


We have a customer who is having a security requirement. He wants to know, Is it possible to have case-sensitive support for PKCS#12? We referred the RFCs for PKCS#12. We found that PKCS#12 uses a case in-sensitive alias and the alias Name is mapped with friendlyName attribute, which is specified as  "caseIgnoreMatch" as below.

friendlyName ATTRIBUTE ::= {
           WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName))
           EQUALITY MATCHING RULE caseIgnoreMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-friendlyName
   }

The RFCs can be found here:
https://datatracker.ietf.org/doc/html/rfc7292
https://datatracker.ietf.org/doc/html/rfc2985#page-19

The JKS key store(case in-sensitive alias)  has a special version (CaseExactJKS) that uses case sensitive aliases.
So similarly, Will it be acceptable to have a case sensitive version of PKCS#12 as CaseExactPKCS12 which will use case sensitive aliases?


More information about the security-dev mailing list