Case-sensitive Keystore for PKCS#12
Ravi Patel8
Ravi.Patel8 at ibm.com
Wed Jul 13 11:38:18 UTC 2022
We have a customer who is having a security requirement. He wants to know, Is it possible to have case-sensitive support for PKCS#12? We referred the RFCs for PKCS#12. We found that PKCS#12 uses a case in-sensitive alias and the alias Name is mapped with friendlyName attribute, which is specified as "caseIgnoreMatch" as below.
friendlyName ATTRIBUTE ::= {
WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName))
EQUALITY MATCHING RULE caseIgnoreMatch
SINGLE VALUE TRUE
ID pkcs-9-at-friendlyName
}
The RFCs can be found here:
https://datatracker.ietf.org/doc/html/rfc7292
https://datatracker.ietf.org/doc/html/rfc2985#page-19
The JKS key store(case in-sensitive alias) has a special version (CaseExactJKS) that uses case sensitive aliases.
So similarly, Will it be acceptable to have a case sensitive version of PKCS#12 as CaseExactPKCS12 which will use case sensitive aliases?
More information about the security-dev
mailing list