RFR: 8286069: keytool prints out wrong key algorithm for -importpass command
Valerie Peng
valeriep at openjdk.java.net
Wed May 4 01:54:26 UTC 2022
On Tue, 3 May 2022 17:51:43 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside the SunJCE security provider, its `getAlgorithm` is always `PBEwithMD5andDES`.
>
> This code change modifies it to "PBE".
>
> Note that I haven't chosen the `-keyalg` option value here because it is actually the algorithm used to protect the PBE secret key entry. It's a cipher algorithm instead of a key algorithm.
Marked as reviewed by valeriep (Reviewer).
test/jdk/sun/security/pkcs12/ImportPassKeyAlg.java line 75:
> 73: .shouldContain("Generated PBE secret key");
> 74:
> 75: // The aid of a protected entry (at 110c010c01010c0 inside p12) is:
nit: use "algorithm id" instead.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8520
More information about the security-dev
mailing list