RFR: 8286069: keytool prints out wrong key algorithm for -importpass command
Weijun Wang
weijun at openjdk.java.net
Wed May 4 01:59:34 UTC 2022
On Wed, 4 May 2022 01:50:34 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Since `keytool -importpass` always uses `KeyFactory.getInstance("PBE")` to generate the secret key, and "PBE" is an alias of "PBEwithMD5andDES" inside the SunJCE security provider, its `getAlgorithm` is always `PBEwithMD5andDES`.
>>
>> This code change modifies it to "PBE".
>>
>> Note that I haven't chosen the `-keyalg` option value here because it is actually the algorithm used to protect the PBE secret key entry. It's a cipher algorithm instead of a key algorithm.
>
> test/jdk/sun/security/pkcs12/ImportPassKeyAlg.java line 75:
>
>> 73: .shouldContain("Generated PBE secret key");
>> 74:
>> 75: // The aid of a protected entry (at 110c010c01010c0 inside p12) is:
>
> nit: use "algorithm id" instead.
No problem.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8520
More information about the security-dev
mailing list