RFR: 8361964: Remove outdated algorithms from requirements and add PBES2 algorithms
Sean Mullan
mullan at openjdk.org
Fri Jul 18 17:01:41 UTC 2025
The Security Algorithm Implementation Requirements will be updated as follows:
The following algorithms will be removed from the list of required algorithms as they are no longer recommended, and should not be in wide usage anymore:
AlgorithmParameters: DESede
Cipher:
DESede/CBC/NoPadding
DESede/CBC/PKCS5Padding
DESede/ECB/NoPadding
DESede/ECB/PKCS5Padding
RSA/ECB/PKCS1Padding
KeyGenerator: DESede
SecretKeyFactory: DESede
The following PBES2 algorithms will be added as new requirements. These are modern password-based encryption, mac and key derivation algorithms defined in PKCS #5 version 2.1 ([RFC 8018](https://www.rfc-editor.org/rfc/rfc8018)):
AlgorithmParameters:
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA256AndAES_256
Cipher:
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA256AndAES_256
Mac:
PBEWithHmacSHA256
SecretKeyFactory:
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA256AndAES_256
PBKDF2WithHmacSHA256
-------------
Commit messages:
- Initial revision.
Changes: https://git.openjdk.org/jdk/pull/26392/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26392&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8361964
Stats: 13 lines in 5 files changed: 5 ins; 5 del; 3 mod
Patch: https://git.openjdk.org/jdk/pull/26392.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26392/head:pull/26392
PR: https://git.openjdk.org/jdk/pull/26392
More information about the security-dev
mailing list