RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v3]
Mark Powers
mpowers at openjdk.org
Thu Oct 2 18:09:11 UTC 2025
On Wed, 17 Sep 2025 14:39:24 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> a few more comments
>
> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1509:
>
>> 1507:
>> 1508: var skf = SecretKeyFactory.getInstance(kdfHmac.equals("HmacSHA512") ?
>> 1509: "PBKDF2WithHmacSHA512" : "PBKDF2WithHmacSHA256");
>
> Why is PBKDF2 used for non-PBMAC1 algorithms as well?
Changed to `SecretKeyFactory.getInstance("PBE")` for non-PBMAC1 algorithms.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2399649266
More information about the security-dev
mailing list