RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v3]
Mark Powers
mpowers at openjdk.org
Thu Oct 2 19:24:51 UTC 2025
On Thu, 2 Oct 2025 18:05:24 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1509:
>>
>>> 1507:
>>> 1508: var skf = SecretKeyFactory.getInstance(kdfHmac.equals("HmacSHA512") ?
>>> 1509: "PBKDF2WithHmacSHA512" : "PBKDF2WithHmacSHA256");
>>
>> Why is PBKDF2 used for non-PBMAC1 algorithms as well?
>
> Changed to `SecretKeyFactory.getInstance("PBE")` for non-PBMAC1 algorithms.
I'm now using `SecretKeyFactory.getInstance("PBE")` for non-PBMAC1 algorithms. This code has now been moved into MacData.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2399850353
More information about the security-dev
mailing list