RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v10]
Mark Powers
mpowers at openjdk.org
Wed Oct 22 16:45:58 UTC 2025
On Mon, 6 Oct 2025 19:56:01 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/pkcs12/MacData.java line 322:
>>
>>> 320: * ASN.1 encoding.
>>> 321: */
>>> 322: public byte[] getEncoded() throws NoSuchAlgorithmException, IOException {
>>
>> Since you have moved the decoding of PBKDF2-Params into its own class, are you going to move the encoding there as well? Ideally, a `PBKDF2Parameters` object can be either created using a `DerValue` or its components (salt, ic, keyLen), and then it has a `getEncoded()` method.
>>
>> Same with the new `PBMAC1Parameters` class.
>
> Yes, I have the same comment.
The `PBKDF2Parameters` object does both decoding and encoding now. Same for `PBMAC1Parameters`. The only thing that's slightly odd (or maybe not), is there is no constructor from components. The `encode` method combines "construct with components" with encoding. This was suggested in a comment.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2452701486
More information about the security-dev
mailing list