RFR: 8343232: PKCS#12 KeyStore support for RFC 9579: Use of Password-Based Message Authentication Code 1 (PBMAC1)

Valerie Peng valeriep at openjdk.org
Tue Sep 2 22:03:43 UTC 2025


On Thu, 3 Apr 2025 22:58:39 GMT, Mark Powers <mpowers at openjdk.org> wrote:

> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)

src/java.base/share/classes/com/sun/crypto/provider/PBMAC1Parameters.java line 156:

> 154:         DerValue kdf = pBMAC1_params.data.getDerValue();
> 155:         var kdfParams = new PBKDF2Parameters();
> 156:         String kdfAlgo = kdfParams.init(kdf);

Hmm, it's somewhat obscure to return the prf algorithm as the result of `PBKDF2Parameters.init(...) `call.
Is there a reason for a separate `init(...)` call? How about just `PBKDF2Parameters(kdf)` and retrieve the `prfAlgo` (instead of  the "kdfAlgo" name) separately just like `salt`, `iCount` and `keyLength`?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2317262720


More information about the security-dev mailing list