RFR: 8343232: PKCS#12 KeyStore support for RFC 9579: Use of Password-Based Message Authentication Code 1 (PBMAC1)

Sean Mullan mullan at openjdk.org
Fri Sep 5 13:11:12 UTC 2025


On Thu, 3 Apr 2025 22:58:39 GMT, Mark Powers <mpowers at openjdk.org> wrote:

> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)

src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java line 544:

> 542:                 "com.sun.crypto.provider.PBES2Parameters$HmacSHA512_256AndAES_256");
> 543: 
> 544:         psA("AlgorithmParameters", "PBMAC1",

Why do we need to expose this as a standard `AlgorithmParameters` algorithm as part of this change? Maybe this would be useful later, but I don't think it is needed as this enhancement is just for internal use in PKCS12 KeyStore.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2325052115


More information about the security-dev mailing list