RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v3]
Mark Powers
mpowers at openjdk.org
Sun Sep 21 21:43:20 UTC 2025
On Wed, 17 Sep 2025 14:38:52 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> a few more comments
>
> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1495:
>
>> 1493: } else if (defaultMacAlgorithm().equals("PBEWithHmacSHA256")) {
>> 1494: kdfHmac = "HmacSHA256";
>> 1495: } else {
>
> Why don't we support `PBEWithHmacSHA384` etc?
SHA256 is the minimum required by RFC 9879 so that's the goal for this integration.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2366405150
More information about the security-dev
mailing list