RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v8]
Sean Mullan
mullan at openjdk.org
Wed Sep 24 19:31:20 UTC 2025
On Wed, 24 Sep 2025 02:57:12 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)
>
> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>
> fix behavior with keytool
src/java.base/share/classes/sun/security/pkcs12/MacData.java line 94:
> 92: pbeSpec =
> 93: this.digestAlgorithmParams.getParameterSpec(
> 94: PBEParameterSpec.class);
I think you may already be working on this, so mainly registering this as a comment. This code should be replaced with an internal method that calls `AlgorithmId.getEncodedParams()` and decodes the parameters, reusing much of the code you have already written in `PBMAC1Parameters.engineInit()`. This will avoid having to create an `AlgorithmParameters` implementation as part of this feature, which isn't strictly needed. We can consider adding that on a follow-on Enhancement.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2376844304
More information about the security-dev
mailing list