subject:"RFR\: 8007632\: DES\/3DES keys support in PKCS12 keystore \[v2\]"

Re: RFR: 8007632: DES/3DES keys support in PKCS12 keystore [v2]

2020-10-27 Thread Weijun Wang

On Tue, 27 Oct 2020 17:46:35 GMT, Alexey Bakhtin  wrote:

>> Hi All,
>> 
>> DES and DESede keys are supported by JKS/JCEKS but not supported by PKCS#12 
>> keystores.
>> This issue prevents the migration of legacy applications to PKCS#12 
>> keystore. For example, an application has some old 3DES keys that are 
>> required for certain legacy features. Java PKCS12 keystore does not support 
>> DES/3DES keys, thus, application can’t migrate to PKCS#12
>> This patch adds OIDs for the DES/DESede algorithms. It is the only changes 
>> required to support DES/3DES keys in the PKCS#12 keystore.
>> sun/security/pkcs12/P12SecretKey test is updated to verify new secret keys 
>> in the PKCS#12 keystore.
>
> Alexey Bakhtin has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   DES oid is 1.3.14.3.2.7

src/java.base/share/classes/sun/security/util/KnownOIDs.java line 356:

> 354: OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC", "DES"),
> 355: 
> 356: DESede("1.3.14.3.2.17", "DESede"),

Please move this below before SHA-1. The items are ordered by the OIDs (within 
each section group).

-

PR: https://git.openjdk.java.net/jdk/pull/877

Re: RFR: 8007632: DES/3DES keys support in PKCS12 keystore [v2]

2020-10-27 Thread Alexey Bakhtin

> Hi All,
> 
> DES and DESede keys are supported by JKS/JCEKS but not supported by PKCS#12 
> keystores.
> This issue prevents the migration of legacy applications to PKCS#12 keystore. 
> For example, an application has some old 3DES keys that are required for 
> certain legacy features. Java PKCS12 keystore does not support DES/3DES keys, 
> thus, application can’t migrate to PKCS#12
> This patch adds OIDs for the DES/DESede algorithms. It is the only changes 
> required to support DES/3DES keys in the PKCS#12 keystore.
> sun/security/pkcs12/P12SecretKey test is updated to verify new secret keys in 
> the PKCS#12 keystore.

Alexey Bakhtin has updated the pull request incrementally with one additional 
commit since the last revision:

  DES oid is 1.3.14.3.2.7

-

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/877/files
  - new: https://git.openjdk.java.net/jdk/pull/877/files/09354ca6..94423b3d

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=877&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=877&range=00-01

  Stats: 2 lines in 1 file changed: 0 ins; 1 del; 1 mod
  Patch: https://git.openjdk.java.net/jdk/pull/877.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/877/head:pull/877

PR: https://git.openjdk.java.net/jdk/pull/877

Re: RFR: 8007632: DES/3DES keys support in PKCS12 keystore [v2]

Re: RFR: 8007632: DES/3DES keys support in PKCS12 keystore [v2]

2 matches

Site Navigation

Mail list logo

Footer information