On Fri, 30 Apr 2021 17:35:46 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> `PKCS12KeyStore` always uses a 20-byte salt in encryption but > PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt > used for this algorithm will be 8 bytes. > > RFC 2898 only requires the salt to be at least 8 bytes, but I don't intend to > modify the `PBES1Core.java` to accept a long salt. Otherwise, a newly > generated PKCS #12 file using a long salt will not be recognized by an old > JDK. > > Also, although `PBES1Core.java` also take cares of another algorithm named > PBEWithMD5AndDESede but it's not usable in a PKCS #12 keystore as we have > not defined its Object Identifier anywhere. This pull request has now been integrated. Changeset: 04f71126 Author: Weijun Wang <wei...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/04f71126479f9c39aa71e8aebe7196d72fc16796 Stats: 18 lines in 2 files changed: 15 ins; 0 del; 3 mod 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long" Reviewed-by: valeriep ------------- PR: https://git.openjdk.java.net/jdk/pull/3822