AW: [11u] RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"

[11u] RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long" Hi, JDK-8266293 is backported to 11.0.12-oracle. The included test shows that the fix is required in 11u. Bug: https://bugs.openjdk.java.ne

RE: [11u] RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"

Hi Martin, This looks good to me. The adaption makes sense. Best regards, Goetz. From: security-dev On Behalf Of Doerr, Martin Sent: Dienstag, 18. Mai 2021 17:03 To: jdk-updates-...@openjdk.java.net; security-dev Subject: [11u] RFR: 8266293: Key protection using PBEWithMD5AndDES fails

[11u] RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"

Hi, JDK-8266293 is backported to 11.0.12-oracle. The included test shows that the fix is required in 11u. Bug: https://bugs.openjdk.java.net/browse/JDK-8266293 Original change: https://git.openjdk.java.net/jdk/commit/04f71126479f9c39aa71e8aebe7196d72fc16796 It applies almost cleanly. Only the

Re: RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long" [v2]

On Thu, 6 May 2021 14:25:13 GMT, Weijun Wang wrote: >> `PKCS12KeyStore` always uses a 20-byte salt in encryption but >> PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt >> used for this algorithm will be 8 bytes. >> >> RFC 2898 only requires the salt to be at least 8

Re: RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long" [v2]

On Thu, 6 May 2021 01:23:40 GMT, Valerie Peng wrote: >> Weijun Wang has updated the pull request incrementally with one additional >> commit since the last revision: >> >> better comment > > src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 811: > >> 809:

Re: RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long" [v2]

> `PKCS12KeyStore` always uses a 20-byte salt in encryption but > PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt > used for this algorithm will be 8 bytes. > > RFC 2898 only requires the salt to be at least 8 bytes, but I don't intend to > modify the

Re: RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"

On Fri, 30 Apr 2021 17:35:46 GMT, Weijun Wang wrote: > `PKCS12KeyStore` always uses a 20-byte salt in encryption but > PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt > used for this algorithm will be 8 bytes. > > RFC 2898 only requires the salt to be at least 8

Re: RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"

On Fri, 30 Apr 2021 17:35:46 GMT, Weijun Wang wrote: > `PKCS12KeyStore` always uses a 20-byte salt in encryption but > PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt > used for this algorithm will be 8 bytes. > > RFC 2898 only requires the salt to be at least 8

RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"

`PKCS12KeyStore` always uses a 20-byte salt in encryption but PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt used for this algorithm will be 8 bytes. RFC 2898 only requires the salt to be at least 8 bytes, but I don't intend to modify the `PBES1Core.java` to accept