On Tue, 27 Oct 2020 12:27:52 GMT, Alexey Bakhtin <abakh...@openjdk.org> wrote:
> Hi All,
>
> DES and DESede keys are supported by JKS/JCEKS but not supported by PKCS#12
> keystores.
> This issue prevents the migration of legacy applications to PKCS#12 keystore.
> For example, an application has some old 3DES keys that are required for
> certain legacy features. Java PKCS12 keystore does not support DES/3DES keys,
> thus, application can’t migrate to PKCS#12
> This patch adds OIDs for the DES/DESede algorithms. It is the only changes
> required to support DES/3DES keys in the PKCS#12 keystore.
> sun/security/pkcs12/P12SecretKey test is updated to verify new secret keys in
> the PKCS#12 keystore.
src/java.base/share/classes/sun/security/util/KnownOIDs.java line 355:
> 353: // OIW secsig 1.3.14.3.*
> 354: OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC"),
> 355: OIW_DES_ECB("1.3.14.3.2.6", "DES/ECB", "DES"),
What OID are other vendors using?
-------------
PR: https://git.openjdk.java.net/jdk/pull/877
