On Tue, 27 Oct 2020 17:46:35 GMT, Alexey Bakhtin <abakh...@openjdk.org> wrote:
>> Hi All, >> >> DES and DESede keys are supported by JKS/JCEKS but not supported by PKCS#12 >> keystores. >> This issue prevents the migration of legacy applications to PKCS#12 >> keystore. For example, an application has some old 3DES keys that are >> required for certain legacy features. Java PKCS12 keystore does not support >> DES/3DES keys, thus, application can’t migrate to PKCS#12 >> This patch adds OIDs for the DES/DESede algorithms. It is the only changes >> required to support DES/3DES keys in the PKCS#12 keystore. >> sun/security/pkcs12/P12SecretKey test is updated to verify new secret keys >> in the PKCS#12 keystore. > > Alexey Bakhtin has updated the pull request incrementally with one additional > commit since the last revision: > > DES oid is 1.3.14.3.2.7 src/java.base/share/classes/sun/security/util/KnownOIDs.java line 356: > 354: OIW_DES_CBC("1.3.14.3.2.7", "DES/CBC", "DES"), > 355: > 356: DESede("1.3.14.3.2.17", "DESede"), Please move this below before SHA-1. The items are ordered by the OIDs (within each section group). ------------- PR: https://git.openjdk.java.net/jdk/pull/877