> `PKCS12KeyStore` always uses a 20-byte salt in encryption but 
> PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt 
> used for this algorithm will be 8 bytes.
> 
> RFC 2898 only requires the salt to be at least 8 bytes, but I don't intend to 
> modify the `PBES1Core.java` to accept a long salt. Otherwise, a newly 
> generated PKCS #⁠12 file using a long salt will not be recognized by an old 
> JDK.
> 
> Also, although `PBES1Core.java` also take cares of another algorithm named 
> PBEWithMD5AndDESede but it's not usable in a PKCS #⁠12 keystore as we have 
> not defined its Object Identifier anywhere.

Weijun Wang has updated the pull request incrementally with one additional 
commit since the last revision:

  better comment

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/3822/files
  - new: https://git.openjdk.java.net/jdk/pull/3822/files/6726d0be..df1ab373

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=3822&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=3822&range=00-01

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.java.net/jdk/pull/3822.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/3822/head:pull/3822

PR: https://git.openjdk.java.net/jdk/pull/3822

Reply via email to