On Thu, 6 May 2021 14:25:13 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> `PKCS12KeyStore` always uses a 20-byte salt in encryption but >> PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt >> used for this algorithm will be 8 bytes. >> >> RFC 2898 only requires the salt to be at least 8 bytes, but I don't intend >> to modify the `PBES1Core.java` to accept a long salt. Otherwise, a newly >> generated PKCS #12 file using a long salt will not be recognized by an old >> JDK. >> >> Also, although `PBES1Core.java` also take cares of another algorithm named >> PBEWithMD5AndDESede but it's not usable in a PKCS #12 keystore as we have >> not defined its Object Identifier anywhere. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > better comment Changes look good. ------------- Marked as reviewed by valeriep (Reviewer). PR: https://git.openjdk.java.net/jdk/pull/3822
