RFR: 8361964: Remove outdated algorithms from requirements and add PBES2 algorithms

Sean Mullan Fri, 18 Jul 2025 10:05:11 -0700

The Security Algorithm Implementation Requirements will be updated as follows:


The following algorithms will be removed from the list of required algorithms 
as they are no longer recommended, and should not be in wide usage anymore:

    AlgorithmParameters: DESede
    Cipher:
        DESede/CBC/NoPadding
        DESede/CBC/PKCS5Padding
        DESede/ECB/NoPadding
        DESede/ECB/PKCS5Padding
        RSA/ECB/PKCS1Padding
    KeyGenerator: DESede
    SecretKeyFactory: DESede

The following PBES2 algorithms will be added as new requirements. These are 
modern password-based encryption, mac and key derivation algorithms defined in 
PKCS #5 version 2.1 ([RFC 8018](https://www.rfc-editor.org/rfc/rfc8018)):

    AlgorithmParameters:
        PBEWithHmacSHA256AndAES_128
        PBEWithHmacSHA256AndAES_256
    Cipher:
        PBEWithHmacSHA256AndAES_128
        PBEWithHmacSHA256AndAES_256
    Mac:
        PBEWithHmacSHA256
    SecretKeyFactory:
        PBEWithHmacSHA256AndAES_128
        PBEWithHmacSHA256AndAES_256
        PBKDF2WithHmacSHA256

-------------

Commit messages:
 - Initial revision.

Changes: https://git.openjdk.org/jdk/pull/26392/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26392&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8361964
  Stats: 13 lines in 5 files changed: 5 ins; 5 del; 3 mod
  Patch: https://git.openjdk.org/jdk/pull/26392.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/26392/head:pull/26392

PR: https://git.openjdk.org/jdk/pull/26392

RFR: 8361964: Remove outdated algorithms from requirements and add PBES2 algorithms

Reply via email to