On Thu, 3 Apr 2025 22:58:39 GMT, Mark Powers <[email protected]> wrote:
> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232) src/java.base/share/classes/com/sun/crypto/provider/PBMAC1Core.java line 169: > 167: keyLength = 256; > 168: } > 169: /* commented out code ... src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1489: > 1487: final MacData macData; > 1488: > 1489: if (macAlgorithm.equals("PBMAC1")) { The PBMAC1 algorithms are already defined in the standard algorithm names spec, see https://download.java.net/java/early_access/jdk25/docs/specs/security/standard-names.html#mac-algorithms The default value of the `keystore.pkcs12.macAlgorithm` security property in the `java.security`file should be changed to "PBEWithHmacSHA256" as part of this change. So you don't need to check if the algorithm is "PBMAC1", just use the algorithm that the property is set to. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2324870945 PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2324918183
