On Wed, 9 Jul 2025 05:42:52 GMT, Valerie Peng <[email protected]> wrote:
>> Mark Powers has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> default salt length and one other comment from Weijun
>
> src/java.base/share/classes/javax/crypto/spec/PBMAC1ParameterSpec.java line
> 41:
>
>> 39: * @since 26
>> 40: */
>> 41: public class PBMAC1ParameterSpec implements AlgorithmParameterSpec {
>
> PKCS#12 states that other KDF may be used, e.g. Scrypt. The current API seems
> to be hardcoded to PBKDF2, e.g. salt, iteration count, keyLength, prf, etc.
> Have you considered separating it out? I know that encapsulating all these
> different possibilities can be complicated. If this class doesn't have to be
> under javax.crypto,spec, then we can change it as we see fit. Otherwise, we
> will need spending more time designing the API...
This was considered, but it was finally decided deliver a minimally compliant
implementation, e.g. a PBKDF2 supporting only HmacSHA256 and HmacSHA512.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2370299664
