On Mon, 22 Sep 2025 13:24:12 GMT, Weijun Wang <[email protected]> wrote:
>> Are you suggesting to always generate a 20 byte salt? >> >> Can you provide a line number for your first comment about breaking up >> "PBEWithHmacSHA256"? >> This string is read from the property file and has nothing to do with any >> DER encoded values read from the keystore input stream. > > Yes, I think always generating a 20 byte salt is not a problem. > > For the name break up, I see that `macAlgorithm` can sometimes be > `defaultMacAlgorithm()` which is the full "PBEWithHmacSHA256" (line 1250) and > sometimes being "PBMAC1" only (line 2203) with `pbmac1Hmac` serving as the > additional info. I suggest always using the full name. I see it now. Fixed. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2369221962
