Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8076190

Customizing the generation of a PKCS12 keystore

    Details

      Backports

        Description

        The KeyStore.load API allows the supplied password to be null, to indicate that the keystore integrity check should be skipped. When the password is null the PKCS12 implementation returns no certificates.

        This behaviour differs from JKS where certificates can be retrieved even when a null password is supplied. We should find a way to generate a PKCS12 keystore without encrypting the certificates. Furthermore, in order to completely remove the requirement of a password (when hardcoded or well-known is a security issue), we should also make the Mac part of the PKCS12 keystore optional.

        Ultimately, all algorithms and parameters used in encrypting the keys, the certificates (or not encrypting), and calculating the Mac (or not calculating) should be customizable.

          Attachments

            Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8216232 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8257678 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • New
            blocks

            Enhancement - null JDK-8162628 The CACERTS keystore type

            • P3 - Major loss of function.
            • Open

            Enhancement - null JDK-8153005 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Resolved
            csr for

            CSR - null JDK-8202590 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Closed
            duplicates

            Enhancement - null JDK-8208176 Enhance keytool to deal with password-less pkcs12 keystores nicely

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed
            relates to

            Enhancement - null JDK-8208176 Enhance keytool to deal with password-less pkcs12 keystores nicely

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8245169 EncryptedPrivateKeyInfo incorrectly decodes KDF algorithm

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Open

            CSR - null JDK-8224891 The CACERTS keystore type

            • P3 - Major loss of function.
            • Draft

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  vinnie Vincent Ryan
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: