[JDK-8153005] Upgrade the default PKCS12 encryption/MAC algorithms - Java Bug System

Details

Type: Enhancement
Status: Resolved
Priority: P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 16
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b23

Description

PKCS12 is a standard file format for storing keys and certs that is widely used by PKI applications. It has been available in the JDK for more than 15 years.

The default PKCS12 algorithms for confidentiality and integrity currently make use of SHA-1 hashes. SHA-1 is no longer universally recommended. We should examine supporting alternative algorithms that are stronger and that make use of SHA-2 hashes.

Interoperability concerns will also need to be examined before upgrading the default algorithms.

Attachments

Issue Links

csr for

JDK-8228481 Upgrade the default PKCS12 encryption/MAC algorithms

Closed

is blocked by

JDK-8076190 Customizing the generation of a PKCS12 keystore

Resolved

relates to

JDK-8214513 A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11

Closed

JDK-8202837 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

Closed

JDK-8180710 PBKDF2 SecretKeyFactory and PBES2 Cipher algorithms

Resolved

JDK-8006591 Protect keystore entries using stronger PBE algorithms

Closed

JDK-8162628 The CACERTS keystore type

Open

links to

Commit openjdk/jdk/f77a6585

Review openjdk/jdk/473

(2 relates to, 2 links to)

Options

Sub-Tasks

1.	Release Note: Upgrade the default PKCS12 encryption/MAC algorithms		Resolved	Weijun Wang
2.	Add a micro benchmark for JDK-8153005		Resolved	Weijun Wang

Activity

People

Assignee:

Weijun Wang

Reporter:

Vincent Ryan

Votes:

0 Vote for this issue

Watchers:

6 Start watching this issue

Dates

Created:

2016-03-29 08:54

Updated:

2020-11-04 20:32

Resolved:

2020-10-30 06:24