[JDK-8153005] Upgrade the default PKCS12 encryption/MAC algorithms - Java Bug System

Details

Type: Enhancement
Status: Open
Priority: P3
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: tbd
Component/s: security-libs
Labels:

Subcomponent:
java.security

Description

PKCS12 is a standard file format for storing keys and certs that is widely used by PKI applications. It has been available in the JDK for more than 15 years.

The default PKCS12 algorithms for confidentiality and integrity currently make use of SHA-1 hashes. SHA-1 is no longer universally recommended. We should examine supporting alternative algorithms that are stronger and that make use of SHA-2 hashes.

Interoperability concerns will also need to be examined before upgrading the default algorithms.

Attachments

Issue Links

csr for

JDK-8228481 Upgrade the default PKCS12 encryption/MAC algorithms

Provisional

is blocked by

JDK-8076190 Customizing the generation of a PKCS12 keystore

Resolved

relates to

JDK-8214513 A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11

Closed

JDK-8202837 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

Closed

JDK-8180710 PBKDF2 SecretKeyFactory and PBES2 Cipher algorithms

Resolved

JDK-8006591 Protect keystore entries using stronger PBE algorithms

Closed

JDK-8162628 The CACERTS keystore type

Open

(2 relates to)

Options

Sub-Tasks

Release Note: Upgrade the default PKCS12 encryption/MAC algorithms

New

Weijun Wang

Activity

People

Assignee:

Weijun Wang

Reporter:

Vincent Ryan

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

2016-03-29 08:54

Updated:

2020-05-24 20:54