Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8153005

Upgrade the default PKCS12 encryption/MAC algorithms

    Details

      Backports

        Description

        PKCS12 is a standard file format for storing keys and certs that is widely used by PKI applications. It has been available in the JDK for more than 15 years.

        The default PKCS12 algorithms for confidentiality and integrity currently make use of SHA-1 hashes. SHA-1 is no longer universally recommended. We should examine supporting alternative algorithms that are stronger and that make use of SHA-2 hashes.

        Interoperability concerns will also need to be examined before upgrading the default algorithms.

          Attachments

            Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8258401 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Open

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8258402 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Open

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8258403 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Open
            csr for

            CSR - null JDK-8228481 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Closed
            is blocked by

            Enhancement - null JDK-8076190 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Resolved
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8214513 A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8202837 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

            • P3 - Major loss of function.
            • Closed

            Enhancement - null JDK-8180710 PBKDF2 SecretKeyFactory and PBES2 Cipher algorithms

            • P3 - Major loss of function.
            • Resolved

            Enhancement - null JDK-8006591 Protect keystore entries using stronger PBE algorithms

            • P3 - Major loss of function.
            • Closed

            Enhancement - null JDK-8162628 The CACERTS keystore type

            • P3 - Major loss of function.
            • Open
            links to

            Commit Commit openjdk/jdk/f77a6585

            Review Review openjdk/jdk/473

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  vinnie Vincent Ryan
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: