Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8233405

System property to set the number of PBE iterations in JCEKS keystores

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P4
    • Resolution: Approved
    • Fix Version/s: 14
    • Component/s: security-libs
    • Labels:
      None
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Compatibility Risk Description:
      The compatibility risk is minimal because the default value (when the new system/security property is not set) remains the same than before (200000).
    • Interface Kind:
      System or security property
    • Scope:
      JDK

      Description

      Summary

      A new system and security property (jdk.jceks.iterationCount) is introduced to set the number of password-based encryption (PBE) iterations in JCEKS keystores.

      Problem

      The number of PBE iterations in JCEKS keystores is currently fixed to 200000 and there is not enough flexibility for the user to set a different value.

      Solution

      Provide more flexibility to the user by allowing the number of PBE iterations for JCEKS keystores to be set through a system or a security property (jdk.jceks.iterationCount).

      Specification

      The system and security property name is jdk.jceks.iterationCount.

      Values in the range 10000 to 5000000 are considered valid. If the value is out of this range, or is not a number, or is unspecified; a default value of 200000 is used. The default value corresponds to the fixed value previous to this enhancement, preserving backward compatibility and minimizing the risk associated to this change.

      Property documentation will be available in java.security file.

      Note: PKCS12 keystores are recommended for new implementations, instead of JCEKS keytores. The intention of this change is supporting existing use-cases until migration.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mbalao Martin Balao
                Reporter:
                mbalao Martin Balao
                Reviewed By:
                Weijun Wang
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: