Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7181214

Need specify SKF translateKey(SecurityKey) method requires instance of PBEKey for PBKDF2 algorithms

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Fixed
    • P4
    • 20
    • 8
    • security-libs
    • None
    • b25
    • generic
    • generic

    Description

      javax.crypto.SecretKeyFactory.translateKey(SecretKey key) translates a key object, whose provider may be unknown or potentially untrusted, into a corresponding key object of this secret-key factory.
      During test enhancements for JEP 121 (see CR 7181001) I've encountered with situation that PBKDF2 algorithms has some restriction of using this method.
      For PBE algorithms like pbeWithMD5ANDdes or PBEWithSHA1AndRC2_128 it is possible to use as a key some class that implements SecurityKey interface. So, it is enough to implement getAlgorithm, getEncoded, getFormat methods.
      For PBKDF2 algorithms like PBKDF2WithHmacSHA1 it doesn't work. The implementation of PBKDF2HmacSHA1Factory requires the key should be an instance of com.sun.crypto.provider.PBKDF2KeyImpl or implements PBEKey interface. In other case the method throws InvalidKeyException like below:

      java.security.InvalidKeyException: Invalid key format/algorithm
      Test FAILED. Unexpected Exception: java.security.InvalidKeyException: Invalid key format/algorithm
          at com.sun.crypto.provider.PBKDF2Core.engineTranslateKey(PBKDF2Core.java:150)
          at javax.crypto.SecretKeyFactory.translateKey(SecretKeyFactory.java:409)

      See the attached test case.
      Well PBEKey extends SecretKey. So, formally there is no spec violation. But there is difference in requirements of using the translateKey() method for PBKDF2 algorithms and that PBE algorithms whose key factory is based on PBEKeyFactory.
      I guess this specificity should be reflected in the JDK spec or in the exception message thrown by translateKey() method. Something like
      "java.security.InvalidKeyException: instance of PBEKey is required"

      Attachments

        Issue Links

          Activity

            People

              valeriep Valerie Peng
              afomin Alexander Fomin (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: