Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8076190

Customizing the generation of a PKCS12 keystore

    XMLWordPrintable

Details

    Backports

      Description

        The KeyStore.load API allows the supplied password to be null, to indicate that the keystore integrity check should be skipped. When the password is null the PKCS12 implementation returns no certificates.

        This behaviour differs from JKS where certificates can be retrieved even when a null password is supplied. We should find a way to generate a PKCS12 keystore without encrypting the certificates. Furthermore, in order to completely remove the requirement of a password (when hardcoded or well-known is a security issue), we should also make the Mac part of the PKCS12 keystore optional.

        Ultimately, all algorithms and parameters used in encrypting the keys, the certificates (or not encrypting), and calculating the Mac (or not calculating) should be customizable.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8216232 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8257678 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8264690 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8264691 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8265752 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8266277 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8266526 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Resolved
            blocks

            Enhancement - null JDK-8153005 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Resolved

            Enhancement - null JDK-8162628 The CACERTS keystore type

            • P3 - Major loss of function.
            • Resolved
            csr for

            CSR - null JDK-8202590 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Closed
            duplicates

            Bug - A problem which impairs or prevents the functions of the product. JDK-8245169 EncryptedPrivateKeyInfo incorrectly decodes KDF algorithm

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed

            Enhancement - null JDK-8208176 Enhance keytool to deal with password-less pkcs12 keystores nicely

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8266400 importkeystore fails to a password less pkcs12 keystore

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8266182 Automate manual steps listed in the test jdk/sun/security/pkcs12/ParamsTest.java

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Enhancement - null JDK-8208176 Enhance keytool to deal with password-less pkcs12 keystores nicely

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8266293 Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8245169 EncryptedPrivateKeyInfo incorrectly decodes KDF algorithm

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed

            Enhancement - null JDK-8267880 Upgrade the default PKCS12 MAC algorithm

            • P3 - Major loss of function.
            • Resolved

            CSR - null JDK-8224891 The CACERTS keystore type

            • P3 - Major loss of function.
            • Closed
            links to

            Commit Commit openjdk/jdk8u-dev/94cb2ef9

            Review Review openjdk/jdk8u-dev/12

            Activity

              People

                weijun Weijun Wang
                vinnie Vincent Ryan
                Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: