-
Bug
-
Resolution: Duplicate
-
P4
-
8, 11, 14, 15
ADDITIONAL SYSTEM INFORMATION :
Tested with OpenJDK 14.0.1 as provided from Oracle and also openJDK 11 and 1.8.0 from the Fedora Repositories
A DESCRIPTION OF THE PROBLEM :
When a Hmac key is loaded from a PKCS12 keystore, its Algorithm Name (Key#getAlgorithm) doesn't conform to Standard Algorithm Names as described in https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a HmacSha512 Key, store to pkcs12 keystore, load from keystore.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The key loaded from the keystore should have standard algorithm name, as descibed in https://docs.oracle.com/javase/8/docs/api/java/security/Key.html#getAlgorithm--
ACTUAL -
The key loaded from the keystore has the algorithm name '1.2.840.113549.2.11' - which is not listed in https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html
---------- BEGIN SOURCE ----------
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
public class Main {
public static void main(String[] args) throws Exception {
KeyStore pkcs12 = KeyStore.getInstance("pkcs12");
pkcs12.load(null, "keystorepassword".toCharArray());
Key generatedKey = new SecretKeySpec(new byte[512], "HmacSha512");
System.out.println(generatedKey.getAlgorithm());
pkcs12.setKeyEntry("testkey", generatedKey, "keypassword".toCharArray(), new Certificate[0]);
Key keyFromKeystore = pkcs12.getKey("testkey", "keypassword".toCharArray());
System.out.println(keyFromKeystore.getAlgorithm());
assert generatedKey.getAlgorithm().equalsIgnoreCase(keyFromKeystore.getAlgorithm());
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
After loading the key, one could probably "recreate" it as
new SecretKeySpec(keyFromKeystore.getEncoded, "HmacSha512");
FREQUENCY : always
Tested with OpenJDK 14.0.1 as provided from Oracle and also openJDK 11 and 1.8.0 from the Fedora Repositories
A DESCRIPTION OF THE PROBLEM :
When a Hmac key is loaded from a PKCS12 keystore, its Algorithm Name (Key#getAlgorithm) doesn't conform to Standard Algorithm Names as described in https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a HmacSha512 Key, store to pkcs12 keystore, load from keystore.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The key loaded from the keystore should have standard algorithm name, as descibed in https://docs.oracle.com/javase/8/docs/api/java/security/Key.html#getAlgorithm--
ACTUAL -
The key loaded from the keystore has the algorithm name '1.2.840.113549.2.11' - which is not listed in https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html
---------- BEGIN SOURCE ----------
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
public class Main {
public static void main(String[] args) throws Exception {
KeyStore pkcs12 = KeyStore.getInstance("pkcs12");
pkcs12.load(null, "keystorepassword".toCharArray());
Key generatedKey = new SecretKeySpec(new byte[512], "HmacSha512");
System.out.println(generatedKey.getAlgorithm());
pkcs12.setKeyEntry("testkey", generatedKey, "keypassword".toCharArray(), new Certificate[0]);
Key keyFromKeystore = pkcs12.getKey("testkey", "keypassword".toCharArray());
System.out.println(keyFromKeystore.getAlgorithm());
assert generatedKey.getAlgorithm().equalsIgnoreCase(keyFromKeystore.getAlgorithm());
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
After loading the key, one could probably "recreate" it as
new SecretKeySpec(keyFromKeystore.getEncoded, "HmacSha512");
FREQUENCY : always
- duplicates
-
JDK-8242151 Improve OID mapping and reuse among JDK security providers for aliases registration
-
- Resolved
-