-
Bug
-
Resolution: Fixed
-
P3
-
7u311, 8u301, 11.0.12-oracle, 17
-
b22
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8266921 | 11.0.13-oracle | Prasadarao Koppula | P3 | Resolved | Fixed | b01 |
JDK-8269328 | 11.0.12.0.1-oracle | Prasadarao Koppula | P3 | Resolved | Fixed | b01 |
JDK-8267034 | 11.0.12-oracle | Prasadarao Koppula | P3 | Resolved | Fixed | b04 |
JDK-8267453 | 11.0.12 | Weijun Wang | P3 | Resolved | Fixed | b04 |
JDK-8266926 | 8u311 | Prasadarao Koppula | P3 | Resolved | Fixed | b01 |
JDK-8266986 | 8u301 | Prasadarao Koppula | P3 | Resolved | Fixed | b05 |
JDK-8266928 | 7u321 | Prasadarao Koppula | P3 | Resolved | Fixed | b01 |
JDK-8266980 | 7u311 | Prasadarao Koppula | P3 | Resolved | Fixed | b05 |
java -Dkeystore.pkcs12.keyProtectionAlgorithm=PBEWithMD5AndDES PKCS12Tester
---------------------------------------------
Exception in thread "main" java.security.KeyStoreException: Key protection algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: Salt must be 8 bytes long
at java.base/sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:709)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:589)
at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1167)
at PKCS12Tester.main(PKCS12Tester.java:81)
Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: Salt must be 8 bytes long
at java.base/sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:951)
at java.base/sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:631)
... 4 more
Caused by: java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long
at java.base/com.sun.crypto.provider.PBES1Core.init(PBES1Core.java:241)
at java.base/com.sun.crypto.provider.PBES1Core.init(PBES1Core.java:347)
at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:227)
at java.base/javax.crypto.Cipher.implInit(Cipher.java:875)
at java.base/javax.crypto.Cipher.chooseProvider(Cipher.java:929)
at java.base/javax.crypto.Cipher.init(Cipher.java:1585)
at java.base/javax.crypto.Cipher.init(Cipher.java:1516)
at java.base/sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:931)
... 5 more
-----------------------------------------------
In comparison, openssl seems to have no issues with the same algorithm:
$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
$ openssl pkcs12 -export -in rsa.cert.pem -inkey rsa.pkey.pem -name a -passout pass:hello -keypbe PBE-MD5-DES >/dev/null && echo $?
0
I went through the PKCS12KeyStore implementation, and have included at the end of the same attached program, what I think is taking place in the implementation, reaching at the exception.
- backported by
-
JDK-8266921 Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
-
- Resolved
-
-
JDK-8266926 Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
-
- Resolved
-
-
JDK-8266928 Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
-
- Resolved
-
-
JDK-8266980 Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
-
- Resolved
-
-
JDK-8266986 Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
-
- Resolved
-
-
JDK-8267034 Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
-
- Resolved
-
-
JDK-8267453 Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
-
- Resolved
-
-
JDK-8269328 Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
-
- Resolved
-
- relates to
-
JDK-8076190 Customizing the generation of a PKCS12 keystore
-
- Resolved
-