Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8286907

keytool should warn about weak PBE algorithms

    XMLWordPrintable

Details

    Description

      The keytool -importpass command stores a passphrase as a PBEKey. As keytool only can see it is a PBEKey, and its getAlgorithm() always returns “PBEwithMD5andDES”, keytool has no information to determine if this secret key entry is protected by a weak algorithm.
      This is filed to explore if changes may be made so keytool could warn about PBE algorithms.

      The keytool -genseckey has the same problem. For example, keytool -genseckey -keyalg PBEWithMD5AndDES -keystore keystore -alias pbe

      Attachments

        Issue Links

          Activity

            People

              hchao Haimay Chao
              hchao Haimay Chao
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: