-
Enhancement
-
Resolution: Unresolved
-
P2
-
None
-
None
-
Cause Known
There is a new stronger MAC algorithm for PKCS#12 defined in RFC 9579: https://www.rfc-editor.org/rfc/rfc9579.html. We should add support for it to our PKCS#12 KeyStore implementation.
There is also an Internet Draft that is close to finished that will obsolete it. It is actually just some DER encoding format changes to an RFC that was already published:
https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc9579bis/
Quoting from that draft:
9. Changes since RFC 9579
This document changes the specified format of password passed to the
key derivation function. Previously it was a BMPString, now it's
declared as a UTF8String. It should be noted that the test vectors
attached to [RFC9579] use UTF8String encoding. This resolves
[Err7974].
There is also an Internet Draft that is close to finished that will obsolete it. It is actually just some DER encoding format changes to an RFC that was already published:
https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc9579bis/
Quoting from that draft:
9. Changes since RFC 9579
This document changes the specified format of password passed to the
key derivation function. Previously it was a BMPString, now it's
declared as a UTF8String. It should be noted that the test vectors
attached to [RFC9579] use UTF8String encoding. This resolves
[Err7974].
- relates to
-
-
- Resolved
-
- links to
-
Review(master)
openjdk/jdk/24429