-
Bug
-
Resolution: Unresolved
-
P3
-
21
-
Cause Known
There is an inconsistency between SunJCE and SunPKCS11 on "PBEWith***" SecretKeyFactory. SunJCE simply generates a secret key with the password encoded in bytes (and let the cipher do the key derivation later) but SunPKCS11 derives the key in the factory.
For example, the "PBEWithHmacSHA1AndAES_256" factory generates different keys from `new PBEKeySpec("12345".toCharArray(), new byte[8], 100)`:
PBEWithHmacSHA1AndAES_256 RAW 31:32:33:34:35
PBEWithHmacSHA1AndAES_256 RAW 75:38:b0:e2:b2:93:0b:36:2a:bf:2a:d8:3a:e0:34:85:c5:9e:41:06:7c:36:d2:b1:ce:e1:8b:9a:c1:3c:62:fa
Note that the generated keys have the same algorithm and format, only the bytes are different.
On the other hand, for "PBKDF2***" factories, both generate derived keys.
For example, the "PBEWithHmacSHA1AndAES_256" factory generates different keys from `new PBEKeySpec("12345".toCharArray(), new byte[8], 100)`:
PBEWithHmacSHA1AndAES_256 RAW 31:32:33:34:35
PBEWithHmacSHA1AndAES_256 RAW 75:38:b0:e2:b2:93:0b:36:2a:bf:2a:d8:3a:e0:34:85:c5:9e:41:06:7c:36:d2:b1:ce:e1:8b:9a:c1:3c:62:fa
Note that the generated keys have the same algorithm and format, only the bytes are different.
On the other hand, for "PBKDF2***" factories, both generate derived keys.
- caused by
-
JDK-8301553 Support Password-Based Cryptography in SunPKCS11
-
- Resolved
-
- csr for
-
JDK-8352294 SunJCE and SunPKCS11 have different PBE key encodings
-
- Finalized
-
- relates to
-
-
- Open
-
- links to
-
Review(master)
openjdk/jdk/24068