Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8348732

SunJCE and SunPKCS11 have different PBE key encodings

XMLWordPrintable

        There is an inconsistency between SunJCE and SunPKCS11 on "PBEWith***" SecretKeyFactory. SunJCE simply generates a secret key with the password encoded in bytes (and let the cipher do the key derivation later) but SunPKCS11 derives the key in the factory.

        For example, the "PBEWithHmacSHA1AndAES_256" factory generates different keys from `new PBEKeySpec("12345".toCharArray(), new byte[8], 100)`:

        PBEWithHmacSHA1AndAES_256 RAW 31:32:33:34:35
        PBEWithHmacSHA1AndAES_256 RAW 75:38:b0:e2:b2:93:0b:36:2a:bf:2a:d8:3a:e0:34:85:c5:9e:41:06:7c:36:d2:b1:ce:e1:8b:9a:c1:3c:62:fa

        Note that the generated keys have the same algorithm and format, only the bytes are different.

        On the other hand, for "PBKDF2***" factories, both generate derived keys.

          1.
          		 Release Note: Removal of SunPKCS11 Provider's PBE-related SecretKeyFactory Implementations Sub-task Resolved Valerie Peng  
          2.
          		 Update JDK Providers Doc and PKCS11 Reference Guide for JDK-8348732 Sub-task Resolved Raymond Gallardo  
          3.
          		 Release Note: SunJCE Provider's PBE-related SecretKeyFactory Implementations Enhanced with Unicode Support Sub-task Resolved Valerie Peng  

              valeriep Valerie Peng
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: