-
Type:
Sub-task
-
Resolution: Unresolved
-
Priority:
P2
-
None
-
Affects Version/s: 26
-
Component/s: security-libs
Support is added for PBMAC1 protection of PKCS12 keystores. This is a new standard defined in RFC 9879. Keystores are currently protected by the original integrity protection algorithm defined when the PKCS12 keystore was first introduced (1990s).
This original integrity protection algorithm should be updated to support PBMAC1 to align with RFC 9879.
The value of the "keystore.pkcs12.macAlgorithm" property in the java.security file can now take the form of `PBEWith<mac>` to enable PBMAC1 protection.
The same mac will be used by PBMAC1 to compute both prf and hmac.
This original integrity protection algorithm should be updated to support PBMAC1 to align with RFC 9879.
The value of the "keystore.pkcs12.macAlgorithm" property in the java.security file can now take the form of `PBEWith<mac>` to enable PBMAC1 protection.
The same mac will be used by PBMAC1 to compute both prf and hmac.