Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8153005

Upgrade the default PKCS12 encryption/MAC algorithms

    XMLWordPrintable

Details

    Backports

      Description

        PKCS12 is a standard file format for storing keys and certs that is widely used by PKI applications. It has been available in the JDK for more than 15 years.

        The default PKCS12 algorithms for confidentiality and integrity currently make use of SHA-1 hashes. SHA-1 is no longer universally recommended. We should examine supporting alternative algorithms that are stronger and that make use of SHA-2 hashes.

        Interoperability concerns will also need to be examined before upgrading the default algorithms.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8258401 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8258402 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8258403 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8266271 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8267028 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Resolved
            csr for

            CSR - null JDK-8228481 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Closed
            is blocked by

            Enhancement - null JDK-8076190 Customizing the generation of a PKCS12 keystore

            • P3 - Major loss of function.
            • Resolved
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8214513 A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8202837 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

            • P3 - Major loss of function.
            • Closed

            Enhancement - null JDK-8180710 PBKDF2 SecretKeyFactory and PBES2 Cipher algorithms

            • P3 - Major loss of function.
            • Resolved

            Enhancement - null JDK-8267880 Upgrade the default PKCS12 MAC algorithm

            • P3 - Major loss of function.
            • Resolved

            Enhancement - null JDK-8006591 Protect keystore entries using stronger PBE algorithms

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8267599 Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8285827 Describe the keystore.pkcs12.legacy system property in the java.security file

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Enhancement - null JDK-8162628 The CACERTS keystore type

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8267975 Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

            • P3 - Major loss of function.
            • Resolved
            links to

            Commit Commit openjdk/jdk/f77a6585

            Review Review openjdk/jdk/473

            Activity

              People

                weijun Weijun Wang
                vinnie Vincent Ryan
                Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: