Details
-
Enhancement
-
Resolution: Unresolved
-
P3
-
None
-
None
-
None
Description
PBES2 (defined in PKCS #5) has parameters on its KDF and ENC algorithms along with their own parameters (salt, iteration count, IV), and these info are provided in different ways. Usually the algorithm names are expressed inside the PBES2 algorithm name itself, say, "PBEWithHmacSHA256AndAES_256", and the others come from a PBEParameterSpec.
However, we do have an algorithm name simply being "PBES2". For `AlgorithmParameters.getInstance("PBES2")`, we can only init it with params in byte array but not with any AlgorithmParameterSpec since the only one we have now -- PBEParameterSpec -- lacks the algorithm names of KDF and ENC. Also there is no way to find out the KDC and ENC names from it even after initialized with a byte array params.
We might need to consider creating a PBES2ParameterSpec, maybe with PBKDF2ParameterSpec, so that there's a way to describe all info in a single AlgorithmParameterSpec.
The same can be done for PBMAC1 which contains a KDF and a MAC.
However, we do have an algorithm name simply being "PBES2". For `AlgorithmParameters.getInstance("PBES2")`, we can only init it with params in byte array but not with any AlgorithmParameterSpec since the only one we have now -- PBEParameterSpec -- lacks the algorithm names of KDF and ENC. Also there is no way to find out the KDC and ENC names from it even after initialized with a byte array params.
We might need to consider creating a PBES2ParameterSpec, maybe with PBKDF2ParameterSpec, so that there's a way to describe all info in a single AlgorithmParameterSpec.
The same can be done for PBMAC1 which contains a KDF and a MAC.