My main reason for suggesting this is that the all but one of the algorithm suites defined in PKCS12 are either deprecated or prohibited by NIST guidance. The undeprecated suite appears to be the default one used by the java implementation. It would be nice to have a choice.
See below. At 12:51 PM 10/1/2012, Vincent Ryan wrote: >Hello Mike, > >The new PBE algorithms in JEP-121, such as PBEWithHmacSHA256AndAES_128, could >certainly be used >for PKCS12 keystores within Java environments - the problem is maintaining >interoperability with existing >crypto toolkits and web browsers. Yup - but someone has to be first.... :-) Mike >Is there any interest among those on this list in promoting wider support for >these PBE algorithms? > >Thanks. > > >On 1 Oct 2012, at 17:06, Michael StJohns wrote: > >> At 08:27 PM 9/28/2012, mark.reinh...@oracle.com wrote: >>> Posted: http://openjdk.java.net/jeps/166 >>> >>> - Mark >> >> This seems at least partially related to JEP 121 and maybe even dependent on >> it. Might be useful to have a cross reference. Also, probably useful to >> decide/state a new default PKCS12 algorithm? E.g. maybe >> PBEwithSHA256andAES-128? >> >> Mike >> >>
