We have a long-standing requirement to improve, or migrate from, the default JKS keystore format.
JEP-166[1] plans to address this requirement by delivering the functionality necessary to transition to using PKCS#12 as the default keystore format. I'd like to solicit comments from the community on this issue. Both the old and new keystore formats must be supported in a compatible way for existing applications. As a first step I intend to modify the JKS and PKCS12 implementation classes to support both formats (by switching on the JKS magic number). Further steps will include enhancing the PKCS12 implementation to add support for storing secret keys (and passwords) and trusted certificates. In addition, the new PBE algorithms delivered by JEP-121[2,3] can also be employed for improved security. Although we are already at Milestone 5 I would like to examine two further areas as part of this JEP: permission-based access controls and virtual keystore views. Comments are welcome. Thanks. ____ [1] http://openjdk.java.net/jeps/166 [2] http://openjdk.java.net/jeps/121 [3] http://cr.openjdk.java.net/~vinnie/6383200/webrev.04/
