A little off topic:
Do we still care about the JCEKS storetype? Maybe no one stores secret
keys in a keystore?
Thanks
Max
On 11/01/2012 12:55 AM, Vincent Ryan wrote:
Before considering migrating the platform default keystore format to PKCS12 its
keystore implementation
must at least match the functionality of JKS.
I have developed a prototype of a multi-format keystore that understands both
JKS and PKCS12
formats - it checks for the JKS magic number to determine the format. By
supporting both formats,
existing applications that access keystores using the platform default keystore
format, continue to
function as expected.
In addition, storing trusted certs in PKCS12 is now supported. I've selected
the X.509
extendedKeyUsage attribute to explicitly denote that a certificate is trusted -
its default value is
trusted-for-any-purpose. This well-known attribute is stored with the
certificate in a PKCS12
certBag.
Webrev:
http://cr.openjdk.java.net/~vinnie/jdk8-multi/webrev/
Please send me any comments.
Thanks.
