I think storing secret keys, and passwords, is still important. We intend to add support for SecretKeyEntry to the PKCS12 implementation but there are no plans to make changes to JCEKS.
On 1 Nov 2012, at 02:08, Weijun Wang wrote: > A little off topic: > > Do we still care about the JCEKS storetype? Maybe no one stores secret keys > in a keystore? > > Thanks > Max > > > On 11/01/2012 12:55 AM, Vincent Ryan wrote: >> >> Before considering migrating the platform default keystore format to PKCS12 >> its keystore implementation >> must at least match the functionality of JKS. >> >> I have developed a prototype of a multi-format keystore that understands >> both JKS and PKCS12 >> formats - it checks for the JKS magic number to determine the format. By >> supporting both formats, >> existing applications that access keystores using the platform default >> keystore format, continue to >> function as expected. >> >> In addition, storing trusted certs in PKCS12 is now supported. I've selected >> the X.509 >> extendedKeyUsage attribute to explicitly denote that a certificate is >> trusted - its default value is >> trusted-for-any-purpose. This well-known attribute is stored with the >> certificate in a PKCS12 >> certBag. >> >> Webrev: >> http://cr.openjdk.java.net/~vinnie/jdk8-multi/webrev/ >> >> Please send me any comments. >> Thanks. >>
