On 19/01/2013 09:43, Weijun Wang wrote:
Also, although we haven't standardized the keystore types, there is
still a possibility that different providers using the same storetype
name. How can we ensure everyone honoring the security property?
If another JCE provider uses the same keystore type name for their
implementation as an existing keystore type name then the same default
entry protection algorithm would apply to both. I don't think that's
a problem.
If it became an issue then we could consider making the security
property multi-valued and rely on ordering to distinguish been keystore
implementations that employ the same keystore type.
Max
On Jan 19, 2013, at 17:28, Weijun Wang <weijun.w...@oracle.com
<mailto:weijun.w...@oracle.com>> wrote:
+ /**
+ * Gets the name of the protection algorithm.
+ * If none was set then the default algorithm name is returned.
+ * The default algorithm name for a given keystore type is set using
the
+ * {@code 'keystore.<type>.entryProtectionAlgorithm'} Security
property.
+ * For example, the
+ * {@code keystore.PKCS12.entryProtectionAlgorithm} property stores the
+ * name of the default entry protection algorithm used for PKCS12
+ * keystores.
+ *
I didn't see the security property used in the pkcs12 codes.
Right. I need to update the keystore code to support that.
Thanks.
-Max
On Jan 19, 2013, at 3:53, Vincent Ryan <vincent.x.r...@oracle.com
<mailto:vincent.x.r...@oracle.com>> wrote:
Hello,
Please review the fix for 8006591. It introduces a mechanism to enable
stronger PBE algorithms to be specified when encrypting a keystore entry.
This allows developers to make use of the new PBE algorithms delivered in
JEP-121. Note however that PKCS12 is currently the only keystore that
supports this new feature.
It is a component of the JEP-166 delivery.
Webrev: http://cr.openjdk.java.net/~vinnie/8006591/webrev.00/
Thanks.
