On Jan 19, 2013, at 20:24, Vincent Ryan <vincent.x.r...@oracle.com> wrote:
> > On 19/01/2013 09:43, Weijun Wang wrote: >> Also, although we haven't standardized the keystore types, there is >> still a possibility that different providers using the same storetype >> name. How can we ensure everyone honoring the security property? >> > > If another JCE provider uses the same keystore type name for their > implementation as an existing keystore type name then the same default > entry protection algorithm would apply to both. I don't think that's > a problem. > > If it became an issue then we could consider making the security > property multi-valued and rely on ordering to distinguish been keystore > implementations that employ the same keystore type. > > >> Max >> >> On Jan 19, 2013, at 17:28, Weijun Wang <weijun.w...@oracle.com >> <mailto:weijun.w...@oracle.com>> wrote: >> >>> >>> >>> + /** >>> + * Gets the name of the protection algorithm. >>> + * If none was set then the default algorithm name is returned. >>> + * The default algorithm name for a given keystore type is set >>> using the >>> + * {@code 'keystore.<type>.entryProtectionAlgorithm'} Security >>> property. >>> + * For example, the >>> + * {@code keystore.PKCS12.entryProtectionAlgorithm} property >>> stores the >>> + * name of the default entry protection algorithm used for PKCS12 >>> + * keystores. >>> + * >>> I didn't see the security property used in the pkcs12 codes. >>> > > Right. I need to update the keystore code to support that. And probably also the description and example line to java.security file. Max > Thanks. > > >>> -Max >>> On Jan 19, 2013, at 3:53, Vincent Ryan <vincent.x.r...@oracle.com >>> <mailto:vincent.x.r...@oracle.com>> wrote: >>> >>>> Hello, >>>> >>>> Please review the fix for 8006591. It introduces a mechanism to enable >>>> stronger PBE algorithms to be specified when encrypting a keystore entry. >>>> This allows developers to make use of the new PBE algorithms delivered in >>>> JEP-121. Note however that PKCS12 is currently the only keystore that >>>> supports this new feature. >>>> >>>> It is a component of the JEP-166 delivery. >>>> >>>> Webrev: http://cr.openjdk.java.net/~vinnie/8006591/webrev.00/ >>>> >>>> Thanks. >
