Please review the following enhancement to improve keystore security by creating PKCS12 keystores by default. Previously, JKS keystores were created by default. PKCS12 has the advantage of supporting stronger crypto and hashing algorithms. It is also an open, extensible format and supports associating arbitrary attributes with keystore entries.
Webrev: http://cr.openjdk.java.net/~vinnie/8044445/webrev.00/ Bug: https://bugs.openjdk.java.net/browse/JDK-8044445 To assist with compatibility across JDK releases, both JKS and PKCS12 keystore implementations have been extended to support both file formats. Applications that access keystores created by earlier releases should require no code changes. This changeset also includes a new convenience method for instantiating a file-based keystore: KeyStore.getInstance - it takes a File argument. The specified file is probed by each supported keystore implementation to determine its keystore type. KeyStoreSpi has been enhanced with a boolean engineProbe method to perform the actual probing. Finally, to improve performance, the PKCS12 keystore implementation has been moved from the SunJSSE provider to the SUN provider (as it appears earlier in the default list of installed JCE providers).
