Please take a review of https://bugs.openjdk.java.net/browse/JDK-8202590
This enhancement has two major purposes: 1. Provide a way to change encryption and Mac algorithms used in PKCS 12. 2. The ability to create a password-less PKCS 12 keystore containing unencrypted certificates and no Mac. Especially, the long paragraph in the spec on behavior of an existing keystore makes sure that once a password-less keystore is generated (with -Dkeystore.pkcs12.certProtectionAlgorithm=NONE and -Dkeystore.pkcs12.macAlgorithm=NONE), one can add new certificates to it without any special setting and keep it password-less. Thanks Max
