On Thu, 1 Oct 2020 20:02:34 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> Default algorithms are bumped to be based on PBES2 with AES-256 and SHA-256. > Please also review the CSR at > https://bugs.openjdk.java.net/browse/JDK-8228481. Looks good. Only minor comments. src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 103: > 101: = "PBEWithHmacSHA256AndAES_256"; > 102: private static final String DEFAULT_MAC_ALGORITHM = "HmacPBESHA256"; > 103: private static final int DEFAULT_PBE_ITERATION_COUNT = 50000; As we have keystore.pkcs12.certPbeIterationCount and keystore.pkcs12.keyPbeIterationCount, I would like to suggest that we can define DEFAULT_CERT_PBE_ITERATION_COUNT and DEFAULT_KEY_PBE_ITERATION_COUNT, specifying each of the values for finer granularity. Same for LEGACY_PBE_ITERATION_COUNT. test/jdk/sun/security/mscapi/VeryLongAlias.java line 48: > 46: > 47: static String alias = String.format("%0512d", new > Random().nextInt(100000)); > 48: Add bug number to @bug. ------------- PR: https://git.openjdk.java.net/jdk/pull/473
