> As part of [https://bugs.openjdk.org/browse/JDK-8301553](JDK-8301553), > SunPKCS11 provider added support for PBE SecretKeyFactories for > `HmacPBESHAxxx` and `PBEWithHmacSHAxxxAndAES_yyy`. These impls produce keys > whose encoding contains the PBKDF2 derived bytes. Given that SunJCE provider > have supported `PBEWithHmacSHAxxxAndAES_yyy` SecretKeyFactories whose key > encoding is the password bytes for long time. Such difference may be very > confusing, e.g. using the same KeySpec and same-name SecretKeyFactory (from > different providers), the resulting keys have same algorithm and format but > different encodings. > > Given that the `P11Mac` and `P11PBECipher` classes already do key derivation > internally, these PKCS11 SecretKeyFactories aren't a must-have and are > proposed to be removed. I've also aligned the com.sun.crypto.provider.PBEKey > class with com.sun.crypto.provider.PPBKDF2KeyImpl class to switch to "UTF-8" > when converting the char[] to byte[]. This is to accomodate unicode passwords > and given that "UTF-8" encoding is same for ASCII characters, this change > should not affect backward compatibility.
Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: Address review comments from Weijun. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/24068/files - new: https://git.openjdk.org/jdk/pull/24068/files/5c73f744..8217e728 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=24068&range=06 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=24068&range=05-06 Stats: 1 line in 1 file changed: 0 ins; 1 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/24068.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/24068/head:pull/24068 PR: https://git.openjdk.org/jdk/pull/24068
