Hi Rajini, On Mon, Mar 21, 2022 at 10:02 AM Rajini Sivaram <rajinisiva...@gmail.com> wrote:
> For the background on the current implementation: We use Java's keystore > loading for JKS/PKCS12 keystore files and these files require passwords. We > In Java 18: "Passwordless keystores (a keystore with no password required to unlock it) are useful when the keystore is stored in a secure location and is only intended to store non-sensitive information, such as public X.509 certificates. With a passwordless PKCS12 keystore, certificates are not encrypted and there is no Mac applied as an integrity check is not necessary. Prior to this change, creating a passwordless PKCS12 keystore was difficult, and required setting various security properties. Now, a passwordless PKCS12 keystore can be created by simply specifying a null password to the KeyStore::store(outStream, password) API. The keystore can then be loaded with a null (or any) password with the KeyStore::load() API. Issue: JDK-8231107" https://seanjmullan.org/blog/2022/03/23/jdk18 Ismael
