Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v9]

2022-05-04 Thread Hai-May Chao
On Thu, 28 Apr 2022 13:47:05 GMT, Sean Mullan wrote: >> Changes requested by mullan (Reviewer). > >> @seanjmullan Since we use symmetric keys to encrypt entries and add >> integrity check, should this enhancement cover them as well? For example, if >> a PKCS12 keystore is created with `-J-Dkeys

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v9]

2022-05-04 Thread Weijun Wang
On Wed, 4 May 2022 20:16:12 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored in

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v9]

2022-05-04 Thread Sean Mullan
On Wed, 4 May 2022 20:16:12 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored in

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v5]

2022-05-04 Thread Hai-May Chao
On Tue, 3 May 2022 14:54:21 GMT, Hai-May Chao wrote: >> src/java.base/share/classes/sun/security/tools/keytool/Main.java line 2196: >> >>> 2194: >>> 2195: try { >>> 2196: SecretKey secKey = (SecretKey) keyStore.getKey(alias, >>> storePass); >> >> This means any sec

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v9]

2022-05-04 Thread Hai-May Chao
> Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in the keystore. These `keytool` commands are > -genseckey,

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v8]

2022-05-04 Thread Hai-May Chao
On Wed, 4 May 2022 16:29:09 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Skip alg constraint check for PBE secret key entry > > src/java.base/share/classes/sun/security/tools/keytool/Main.java l

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v8]

2022-05-04 Thread Sean Mullan
On Wed, 4 May 2022 05:55:08 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored in

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v8]

2022-05-03 Thread Hai-May Chao
> Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in the keystore. These `keytool` commands are > -genseckey,

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v7]

2022-05-03 Thread Hai-May Chao
> Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in the keystore. These `keytool` commands are > -genseckey,

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v6]

2022-05-03 Thread Weijun Wang
On Tue, 3 May 2022 14:54:05 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored in

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v6]

2022-05-03 Thread Weijun Wang
On Tue, 3 May 2022 14:54:05 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored in

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v5]

2022-05-03 Thread Hai-May Chao
On Mon, 2 May 2022 15:08:17 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Updated spec in java.security > > src/java.base/share/classes/sun/security/tools/keytool/Main.java line 2196: > >> 2194:

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v6]

2022-05-03 Thread Hai-May Chao
> Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in the keystore. These `keytool` commands are > -genseckey,

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v5]

2022-05-02 Thread Hai-May Chao
On Mon, 2 May 2022 22:38:18 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Updated spec in java.security > > test/jdk/sun/security/tools/keytool/WeakSecretKeyTest.java line 66: > >> 64:

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v5]

2022-05-02 Thread Weijun Wang
On Fri, 29 Apr 2022 19:42:27 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored i

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v5]

2022-05-02 Thread Weijun Wang
On Fri, 29 Apr 2022 19:42:27 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored i

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v5]

2022-05-02 Thread Sean Mullan
On Fri, 29 Apr 2022 19:42:27 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored i

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v4]

2022-04-29 Thread Hai-May Chao
On Fri, 29 Apr 2022 19:18:06 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Removed RC2 changes > > src/java.base/share/conf/security/java.security line 644: > >> 642: # >> 643: # In some environ

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v5]

2022-04-29 Thread Hai-May Chao
> Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in the keystore. These `keytool` commands are > -genseckey,

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v4]

2022-04-29 Thread Sean Mullan
On Fri, 29 Apr 2022 17:06:28 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored i

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v4]

2022-04-29 Thread Hai-May Chao
> Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in the keystore. These `keytool` commands are > -genseckey,

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v3]

2022-04-29 Thread Hai-May Chao
> Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in the keystore. These `keytool` commands are > -genseckey,

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]

2022-04-28 Thread Hai-May Chao
On Thu, 28 Apr 2022 06:46:35 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored i

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]

2022-04-28 Thread Hai-May Chao
On Thu, 28 Apr 2022 13:25:13 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> SecretKeyConstraintsParameters subclass created and property description >> updated > > src/java.base/share/conf/securi

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]

2022-04-28 Thread Weijun Wang
On Thu, 28 Apr 2022 06:46:35 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored i

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]

2022-04-28 Thread Sean Mullan
On Wed, 27 Apr 2022 19:35:04 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> SecretKeyConstraintsParameters subclass created and property description >> updated > > Changes requested by mullan (Re

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]

2022-04-28 Thread Sean Mullan
On Thu, 28 Apr 2022 06:46:35 GMT, Hai-May Chao wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored i

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]

2022-04-28 Thread Hai-May Chao
On Wed, 27 Apr 2022 19:35:04 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> SecretKeyConstraintsParameters subclass created and property description >> updated > > Changes requested by mullan (Re

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]

2022-04-28 Thread Hai-May Chao
On Wed, 27 Apr 2022 21:04:59 GMT, Weijun Wang wrote: >> Changes requested by mullan (Reviewer). > > @seanjmullan Since we use symmetric keys to encrypt entries and add integrity > check, should this enhancement cover them as well? For example, if a PKCS12 > keystore is created with `-J-Dkeystor

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]

2022-04-27 Thread Hai-May Chao
> Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in the keystore. These `keytool` commands are > -genseckey,

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]

2022-04-27 Thread Hai-May Chao
On Wed, 27 Apr 2022 19:34:04 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> SecretKeyConstraintsParameters subclass created and property description >> updated > > src/java.base/share/classes/sun

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms

2022-04-27 Thread Weijun Wang
On Wed, 27 Apr 2022 19:35:04 GMT, Sean Mullan wrote: >> Please review these changes to add DES/3DES/MD5 to >> `jdk.security.legacyAlgorithms` security property, and to add the legacy >> algorithm constraint checking to `keytool` commands that are associated with >> secret key entries stored in

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms

2022-04-27 Thread Sean Mullan
On Tue, 19 Apr 2022 16:08:28 GMT, Hai-May Chao wrote: > Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in th

Re: RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms

2022-04-27 Thread Sean Mullan
On Tue, 19 Apr 2022 16:08:28 GMT, Hai-May Chao wrote: > Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in th