On Wed, 14 Dec 2022 00:23:44 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> This RFE enhances existing PBE algorithms with the "SHA512/224" and >> "SHA512/256" support. >> Current transformation parsing in javax.crypto.Cipher class is re-written to >> handle the additional "/" in the "SHA512/224" and "SHA512/256" algorithm >> names. Existing tests are updated with the additional new algorithms. > > Valerie Peng has updated the pull request incrementally with one additional > commit since the last revision: > > address review feedbacks I checked again, it is in the Javadoc, but a bit hidden since it’s not listed near the algorithm name (in the JCE algorithm names doc). the PBEKey limits it to single byte ASCII only: https://github.com/openjdk/jdk/blob/6dc4d891c3ad043405c65e0e0eeef28e9e5a2156/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java#L69 (which would be compat with utf8), that is indeed a good info to document that restriction as the Javadoc only says “takes low byte”. https://docs.oracle.com/en/java/javase/17/docs/api/java.base/javax/crypto/spec/PBEKeySpec.html it also mentions that the pkcs12 factory uses ucs2 (well “2 bytes”). But still would be nice to have that info in the algorithm spec doc as well. Regarding a pkcs8 mode with utf8, what’s the easiest to propose a rfe for a non-commited? ------------- PR: https://git.openjdk.org/jdk/pull/11339
