On Wed, 25 Jan 2023 22:33:59 GMT, Valerie Peng <valer...@openjdk.org> wrote:

>> This RFE enhances existing PBE algorithms with the "SHA512/224" and 
>> "SHA512/256" support. 
>> Current transformation parsing in javax.crypto.Cipher class is re-written to 
>> handle the additional "/" in the "SHA512/224" and "SHA512/256" algorithm 
>> names. Existing tests are updated with the additional new algorithms.
>
> Valerie Peng has updated the pull request with a new target base due to a 
> merge or a rebase. The incremental webrev excludes the unrelated changes 
> brought in by the merge/rebase. The pull request contains six additional 
> commits since the last revision:
> 
>  - Merge branch 'master' of https://github.com/openjdk/jdk into JDK-8288050
>    so bot can find the CSR for JDK21 and mark the PR complete.
>  - address review feedbacks
>  - handle the "SHA512/2" lookup of the cipher transformation in a 
> case-insensitive way.
>  - remove extra whitespace
>  - remove trailing whitespace
>  - 8288050: Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and 
> PBES2 impls in SunJCE provider

Another question, the cipher/keyfactlry PBEWithHmacSHA512/224AndAES_256 
algorithm looks a bit strange, that would require two rounds of the iterations 
- I mean it might not be much work to implement it anyway, but I wonder if it 
is a good combination?

On the other hand PBEWithHmacSHA512/224AndAES_192 might be a good combo. (Or 
generally the AES192 variants are missing?)

-------------

PR: https://git.openjdk.org/jdk/pull/11339

Reply via email to