Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8370042

PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1)

XMLWordPrintable

    • behavioral
    • low
    • Hide
      Earlier JDK releases will not be able to load PKCS#12 keystores created with the PBMAC1 integrity algorithm and will throw NoSuchAlgorithmException. However, we plan to eventually backport this enhancement to earlier releases, so that compatibility risk will go away.
      Show
      Earlier JDK releases will not be able to load PKCS#12 keystores created with the PBMAC1 integrity algorithm and will throw NoSuchAlgorithmException. However, we plan to eventually backport this enhancement to earlier releases, so that compatibility risk will go away.
    • System or security property
    • JDK

      Summary

      PBMAC1 provides stronger and more extensible integrity checks for PKCS12 keystores than the current check defined in the specification for PKCS12 keystores.

      • PBMAC1 is defined in RFC 8018.
      • RFC 9879 defines how to use PBMAC1 in PKCS12 keystores.
      • RFC 7292 defines PKCS12 keystores.

      Problem

      When the PKCS12 keystore was first introduced (1990s), it defined its own password-based key derivation function for both encryption and integrity protection. In 2000, RFC 2898 (PKCS5 2.0) standardized PBKDF2 and introduced PBES2 and PBMAC1, which became the modern, general purpose building blocks for password-based encryption and integrity protection that are still used today. RFC 7292 (PKCS12 1.1, 2014) updated the encryption scheme to use PBES2, but the integrity protection algorithm remained unchanged. It's only in RFC 9579 (2024) that the use of PBMAC1 for PKCS12 integrity protection is introduced, and this was further clarified in RFC 9879 (2025).

      Java is still using the original integrity protection algorithm. It should be updated to support PBMAC1 to align with RFC 9879.

      Solution

      PBMAC1 is a newer standard that allows the key derivation function to be changed in addition to the message digest function.

      The value of the "keystore.pkcs12.macAlgorithm" property in the java.security file can now take the form of PBEWith<mac> to enable PBMAC1 protection.

      Specification

      The "keystore.pkcs12.macAlgorithm" property in the java.security file is updated to mention the new PBEWith<mac> property value:

      diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index 32d1ddaf0f7..9a0d6c77e79 100644
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -1314,8 +1314,9 @@ jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep
 #keystore.pkcs12.keyPbeIterationCount = 10000

 # The algorithm used to calculate the optional MacData at the end of a PKCS12
-# file. This can be any HmacPBE algorithm defined in the Mac section of the
-# Java Security Standard Algorithm Names Specification. When set to "NONE",
+# file. This can be any HmacPBE or PBEWith<mac> algorithm defined in the
+# Mac section of the Java Security Standard Algorithm Names Specification,
+# for example, HmacPBESHA256 or PBEWithHmacSHA256. When set to "NONE",
 # no Mac is generated. The default value is "HmacPBESHA256".
 #keystore.pkcs12.macAlgorithm = HmacPBESHA256

            mpowers Mark Powers
            youlguo Youliang Guo
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: