You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When loading a PKCS12 keystore containing just a RAW-format symmetric key (generated via keytool with SunJCE), SunJCE obviously succeeds in retrieving the key. However, both generating such a keystore and retrieving said key fail when using BC:
does not, reporting a keytool error: java.security.KeyStoreException: PKCS12 does not support non-PrivateKeys.
Similarly, trying to open the keystore successfully generated via keytool/SunJCE with BC yields this output, and no keys are present:
extra in data 1.2.840.113549.1.12.10.1.5
Sequence
ObjectIdentifier(1.2.840.113549.1.12.10.1.5)
Tagged [CONTEXT 0]
Sequence
ObjectIdentifier(1.2.840.113549.1.12.10.1.2)
Tagged [CONTEXT 0]
DER Octet String[173]
Set
Sequence
ObjectIdentifier(1.2.840.113549.1.9.20)
Set
BMPString(encryption-key)
Sequence
ObjectIdentifier(1.2.840.113549.1.9.21)
Set
DER Octet String[18]
When loading a PKCS12 keystore containing just a RAW-format symmetric key (generated via keytool with SunJCE), SunJCE obviously succeeds in retrieving the key. However, both generating such a keystore and retrieving said key fail when using BC:
succeeds, but
does not, reporting a
keytool error: java.security.KeyStoreException: PKCS12 does not support non-PrivateKeys
.Similarly, trying to open the keystore successfully generated via keytool/SunJCE with BC yields this output, and no keys are present:
When I run
I get the following output:
Is this a deviation from standards by SunJCE? Does BC plan to implement support for secret keys in PKCS12 stores?
I've looked through the issue list and can't seem to find anything regarding this, so forgive me if this has been raised and answered before
The text was updated successfully, but these errors were encountered: