Skip to content

Conversation

dev-koan
Copy link
Collaborator

@dev-koan dev-koan commented Oct 7, 2025

This update adds support for PBES2, PBEKeyFactory, PBEKey, and PBEParameters for PBE algorithms with Hmac and AES for OpenJCEPlus provider.

Signed-off-by: Dev Agarwal [email protected]

SecretKeyFactory | PBKDF2WithHmacSHA224 |X |X | |
SecretKeyFactory | PBKDF2WithHmacSHA256 |X |X | |
SecretKeyFactory | PBKDF2WithHmacSHA384 |X |X | |
SecretKeyFactory | PBKDF2WithHmacSHA512 |X |X | |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have noticed that there is also Mac services that make use of PBE also. For example on Java 25 do we want to intentionally skip these for now?

SunJCE: Mac.PBEWithHmacSHA512/224 SupportedKeyFormats
SunJCE: Mac.PBEWithHmacSHA384
SunJCE: Mac.PBEWithHmacSHA256
SunJCE: Mac.PBEWithHmacSHA224
SunJCE: Mac.PBEWithHmacSHA224 SupportedKeyFormats
SunJCE: Mac.PBEWithHmacSHA256 SupportedKeyFormats
SunJCE: Mac.PBEWithHmacSHA512/256
SunJCE: Mac.PBEWithHmacSHA512/256 SupportedKeyFormats
SunJCE: Mac.PBEWithHmacSHA1 SupportedKeyFormats
SunJCE: Mac.PBEWithHmacSHA384 SupportedKeyFormats
SunJCE: Mac.PBEWithHmacSHA1
SunJCE: Mac.PBEWithHmacSHA512/224
SunJCE: Mac.PBEWithHmacSHA512
SunJCE: Mac.PBEWithHmacSHA512 SupportedKeyFormats

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure about this, we can discuss if we would want to add these

@dev-koan dev-koan force-pushed the implement_pbe branch 3 times, most recently from 3321ceb to cea7626 Compare October 10, 2025 10:23
@jasonkatonica
Copy link
Member

jasonkatonica commented Oct 16, 2025

Performance seems good to me here vs the OpenJDK providers:

For example on linux x86 here is a small sample of the decrypt benchmark results:
image

And encrypt on x86 linux:
image

The full set of data is attached here for AIX, ppcle linux, and x86 linux:
performanceDataPBE.zip

@dev-koan dev-koan force-pushed the implement_pbe branch 2 times, most recently from 5d492c9 to 7c24df7 Compare October 16, 2025 15:20
This update adds support for PBES2, PBEKeyFactory, PBEKey,
and PBEParameters for PBE algorithms with Hmac and AES for
OpenJCEPlus provider.

Signed-off-by: Dev Agarwal <[email protected]>
Copy link
Member

@jasonkatonica jasonkatonica left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Collaborator

@taoliult taoliult left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Member

@KostasTsiounis KostasTsiounis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Collaborator

@JinhangZhang JinhangZhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants