Re: JDK-8182879: Add warnings to keytool when using JKS and JCEKS

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JDK-8182879: Add warnings to keytool when using JKS and JCEKS

Weijun Wang

> On Jul 14, 2017, at 7:00 PM, Sean Mullan <[hidden email]> wrote:
>
> I think we should add a Release Note to 8182879 indicating that keytool now emits a warning for JKS/JCEKS keystores.
>

https://bugs.openjdk.java.net/browse/JDK-8184671 filed. Please take a review.

"When keytool is operating on a JKS or JCEKS keystore, a warning will be shown that the keystore uses a proprietary format and migrating to PKCS12 is suggested. The keytool's -importkeystore command is also updated so that it can convert a keystore from one type to another if the source and destination point to the same file.”

Thanks
Max

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JDK-8182879: Add warnings to keytool when using JKS and JCEKS

Sean Mullan
On 7/14/17 11:12 AM, Weijun Wang wrote:
>
>> On Jul 14, 2017, at 7:00 PM, Sean Mullan <[hidden email]> wrote:
>>
>> I think we should add a Release Note to 8182879 indicating that keytool now emits a warning for JKS/JCEKS keystores.
>>
>
> https://bugs.openjdk.java.net/browse/JDK-8184671 filed. Please take a review.
>
> "When keytool is operating on a JKS or JCEKS keystore

It doesn't show the warning if it only contains trusted certificate
entries, right?

I wonder if you should be more specific, ex - "on a JKS or JCEKS
keystore containing private or secret key entries". But that might
reveal too much.

Maybe just change "will" to "may" below.

--Sean

, a warning will be shown that the keystore uses a proprietary format
and migrating to PKCS12 is suggested. The keytool's -importkeystore
command is also updated so that it can convert a keystore from one type
to another if the source and destination point to the same file.”
>
> Thanks
> Max
>
Loading...