1059 # and javax.crypto.spec.SecretKeySpec and rejects all the others. |
1059 # and javax.crypto.spec.SecretKeySpec and rejects all the others. |
1060 jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep;\ |
1060 jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep;\ |
1061 java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!* |
1061 java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!* |
1062 |
1062 |
1063 # |
1063 # |
|
1064 # PKCS12 KeyStore properties |
|
1065 # |
|
1066 # The following properties, if configured, are used by the PKCS12 KeyStore |
|
1067 # implementation during the creation of a new keystore. Several of the |
|
1068 # properties may also be used when modifying an existing keystore. The |
|
1069 # properties can be overridden by a KeyStore API that specifies its own |
|
1070 # algorithms and parameters. |
|
1071 # |
|
1072 # If an existing PKCS12 keystore is loaded and then stored, the algorithm and |
|
1073 # parameter used to generate the existing Mac will be reused. If the existing |
|
1074 # keystore does not have a Mac, no Mac will be created while storing. If there |
|
1075 # is at least one certificate in the existing keystore, the algorithm and |
|
1076 # parameters used to encrypt the last certificate in the existing keystore will |
|
1077 # be reused to encrypt all certificates while storing. If the last certificate |
|
1078 # in the existing keystore is not encrypted, all certificates will be stored |
|
1079 # unencrypted. If there is no certificate in the existing keystore, any newly |
|
1080 # added certificate will be encrypted (or stored unencrypted if algorithm |
|
1081 # value is "NONE") using the "keystore.pkcs12.certProtectionAlgorithm" and |
|
1082 # "keystore.pkcs12.certPbeIterationCount" values defined here. Existing private |
|
1083 # and secret key(s) are not changed. Newly set private and secret key(s) will |
|
1084 # be encrypted using the "keystore.pkcs12.keyProtectionAlgorithm" and |
|
1085 # "keystore.pkcs12.keyPbeIterationCount" values defined here. |
|
1086 # |
|
1087 # In order to apply new algorithms and parameters to all entries in an |
|
1088 # existing keystore, one can create a new keystore and add entries in the |
|
1089 # existing keystore into the new keystore. This can be achieved by calling the |
|
1090 # "keytool -importkeystore" command. |
|
1091 # |
|
1092 # If a system property of the same name is also specified, it supersedes the |
|
1093 # security property value defined here. |
|
1094 # |
|
1095 # If the property is set to an illegal value, |
|
1096 # an iteration count that is not a positive integer, or an unknown algorithm |
|
1097 # name, an exception will be thrown when the property is used. |
|
1098 # If the property is not set or empty, a default value will be used. |
|
1099 # |
|
1100 # Note: These properties are currently used by the JDK Reference implementation. |
|
1101 # They are not guaranteed to be examined and used by other implementations. |
|
1102 |
|
1103 # The algorithm used to encrypt a certificate. This can be any non-Hmac PBE |
|
1104 # algorithm defined in the Cipher section of the Java Security Standard |
|
1105 # Algorithm Names Specification. When set to "NONE", the certificate |
|
1106 # is not encrypted. The default value is "PBEWithSHA1AndRC2_40". |
|
1107 #keystore.pkcs12.certProtectionAlgorithm = PBEWithSHA1AndRC2_40 |
|
1108 |
|
1109 # The iteration count used by the PBE algorithm when encrypting a certificate. |
|
1110 # This value must be a positive integer. The default value is 50000. |
|
1111 #keystore.pkcs12.certPbeIterationCount = 50000 |
|
1112 |
|
1113 # The algorithm used to encrypt a private key or secret key. This can be |
|
1114 # any non-Hmac PBE algorithm defined in the Cipher section of the Java |
|
1115 # Security Standard Algorithm Names Specification. The value must not be "NONE". |
|
1116 # The default value is "PBEWithSHA1AndDESede". |
|
1117 #keystore.pkcs12.keyProtectionAlgorithm = PBEWithSHA1AndDESede |
|
1118 |
|
1119 # The iteration count used by the PBE algorithm when encrypting a private key |
|
1120 # or a secret key. This value must be a positive integer. The default value |
|
1121 # is 50000. |
|
1122 #keystore.pkcs12.keyPbeIterationCount = 50000 |
|
1123 |
|
1124 # The algorithm used to calculate the optional MacData at the end of a PKCS12 |
|
1125 # file. This can be any HmacPBE algorithm defined in the Mac section of the |
|
1126 # Java Security Standard Algorithm Names Specification. When set to "NONE", |
|
1127 # no Mac is generated. The default value is "HmacPBESHA1". |
|
1128 #keystore.pkcs12.macAlgorithm = HmacPBESHA1 |
|
1129 |
|
1130 # The iteration count used by the MacData algorithm. This value must be a |
|
1131 # positive integer. The default value is 100000. |
|
1132 #keystore.pkcs12.macIterationCount = 100000 |
|
1133 |
|
1134 # |
1064 # Enhanced exception message information |
1135 # Enhanced exception message information |
1065 # |
1136 # |
1066 # By default, exception messages should not include potentially sensitive |
1137 # By default, exception messages should not include potentially sensitive |
1067 # information such as file names, host names, or port numbers. This property |
1138 # information such as file names, host names, or port numbers. This property |
1068 # accepts one or more comma separated values, each of which represents a |
1139 # accepts one or more comma separated values, each of which represents a |