A256KW is not recognized as AESWrap in Java 17
Issue #189
closed
AESWrapis no longer a recognized Java algorithm name in java 17, please see
https://bugs.openjdk.java.net/browse/JDK-8248268
It was reported in the Quarkus project here.
@Brian Campbell - would it make sense to add a fallback to AES/KW/NoPadding (which looks like to be a new name), similarly to how it is done for `SHA256withRSAandMGF1`/`RSASSA-PSS` ?
Thanks
Comments (7)
-
-
repo owner
-
reporter
Hi Brian, thanks, it makes sense to see if more work will be done around it in Java 17 early releases
. So far it looks like this alias has gone (we may have missed something) - but indeed they may decide to preserve it to ease the future migrations. -
repo owner
Using a Java 17 release candidate (Build 35 2021/8/6) It looks like
Cipher.getInstance("AESWrap")will work and return the appropriate Cipher object. However,Security.getAlgorithms("Cipher")doesn’t include"AESWrap"- that was being used for availability checks at initialization and is why the library thought the AxxxKW algs were not available. Changing the initialization availability check to trygetInstanceseems to fix things and still work across Java versions (I tested with 7, 8, and 17). -
repo owner
- changed status to resolved
-
reporter
Thanks Brian for investigating and resolving it
-
repo owner
- changed status to closed
You're welcome, Sergey.
v0.7.9 has been released and has the fix for this in it
- Log in to comment
Thanks Sergey, a fallback like that might well be what is needed. But I’d like to look into it a bit more before deciding on a specific approach. I wonder, for example, if
AESWrapwill still work as an alias forAES/KW/NoPaddingand something similar to https://bitbucket.org/b_c/jose4j/commits/29af791146bd52a0e1f3f34032394c2c2ca767d8 is happening. Or if java will do anything more to help with backward compatibility of existing apps usingAESWrapbefore java 17 is released.