kaikramer
commented
2 years ago Well, this is not something that is controlled by KSE. The code that was changed is in the Java runtime itself.
Fortunately they have provided a workaround by setting an evironment variable, see this comment for details.
As so many KSE users are complaining about this, I am considerung setting this environment variable (resp. the system property) in the code, controlled by a checkbox in the UI. From a users standpoint this is exactly your feature request, but in reality it's a hack and I am rather reluctant to implement this...
arendvogtlaender
Hi, first again many thanks for this very good piece of software!
but... :-) it would be very nice, if it was possible to choose the encryption algorithm, which is used encrypting private keys inside the keystore (when setting the alias password) formerly the algorithm was PBE, in recent versions (not quite sure exactly which) it was changed to PBES2. when working with legacy-systems, this causes a problem, as for example windows server 2016 and older can't handle PBES2 and will prompt that the password is wrong. this applies also to some older JDK / cryptoprovider combinations on other operating systems.
there is a manual workaround using openssl and repacking the keys in a new keystore, but it would be far better, if it was possible to be able to choose between PBES2 and PBE.
also, if i have a "fixed" PBE keystore and use KSE to change the alias name and save the keystore again, it will switch from PBE back to PBES2.
as legacy systems hang around for a long time (like the blank lightbulb in the kitchen, after moving in a new flat) it would be very nice to have this option.