问题
Does Bouncy Castle FIPS support "PKCS12"
as KeyStore/trustStore? I read somewhere that in the approved mode it doesn't support PKCS#12 format but that it is supported in non approved mode (the generally used libraries).
回答1:
Quoting from the BC-FJA user guide, section "7. Key Stores":
The PKCS12 key store is not available in approved-mode of operation due to the algorithms required for PBE key generation in the PKCS#12 standard.
It is available only to threads that are not running in approved-mode.
来源:https://stackoverflow.com/questions/63366284/bouncy-castle-fips-mode-for-pkcs12-keystore-format