Describe the defect
As per RFC8018 PBES1 combines the PBKDF1 function with an underlying block cipher. PBES1 is compatible with the encryption scheme in PKCS5_15. Therefore, the variable {hashAlgorithm} which is one of the parameters for the underlying PBKDF1 must be an element of the variant pattern instead of {kdf}.
Refer https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html#cipher-algorithms for example of PBES1 usage.
Additional context
The issue is data-quality / naming defect in the Cryptography Registry and can be fixed without changing schema behavior or introducing new algorithms.
Describe the defect
As per RFC8018 PBES1 combines the PBKDF1 function with an underlying block cipher. PBES1 is compatible with the encryption scheme in PKCS5_15. Therefore, the variable {hashAlgorithm} which is one of the parameters for the underlying PBKDF1 must be an element of the variant pattern instead of {kdf}.
Refer https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html#cipher-algorithms for example of PBES1 usage.
Additional context
The issue is data-quality / naming defect in the Cryptography Registry and can be fixed without changing schema behavior or introducing new algorithms.