[Defect]: Variant pattern for PBES1 must have {hashAlgorithm} instead of {kdf}

[meghsaha-ibm]

Describe the defect

As per RFC8018 PBES1 combines the PBKDF1 function with an underlying block cipher. PBES1 is compatible with the encryption scheme in PKCS5_15. Therefore, the variable {hashAlgorithm} which is one of the parameters for the underlying PBKDF1 must be an element of the variant pattern instead of {kdf}.

Refer https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html#cipher-algorithms for example of PBES1 usage.

Additional context

The issue is data-quality / naming defect in the Cryptography Registry and can be fixed without changing schema behavior or introducing new algorithms.