Hello Glen, JCE providers are always accessed via the Java SE public APIs and not directly via sun.* implementation classes. In JDK 9, the SunPKCS11 provider continues to be accessible via those APIs. It’s implementation classes are present in the jdk.crypto.pkcs11 module. Thanks.
On 16 Nov 2015, at 15:21, Chris Hegarty <chris.hegarty@oracle.com> wrote:
Including the security-dev mailing list.
-Chris.
On 16/11/15 12:13, glen.vermeylen@telenet.be wrote:
In the Devoxx presentation "Prepare for JDK9", the strategy for encapsulating "sun.* " packages is discussed. The class sun.security.SunPkcs11 is not listed on slide 16 ("Uses of JDK-internal APIs"), but as the rest of sun.security.* is listed as "Non-critical, no replacement planned", will this also be case for SunPKCS11? As far as I know there is no alternative security Provider for integrating with PKCS11 aside from rolling your own jni code or using vendor-specific apis.
We rely on SunPKCS for interfacing with an HSM and belgian e-id smartcard. And even though we are aware that touching sun.* is frowned upon, first search hit on "java pkcs11" gives following page: https://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.htm... . With such elaborate documentation, you can't really blame devs to actually use this functionality :) .
Is there an alternative to SunPKCS11 or am I overlooking something?
Thanks for your response, Glen Vermeylen