[security-dev 01163]: Re: PING 1: [PATCH FOR REVIEW]: Elliptic Curve Cryptography in OpenJDK6 with NSS

Joe Darcy Joe.Darcy at Sun.COM
Tue Sep 1 20:39:09 UTC 2009


Andrew John Hughes wrote:
> 2009/8/28 Andrew John Hughes <gnu_andrew at member.fsf.org>:
>> In OpenJDK6, the elliptic curve cryptography algorithms are available
>> if the PKCS11 provider is configured to point to NSS. See:
>>
>> http://blogs.sun.com/andreas/entry/the_java_pkcs_11_provider
>>
>> If NSS is configured as specified in this blog, keytool can be used to
>> generate a key as follows:

Hello.

Allowing keytool and friends to work in more cases if the provider is 
capable seems fine to me.

Security team, do you have concerns about this patch?

Thanks,

-Joe



More information about the security-dev mailing list