JEP260 -- Impact on SunPKCS11?

Chris Hegarty chris.hegarty at oracle.com
Mon Nov 16 15:21:19 UTC 2015


Including the security-dev mailing list.

-Chris.

On 16/11/15 12:13, glen.vermeylen at telenet.be wrote:
> In the Devoxx presentation "Prepare for JDK9", the strategy for
> encapsulating "sun.* " packages is discussed.
> The class sun.security.SunPkcs11 is not listed on slide 16 ("Uses of
> JDK-internal APIs"), but as the rest of sun.security.* is listed as
> "Non-critical, no replacement planned", will this also be case for
> SunPKCS11?
> As far as I know there is no alternative security Provider for
> integrating with PKCS11 aside from rolling your own jni code or using
> vendor-specific apis.
>
> We rely on SunPKCS for interfacing with an HSM and belgian e-id
> smartcard. And even though we are aware that touching sun.* is frowned
> upon, first search hit on "java pkcs11" gives following page:
> https://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html
> . With such elaborate documentation, you can't really blame devs to
> actually use this functionality :) .
>
> Is there an alternative to SunPKCS11 or am I overlooking something?
>
> Thanks for your response,
> Glen Vermeylen



More information about the security-dev mailing list