JEP260 -- Impact on SunPKCS11?
Vincent Ryan
vincent.x.ryan at oracle.com
Mon Nov 16 15:30:00 UTC 2015
Hello Glen,
JCE providers are always accessed via the Java SE public APIs and not directly via sun.* implementation classes.
In JDK 9, the SunPKCS11 provider continues to be accessible via those APIs. It’s implementation classes are present
in the jdk.crypto.pkcs11 module.
Thanks.
> On 16 Nov 2015, at 15:21, Chris Hegarty <chris.hegarty at oracle.com> wrote:
>
> Including the security-dev mailing list.
>
> -Chris.
>
> On 16/11/15 12:13, glen.vermeylen at telenet.be wrote:
>> In the Devoxx presentation "Prepare for JDK9", the strategy for
>> encapsulating "sun.* " packages is discussed.
>> The class sun.security.SunPkcs11 is not listed on slide 16 ("Uses of
>> JDK-internal APIs"), but as the rest of sun.security.* is listed as
>> "Non-critical, no replacement planned", will this also be case for
>> SunPKCS11?
>> As far as I know there is no alternative security Provider for
>> integrating with PKCS11 aside from rolling your own jni code or using
>> vendor-specific apis.
>>
>> We rely on SunPKCS for interfacing with an HSM and belgian e-id
>> smartcard. And even though we are aware that touching sun.* is frowned
>> upon, first search hit on "java pkcs11" gives following page:
>> https://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html
>> . With such elaborate documentation, you can't really blame devs to
>> actually use this functionality :) .
>>
>> Is there an alternative to SunPKCS11 or am I overlooking something?
>>
>> Thanks for your response,
>> Glen Vermeylen
More information about the security-dev
mailing list