PKCS11 generateKeyPair with alias
Tomas Gustavsson
tomas at primekey.se
Sun Aug 26 23:30:45 UTC 2018
Hi,
There is a long standing issue (since the beginning) with
keyPairGeneration in the Sun PKCS#11 provider, but I thought it's time
to vent it.
KeyPairGenerator.generateKeyPair() only generates a keyPair, and does
not set any alias or ID on the key. You can set an alias by using a sun
config file adding CKA_LABEL to it, but that oinly works for short
running application, i.e. a single key generation. In a long running
application that generates multiple keys this is not possible since one
config file is used throughout the whole Provider lifetime.
Did anyone solve this problem? I just played with a patch to Java/SunP11
to add a new method KeyPairGenerator.generateKeyPair(String alias).
This does work, but it's really ugly, and nobody want to run a patched
Java version.
Did anyone else think about this?
Kind regards,
Tomas
More information about the security-dev
mailing list