PKCS11 generateKeyPair with alias
Bernd Eckenfels
ecki at zusammenkunft.net
Mon Aug 27 01:05:26 UTC 2018
I would expect you can actually store the key on a PKCS11 backed Keystore, what would be the natural API (although it’s hard for the provider to implement it if it can’t use temporary handles like this)
Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
Von: -989298816m Auftrag von
Gesendet: Montag, August 27, 2018 2:01 AM
An: security-dev at openjdk.java.net
Betreff: PKCS11 generateKeyPair with alias
Hi,
There is a long standing issue (since the beginning) with
keyPairGeneration in the Sun PKCS#11 provider, but I thought it's time
to vent it.
KeyPairGenerator.generateKeyPair() only generates a keyPair, and does
not set any alias or ID on the key. You can set an alias by using a sun
config file adding CKA_LABEL to it, but that oinly works for short
running application, i.e. a single key generation. In a long running
application that generates multiple keys this is not possible since one
config file is used throughout the whole Provider lifetime.
Did anyone solve this problem? I just played with a patch to Java/SunP11
to add a new method KeyPairGenerator.generateKeyPair(String alias).
This does work, but it's really ugly, and nobody want to run a patched
Java version.
Did anyone else think about this?
Kind regards,
Tomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180827/d6b057f4/attachment.htm>
More information about the security-dev
mailing list