RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]
Valerie Peng
valeriep at openjdk.org
Fri Jun 2 23:58:21 UTC 2023
On Fri, 2 Jun 2023 00:33:21 GMT, Francisco Ferrari Bihurriet <duke at openjdk.org> wrote:
>> As someone who is familiar with the Cipher convention, it's clearer to apply the Cipher convention across the board, i.e. for Mac and SecretKeyFactory too.
>> For example: For SecretKeyFactory.PBEWithHmacSHA1AndAES_128, use
>> `CKM_PKCS5_PBKD2 (required CKM_SHA_1_HMAC)` instead of `CKM_PKCS5_PBKD2 and CKM_SHA_1_HMAC`.
>>
>> The listed mechanism is the one the impl maps to or based on. The required mechanism is for auxiliary functionalities. Putting the auxiliary one inside the required brackets seems clearer than combining them with the "and" word.
>
> @valeriepeng: if the following format looks good to you, I'll pass the update to @martinuy:
> <table>
> <tr><th>Java Algorithm</th> <th>PKCS#11 Mechanisms</th></tr>
> <tr><td>Cipher.PBEWithHmacSHA1AndAES_128</td> <td>CKM_AES_CBC_PAD, CKM_AES_CBC (requires CKM_PKCS5_PBKD2 and CKM_SHA_1_HMAC)</td></tr>
> <tr><td>[…]</td> <td>[…]</td></tr>
> <tr><td>Mac.HmacPBESHA1</td> <td>CKM_SHA_1_HMAC (requires CKM_PBA_SHA1_WITH_SHA1_HMAC)</td></tr>
> <tr><td>[…]</td> <td>[…]</td></tr>
> <tr><td>SecretKeyFactory.HmacPBESHA1</td> <td>CKM_PBA_SHA1_WITH_SHA1_HMAC</td></tr>
> <tr><td>[…]</td> <td>[…]</td></tr>
> <tr><td>SecretKeyFactory.PBKDF2WithHmacSHA224</td> <td>CKM_PKCS5_PBKD2 (requires CKM_SHA224_HMAC)</td></tr>
> </table>
@franferrax Yes, it looks good to me.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/12396#issuecomment-1574446390
More information about the security-dev
mailing list