RFD: Services lockdown for security providers

Wei-Jun Wang weijun.wang at oracle.com
Wed May 24 22:30:56 UTC 2023



> On May 24, 2023, at 5:03 PM, Martin Balao <mbalao at redhat.com> wrote:
> 
>>> To better illustrate, let's say that the user requires that all cryptographic operations are performed in a Hardware Security Module (HSM). On the OpenJDK side, this means that the implementation for Cipher, Signature, Mac and other cryptographic services must be the one in the SunPKCS11 security provider. Let's also suppose that other non-cryptographic services such as those for certificates validation and TLS are required, and their implementation is in the SUN and SunJSSE security providers respectively. Setting SunPKCS11 at the highest priority of the list is not a strong guarantee to ensure that all cryptographic operations come from it: it's possible that an algorithm for Signature is not implemented in SunPKCS11 or in its underlying token but in the SUN security provider. Disabling the SUN security provider wouldn't be an option in this case because we need its certificates validation service.

You listed "Signature" as one of the "cryptographic services", but signature verification is also used in "certificates validation" which is a "non-cryptographic service". Do you mean signing must be in SunPKCS11 but verification needn't be? How do you configure that?

Thanks,
Max




More information about the security-dev mailing list