RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v7]
Weijun Wang
weijun at openjdk.org
Thu Dec 19 14:01:52 UTC 2024
On Thu, 19 Dec 2024 03:52:31 GMT, Martin Balao <mbalao at openjdk.org> wrote:
> However, we decided not to make `CKM_CONCATENATE_DATA_AND_BASE` a requirement for HKDF services in SunPKCS11.
This sounds perfectly reasonable at token init time. Most HKDF cases do not need multiple IKM or salt segments.
What I asked is at key derivation time. By then it seems you no longer consult the `disabledMechanisms` configuration anymore.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22215#issuecomment-2554143778
More information about the security-dev
mailing list