RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v8]
Martin Balao
mbalao at openjdk.org
Fri Dec 20 02:18:35 UTC 2024
On Fri, 20 Dec 2024 01:54:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> OK. I have a minor concern: this factory seems primarily useful for HSMs, and it’s unlikely that software-based providers would support it. Users should be mindful of its intended use. I noticed the CSR already references its connection to the CKK_GENERIC_SECRET type. You could clarify further that this is specifically used by a PKCS#11 provider to "import" an external key into a token. I believe we already agreed to address this in a separate enhancement.
I'll split this PR and clarify the intention for _Generic_ keys in the new CSR. @seanjmullan, based on what we discussed with Weijun, would you be open to making this PR dependent on the _Generic_ one? Otherwise, I'll have to trim the test and we will loose coverage.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22215#issuecomment-2556126735
More information about the security-dev
mailing list