RFR: 8325254: CKA_TOKEN private and secret keys are not necessarily sensitive
Martin Balao
mbalao at openjdk.org
Tue Feb 6 19:51:58 UTC 2024
On Tue, 6 Feb 2024 18:32:58 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Hi,
>>
>> May I have a review for this fix to [JDK-8325254](https://bugs.openjdk.org/browse/JDK-8325254)?
>>
>> With this change, CKA_TOKEN = true is used as an indicator of a sensitive private key (opaque) only if the token is NSS. The behavior previous to [JDK-8271566](https://bugs.openjdk.org/browse/JDK-8271566) is restored for non-NSS tokens.
>>
>> No regressions observed in jdk/sun/security/pkcs11.
>
> Since the existing tests use NSS, the change should not cause any difference. Just curious, do you know what PKCS11 library/impl the reporter uses? Would be nice to include it into the bug record as additional information.
Hi @valeriepeng ,
Thanks for having a look at this.
> Since the existing tests use NSS, the change should not cause any difference. Just curious, do you know what PKCS11 library/impl the reporter uses? Would be nice to include it into the bug record as additional information.
Yes, good idea. I'll add it to the ticket.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/17712#issuecomment-1930641723
More information about the security-dev
mailing list