[security-dev 01744]: Re: '\0' in alias name of a pkcs11 keystore
Valerie Peng
Yu-Ching.Peng at Sun.COM
Mon Mar 29 17:09:12 PDT 2010
Have you tried saving that key through the KeyStore API which allows you
to specify an alias?
Thanks,
Valerie
On 03/26/10 00:05, Tomas Gustavsson wrote:
>
> Slightly off topic.
> Something I would like to see is API support for setting aliases when
> using the KeyPairGenerator. This is due to the fact that many HSMs do
> not allow changing an alias of private keys after they have been
> generated. Since the key pair generator sets a blank alias when using
> PKCS#11, HSM key pairs are left with no alias.
>
> You can set an alias by providing it using pkcs11 attributes through
> the provider, but that alias is provider global (for all generated key
> pairs) which is not very usable.
>
> Regards,
> Tomas
>
> On 03/26/2010 12:17 AM, Valerie Peng wrote:
>>
>> Probably not. Unless explicitly specified through KeyStore APIs, aliases
>> are constructed using the attributes values associated with the
>> keys/certs. Thus, this is probably due to some problem with the native
>> library which generated the keys/certs.
>> Valerie
>>
>> On 03/18/10 19:03, Weijun Wang wrote:
>>> Hi Valerie
>>>
>>> As described in http://forums.sun.com/thread.jspa?threadID=5432248,
>>> customer's pkcs11 keystore has aliases ended with '\0'.
>>>
>>> Is this something we should fix on the Java side?
>>>
>>> Thanks
>>> Max
>>>
>
More information about the security-dev
mailing list