Hmm... looking at the PKCS11 soft token nss code (from
hg.mozilla.org/projects/nss) - ANY failure to unwrap a private key gets
returned as a CKR_INCOMPLETE_TEMPLATE.
The NSS code for sftk_unwrapPrivateKey is weird. It starts out with a
CKR_ code in a number of places, and if that code is not
I ran into a few problems related to a similar approach in my own code.
Basically, PKCS12 requires some sort of OID/Algorithm identifier to map
to/from the algorithm name. Anything that you allow for here ideally
needs to be supported by KeyStore there. It doesn't help that PKCS11 has
CKK_G
Sorry - missed this before.
On 12/5/2024 4:50 PM, Sean Mullan wrote:
... clipped
On 11/30/24 8:11 PM, Michael StJohns wrote:
I'm wondering if it would make sense to create a public interface
that these closed off implementation or factory classes could
implement that would allow fo
Hi -
As Java has become more modularized and locked down, I've lost some easy
access to critical information in two places - PCSC and PKCS11. I
haven't gone back to dealing with JDBC recently, but I think I might
have the same problem there.
To give you an example, java.smartcardio.CardExce
On 3/8/2023 2:19 PM, Andrey Turbanov wrote:
java.util.Enumeration is a legacy interface from java 1.0.
There is couple of places with cycles which use it to iterate over collections.
We can replace this manual cycle with enchanced-for, which is shorter and
easier to read.
-
Commit
Hi -
I need to repeat again. Please avoid using www.ietf.org as the URL base
for referencing RFCs. The appropriate location is www.rfc-editor.org
and is going to be more stable in the long run than any reference to an
RFC that runs through the IETF's website. These two websites have
differ
openjdk.org/jeps/403
On 11/23/22 12:21 PM, Michael StJohns wrote:
On 11/22/2022 10:24 PM, Xue-Lei Andrew Fan wrote:
On Wed, 23 Nov 2022 02:59:47 GMT, Michael StJohns
wrote:
… CardException doesn't always pass through the details in a
comprehensible way from the underlying cause, …
Does
On 11/22/2022 10:24 PM, Xue-Lei Andrew Fan wrote:
On Wed, 23 Nov 2022 02:59:47 GMT, Michael StJohns wrote:
… CardException doesn't always pass through the details in a comprehensible way
from the underlying cause, …
Does it sound like a cause that the public APIs are not suffi
On 11/17/2022 10:27 PM, Xue-Lei Andrew Fan wrote:
On Thu, 17 Nov 2022 23:07:46 GMT, Johannes Waigel wrote:
Checking the instance is fundamental to find out the real cause.
Please don't do that in a serious application. The exception stack is belong
to implementation details, and may change
Daniel et al -
Please avoid using ietf.org as the cite location for RFCs
The preferred cite for RFCs is generally via
www.rfc-editor.org/info/rfc - that will get you to the info
page, but with links to pdf, html, and a clean .txt.
Cf https://www.rfc-editor.org/info/rfc4180 - "Cite this RFC"
about is
that our users should also be able to use these algorithms portably.
Are you saying portability is no longer a consideration?
I have no idea where you got that idea.
Regards,
David
On 21/8/22 02:23, Michael StJohns wrote:
Hi David/John -
I would submit that you're trying
Hi David/John -
I would submit that you're trying too hard to make your life simple! :-)
Cipher.wrap/unwrap are the correct methods.
For example:
Cipher kem = Cipher.getInstance
("ECIES/GCM-128-64/KDF-SP800-108-COUNTER-SHA256");
kem.init (Cipher.WRAP_MODE, pubkey);
byte[] opaqueEncapsulated
vider?
*From:* Ravi Patel8
*Sent:* Thursday, July 14, 2022 6:26 PM
*To:* Xuelei Fan ; Michael StJohns
*Cc:* security-dev@openjdk.org
*Subject:* Re: [EXTERNAL] Re: Case-sensitive Keystore for PKCS#12
Thank you for the suggested solutions with an added attribute and a
On 7/13/2022 3:26 PM, Xuelei Fan wrote:
Is it possible make it in the application layer? For example, mapping
case-sensitive name to case-in-sensitive name before calling into the standard
KeyStore APIs. It may be not good to break the standards for corner cases?
Xuelei
Hi Xuelei -
It wou
On 7/13/2022 7:38 AM, Ravi Patel8 wrote:
We have a customer who is having a security requirement. He wants to know, Is it possible
to have case-sensitive support for PKCS#12? We referred the RFCs for PKCS#12. We found
that PKCS#12 uses a case in-sensitive alias and the alias Name is mapped with
15 matches
Mail list logo
