'Building sunpkcs11.jar'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-build-dev
Subject:    Building sunpkcs11.jar
From:       valerie.peng () oracle ! com (Valerie (Yu-Ching) Peng)
Date:       2012-05-25 23:50:14
Message-ID: 4FC01AB6.7030604 () oracle ! com
[Download RAW message or body]

There is no such flag; otherwise it'd be an easy way to circumvent 
existing checks for enforcing export/import control.
Cryptographic vendors who develop JCE providers can apply for JCE code 
signing certificates through a process documented in the JCE guide.

The easiest route may be just to test against your OpenJDK build since 
the JCE framework in the OpenJDK can accept unsigned providers.
Valerie

On 05/25/12 15:13, Deneau, Tom wrote:
> Valerie --
> 
> I don't believe we have a JCE code signing keypair (where would we have gotten \
> one?) 
> Is there any test flag that tells the Oracle 7u4 jre to not require a signed crypto \
> provider 
> -- Tom
> 
> -----Original Message-----
> From: Valerie (Yu-Ching) Peng [mailto:valerie.peng at oracle.com]
> Sent: Friday, May 25, 2012 12:11 PM
> To: Deneau, Tom
> Cc: build-dev at openjdk.java.net
> Subject: Re: Building sunpkcs11.jar
> 
> The provider built from OpenJDK workspace is unsigned.
> It can't be used with Oracle 7u4 JRE which require crypto provider to be
> signed for export/import conformance.
> 
> If Your company has a JCE code signing keypair, you can sign the
> provider built using OpenJDK with that keypair and then use it w/ Oracle
> 7u4 JRE.
> Thanks,
> Valerie
> 
> On 05/23/12 08:54, Deneau, Tom wrote:
> > I want to be able to modify and rebuild lib/ext/sunpkcs11.jar.
> > 
> > When I do a "make all; make images" everything completes successfully.
> > With javap, I can see my modified class in the \
> > build/linux-amd64/j2sdk-image/jre/lib/ext 
> > When I use this built ext directory as a replacement of the Oracle 7U4 JRE, and \
> > run some code that does 
> > 	  KeyGenerator gen = KeyGenerator.getInstance("AES");
> > I get
> > Test1,java.security.NoSuchAlgorithmException: AES KeyGenerator not available
> > 	at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:158)
> > 	at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:207)
> > 
> > This code runs successfully with the regular Oracle 7U4 JRE.
> > 
> > Am I missing something in the build process?
> > 
> > -- Tom Deneau
> > 
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic