-
Bug
-
Resolution: Fixed
-
P3
-
5.0
-
None
-
b28
-
generic
-
solaris_9
Keytool and jarsigner rely on cryptographic providers to
perform certain work. These providers are registered statically
in the ~/jre/lib/security/java.security file
This list can also be managed programmatically via the
java.security.Security class.
Prior to 1.5, the list did not permit multiple instances
of the same provider.
In 1.5, the PKCS#11 crypto provider was introduced
(it talks to crypto tokens like smartcards),
and since a user may have more than one token,
the provider infrastructure was updated to accommodate
multiple instances of a crypto provider.
Each instance of a provider is distinguished
by a unique name returned via Provider.getName().
The Keytool and jarsigner tools, however, do not
provide a way to specify this provider name.
A -providerName option should be added so users
can target a specific provider instance:
[-providerName name]
Note, this new option should not be confused with the
existing provider options:
[-provider <class name> -providerArg <arg>]
which allow the user to install a new provider into the
system-wide list.
To avoid confusion, the -provider option should
be renamed to -providerClass. The -provider should still
be supported (although not documented) for compatibility.
perform certain work. These providers are registered statically
in the ~/jre/lib/security/java.security file
This list can also be managed programmatically via the
java.security.Security class.
Prior to 1.5, the list did not permit multiple instances
of the same provider.
In 1.5, the PKCS#11 crypto provider was introduced
(it talks to crypto tokens like smartcards),
and since a user may have more than one token,
the provider infrastructure was updated to accommodate
multiple instances of a crypto provider.
Each instance of a provider is distinguished
by a unique name returned via Provider.getName().
The Keytool and jarsigner tools, however, do not
provide a way to specify this provider name.
A -providerName option should be added so users
can target a specific provider instance:
[-providerName name]
Note, this new option should not be confused with the
existing provider options:
[-provider <class name> -providerArg <arg>]
which allow the user to install a new provider into the
system-wide list.
To avoid confusion, the -provider option should
be renamed to -providerClass. The -provider should still
be supported (although not documented) for compatibility.
- relates to
-
-
- Resolved
-