-
Type:
Enhancement
-
Resolution: Unresolved
-
Priority:
P4
-
None
-
Affects Version/s: 8
-
Component/s: security-libs
-
generic
-
generic
ADDITIONAL SYSTEM INFORMATION :
Red Hat Enterprise Linux 8, OpenJDK 1.8.0-312
A DESCRIPTION OF THE PROBLEM :
The SunPKCS11 driver infrastructure does not support wrapping of asymmetric PKI Keys with symmetric (AES) cipher. Most HSM devices do support this.
The SunPKCS11 driver supports only wrapping of symmetric ( AES, DES* ) keys with an RSA key.
Most HSM vendors supply their proprietary Java driver libraries that can be used to make these operations without SunPKCS11, but some have incomplete implementations "because Java SunPKCS11 does not do it, we don't see any need for it."
Because the SunPKCS11 tooling goes very deep into internal APIs of specific JRE, creating our own fork of the driver and maintaining it is not practical.
Red Hat Enterprise Linux 8, OpenJDK 1.8.0-312
A DESCRIPTION OF THE PROBLEM :
The SunPKCS11 driver infrastructure does not support wrapping of asymmetric PKI Keys with symmetric (AES) cipher. Most HSM devices do support this.
The SunPKCS11 driver supports only wrapping of symmetric ( AES, DES* ) keys with an RSA key.
Most HSM vendors supply their proprietary Java driver libraries that can be used to make these operations without SunPKCS11, but some have incomplete implementations "because Java SunPKCS11 does not do it, we don't see any need for it."
Because the SunPKCS11 tooling goes very deep into internal APIs of specific JRE, creating our own fork of the driver and maintaining it is not practical.