Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8322971 KEM.getInstance() should check if a 3rd-party security provider is signed
  3. JDK-8322972

Release Note: `KEM.getInstance()` Should Check If a Third-Party Security Provider Is Signed

    XMLWordPrintable

Details

    Description

      When instantiating a third-party security provider's implementation (class) of a `KEM` algorithm, the framework will determine the provider's codebase (JAR file) and verify its signature. In this way, JCA authenticates the provider and ensures that only providers signed by a trusted entity can be plugged into the JCA. This is consistent with other JCE service classes, such as `Cipher`, `Mac`, `KeyAgreement`, and others.

      Attachments

        Activity

          People

            weijun Weijun Wang
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: