JEP 131: PKCS#11 Crypto Provider for 64-bit Windows

AuthorValerie Peng
OrganizationOracle
Created2011/5/3
Updated2012/12/4
TypeFeature
StateFunded
Componentcore/sec
ScopeJDK
RFE6880559
Internal-refsOracle:A360:683939
Discussionsecurity dash dev at openjdk dot java dot net
Start2012/Q1
EffortS
DurationS
Endorsed-byBrian Goetz
Funded-byOracle
Release8
TargetM3

Summary

Include the SunPKCS11 provider in the JDK for 64-bit Windows.

Motivation

More and more vendors are providing native PKCS#11 libraries for 64-bit Windows. Shipping the SunPKCS11 provider in the JDK for 64-bit Windows will allow Java applications to use such libraries on that platform.

Description

Modify the current build process to build the SunPKCS11 provider binary on 64-bit Windows. The provider will be placed in the relevant subdirectory but will not be configured by default. To use the provider, an application would have to supply its own configuration file that specifies the location of the native PKCS#11 library along with additional directives according to the specification in the SunPKCS11 Reference Guide.

Testing

Find a suitable 64-bit PKCS#11 library and run existing regression tests against it. If the 64-bit library does not support certain functionality covered by the existing regression tests then some adjustments will be required.

Impact