JEP 131: PKCS#11 Crypto Provider for 64-bit Windows

OwnerValerie Peng
Created2011/05/03 20:00
Updated2014/07/10 20:54
TypeFeature
StatusCompleted
Componentsecurity-libs
ScopeJDK
Discussionsecurity dash dev at openjdk dot java dot net
EffortS
DurationS
Priority4
Endorsed byBrian Goetz
Release8
Issue8046121

Summary

Include the SunPKCS11 provider in the JDK for 64-bit Windows.

Motivation

More and more vendors are providing native PKCS#11 libraries for 64-bit Windows. Shipping the SunPKCS11 provider in the JDK for 64-bit Windows will allow Java applications to use such libraries on that platform.

Description

Modify the current build process to build the SunPKCS11 provider binary on 64-bit Windows. The provider will be placed in the relevant subdirectory but will not be configured by default. To use the provider, an application would have to supply its own configuration file that specifies the location of the native PKCS#11 library along with additional directives according to the specification in the SunPKCS11 Reference Guide.

Testing

Find a suitable 64-bit PKCS#11 library and run existing regression tests against it. If the 64-bit library does not support certain functionality covered by the existing regression tests then some adjustments will be required.

Impact