JEP 131: PKCS#11 Crypto Provider for 64-bit Windows
|Discussion||security dash dev at openjdk dot java dot net|
|Endorsed by||Brian Goetz|
|Relates to||6880559: Enable PKCS11 64-bit windows builds|
Include the SunPKCS11 provider in the JDK for 64-bit Windows.
More and more vendors are providing native PKCS#11 libraries for 64-bit Windows. Shipping the SunPKCS11 provider in the JDK for 64-bit Windows will allow Java applications to use such libraries on that platform.
Modify the current build process to build the SunPKCS11 provider binary on 64-bit Windows. The provider will be placed in the relevant subdirectory but will not be configured by default. To use the provider, an application would have to supply its own configuration file that specifies the location of the native PKCS#11 library along with additional directives according to the specification in the SunPKCS11 Reference Guide.
Find a suitable 64-bit PKCS#11 library and run existing regression tests against it. If the 64-bit library does not support certain functionality covered by the existing regression tests then some adjustments will be required.
- Documentation: Update the SunPKCS11 Reference guide accordingly, i.e., add 64-bit Windows to the supported-platform list.