On May 15, 2012, at 11:17 PM, Atsuhiko Yamanaka wrote:
>
> If the provider "SunJCE" is available on your environment,
> how about executing the following line at the beginning of your code?
>
> java.security.Security.insertProviderAt(
> java.security.Security.getProvider("SunJCE"),
> 1
> );
>
Unfortunately, one of my requirements is that all encryption algorithms have
been validated through the US FIPS 140-2 approval process, and the SunJCE has
not passed that validation. I must explicitly invoke
Security.removeProvider("SunJCE").
There are a number of issues dealing with the PKCS11 interface, the main being
that secret and private keys can never exist outside of the memory space of the
"token". After digging through the source today, I don't think it will be an
easy task to convert Jsch to work within those constraints.
Mark Manes
StillSecure, Inc.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users
