Hi Valerie,
Sorry for delayed response, I've been away :-(
Turns out there is a bug report for this already, although related to
RSA keys, not EC as in my case.
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8183107
I can not add additional information to the issue of course, but the
Yes, please go ahead and file a bug for this.
Thanks!
Valerie
On 2/13/2018 6:00 AM, Tomas Gustavsson wrote:
Thanks for taking a look.
I haven't created a bug for this (yet) Let me know if that would help.
Regards,
Tomas
On 2018-02-09 20:04, Valerie Peng wrote:
Hmm, seems reasonable to
Thanks for taking a look.
I haven't created a bug for this (yet) Let me know if that would help.
Regards,
Tomas
On 2018-02-09 20:04, Valerie Peng wrote:
>
> Hmm, seems reasonable to support this in the provider configuration file.
> Or, on a similar note, but slightly different approach is to
Hmm, seems reasonable to support this in the provider configuration file.
Or, on a similar note, but slightly different approach is to just add an
configuration option for disabling checking the supported key size range.
Regards,
Valerie
On 2/9/2018 2:16 AM, Tomas Gustavsson wrote:
I just
Oh-well, I suppose that we are all humans. ;)
Let me take a closer look on this and see if there are other ways to
relax this constraint than adding env var which should be the very last
resort in my opinion.
BTW, is there a bug filed for this?
Thanks for the feedback,
Valerie
On 2/9/2018
I just realized that a natural place to configure provider behavior is
in the provider construction, which is also per provider, so you can
have multiple ones with different configuration. We are already using an
InputStream to construct SunPKCS11, and adding more parameters to
configure/override
Hi,
Thanks for the answer. (sorry I was out with the flu for a week)
> I am not too keen to add an env var/system property to accommodate this
> kind of PKCS11 library bugs since this should be rare I hope.
> Valerie
Unfortunately I don't see it as rare and the impact is huge due to the
slow
Thanks for the feedback. I suppose we can ignore values which obviously
don't make sense such as 0 or max being less than min key size.
However, if the underlying PKCS11 library vendors forgot to update the
max value as in your comment#2, supposedly they should fix it.
I am not too keen to add
Hi,
At some revision in the PKCS#11 provider there was introduced checking
of C_GetMechanismInfo min and max sizes.
This has turned out to be a bit fragile. Let me give two real world
examples:
1. Amazon Cloud HSM report minSize and maxSize for EC keys to 0. The
Java PKCS#11 provider will
