I would expect you can actually store the key on a PKCS11 backed Keystore, what would be the natural API (although it’s hard for the provider to implement it if it can’t use temporary handles like this)
Gruss Bernd -- http://bernd.eckenfels.net ________________________________ Von: -989298816m Auftrag von Gesendet: Montag, August 27, 2018 2:01 AM An: security-dev@openjdk.java.net Betreff: PKCS11 generateKeyPair with alias Hi, There is a long standing issue (since the beginning) with keyPairGeneration in the Sun PKCS#11 provider, but I thought it's time to vent it. KeyPairGenerator.generateKeyPair() only generates a keyPair, and does not set any alias or ID on the key. You can set an alias by using a sun config file adding CKA_LABEL to it, but that oinly works for short running application, i.e. a single key generation. In a long running application that generates multiple keys this is not possible since one config file is used throughout the whole Provider lifetime. Did anyone solve this problem? I just played with a patch to Java/SunP11 to add a new method KeyPairGenerator.generateKeyPair(String alias). This does work, but it's really ugly, and nobody want to run a patched Java version. Did anyone else think about this? Kind regards, Tomas
