On Fri, 2 Jun 2023 00:33:21 GMT, Francisco Ferrari Bihurriet <d...@openjdk.org> wrote:
>> As someone who is familiar with the Cipher convention, it's clearer to apply >> the Cipher convention across the board, i.e. for Mac and SecretKeyFactory >> too. >> For example: For SecretKeyFactory.PBEWithHmacSHA1AndAES_128, use >> `CKM_PKCS5_PBKD2 (required CKM_SHA_1_HMAC)` instead of `CKM_PKCS5_PBKD2 and >> CKM_SHA_1_HMAC`. >> >> The listed mechanism is the one the impl maps to or based on. The required >> mechanism is for auxiliary functionalities. Putting the auxiliary one inside >> the required brackets seems clearer than combining them with the "and" word. > > @valeriepeng: if the following format looks good to you, I'll pass the update > to @martinuy: > <table> > <tr><th>Java Algorithm</th> <th>PKCS#11 Mechanisms</th></tr> > <tr><td>Cipher.PBEWithHmacSHA1AndAES_128</td> <td>CKM_AES_CBC_PAD, > CKM_AES_CBC (requires CKM_PKCS5_PBKD2 and CKM_SHA_1_HMAC)</td></tr> > <tr><td>[…]</td> <td>[…]</td></tr> > <tr><td>Mac.HmacPBESHA1</td> <td>CKM_SHA_1_HMAC (requires > CKM_PBA_SHA1_WITH_SHA1_HMAC)</td></tr> > <tr><td>[…]</td> <td>[…]</td></tr> > <tr><td>SecretKeyFactory.HmacPBESHA1</td> > <td>CKM_PBA_SHA1_WITH_SHA1_HMAC</td></tr> > <tr><td>[…]</td> <td>[…]</td></tr> > <tr><td>SecretKeyFactory.PBKDF2WithHmacSHA224</td> <td>CKM_PKCS5_PBKD2 > (requires CKM_SHA224_HMAC)</td></tr> > </table> @franferrax Yes, it looks good to me. ------------- PR Comment: https://git.openjdk.org/jdk/pull/12396#issuecomment-1574446390
