On Thu, 19 Dec 2024 14:14:43 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Yes, sure. I added a comment to the _Solution_ section of the CSR and the
>> name to the table in _Specification_.
>
> BTW, what else can this key be used? I tried in HmacSHA256 and there is a
> CKR_KEY_TYPE_INCONSISTENT error.
Hi @wangweij,
Which test have you executed? I'm able to use "Generic" keys for HmacSHA256, in
a local slowdebug build of this branch.
cat >providersList.properties <<'EOF'
security.provider.1=SunPKCS11 --\\n\
name = NSS\\n\
nssLibraryDirectory = /usr/lib64\\n\
nssDbMode = noDb
security.provider.2=SUN
security.provider.3=SunRsaSign
security.provider.4=SunEC
security.provider.5=SunJSSE
security.provider.6=SunJCE
security.provider.7=SunJGSS
security.provider.8=SunSASL
security.provider.9=XMLDSig
security.provider.10=SunPCSC
security.provider.11=JdkLDAP
security.provider.12=JdkSASL
EOF
cat >Main.java <<'EOF'
import java.util.HexFormat;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
public final class Main {
public static void main(String[] args) throws Exception {
byte [] keyMaterial = "Secret-Bytes".getBytes();
SecretKeySpec spec = new SecretKeySpec(keyMaterial, "Generic");
SecretKeyFactory skf = SecretKeyFactory.getInstance("Generic");
SecretKey sk = skf.generateSecret(spec);
System.out.println(sk);
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(sk);
mac.update("test".getBytes());
System.out.println(HexFormat.of().formatHex(mac.doFinal()));
}
}
EOF
./build/linux-x86_64-server-slowdebug/images/jdk/bin/java \
-Djava.security.properties=providersList.properties Main.java
rm providersList.properties Main.java
Output:
SunPKCS11-NSS Generic secret key, 96 bits session object, not sensitive,
extractable)
c5dca603b87a1a1fe264f3cab2f851d513afdd2a7dd5ed3ee337356e2d7a001a
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1892873295
