On Fri, 11 Apr 2025 00:00:39 GMT, Martin Balao <mba...@openjdk.org> wrote:
> What I have found with Tls* keys is that they are in the map but we need to > translate their pseudo-mechanism to a valid one (`CKK_GENERIC_SECRET`). Is > that enough for #24393? What I found is that there are more "TlsXXX" than those defined in P11SecretKeyFactory class which are mapped to PCKK_xxx. So, we will need to decide if those self-defined "TlsXXX" algorithms are allowed (e.g. PKCS11 will treat them as Generic secret keys or changing the TLS code to use a key algorithm recognized by PKCS11). Beside this, we need to make sure the current pseudo key type works, e.g. translating to a valid key type when necessary, as you stated. ------------- PR Comment: https://git.openjdk.org/jdk/pull/24526#issuecomment-2797888313
