On Fri, 11 Apr 2025 19:47:38 GMT, Valerie Peng <valer...@openjdk.org> wrote:

> > What I have found with Tls* keys is that they are in the map but we need to 
> > translate their pseudo-mechanism to a valid one (`CKK_GENERIC_SECRET`). Is 
> > that enough for #24393?
> 
> What I found is that there are more "TlsXXX" than those defined in 
> P11SecretKeyFactory class which are mapped to PCKK_xxx. So, we will need to 
> decide if those self-defined "TlsXXX" algorithms are allowed (e.g. PKCS11 
> will treat them as Generic secret keys or changing the TLS code to use a key 
> algorithm recognized by PKCS11). Beside this, we need to make sure the 
> current pseudo key type works, e.g. translating to a valid key type when 
> necessary, as you stated.

Good, let me check this.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/24526#issuecomment-2798225287

Reply via email to