United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: 7099228 Use a PKCS11 config attribute to control encoding of an EC point
7099228 : Use a PKCS11 config attribute to control encoding of an EC point

Details
Type:
Bug
Submit Date:
2011-10-10
Status:
Resolved
Updated Date:
2011-11-07
Project Name:
JDK
Resolved Date:
2011-11-07
Component:
security-libs
OS:
generic
Sub-Component:
java.security
CPU:
generic
Priority:
P1
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:
7u2

Related Reports
Backport:
JDK-2215631 - Use a PKCS11 config attribute to control encoding of an EC point
Relates:
JDK-7054637 - Enable PKCS11 to use raw encoding for the EC point in an Elliptic Curve public key

Sub Tasks

Description
The fix for CR 7054637 introduced a PKCS11 token attribute to control whether an EC point encoding is wrapped in an ASN.1 OCTET STRING or not.

It has been reported that the numeric identifier chosen for that attribute will clash with
the identifier already chosen by a vendor of PKCS11 tokens as a vendor extension.

To avoid this and any future namespace collisions from other token vendors a JCE provider
attribute should be used instead of a token attribute.

Comments
EVALUATION

Problem identified for one PKCS11 token vendor.
Fix as suggested
2011-10-10 
SUGGESTED FIX

Modify the fix for CR 7054637 to use a JCE provider attribute rather than a PKCS11 token attribute to avoid a namespace collision and unintended behaviour in the token.
2011-10-10


Hardware and Software, Engineered to Work Together