There is no such flag; otherwise it'd be an easy way to circumvent
existing checks for enforcing export/import control.
Cryptographic vendors who develop JCE providers can apply for JCE code
signing certificates through a process documented in the JCE guide.
The easiest route may be just to test against your OpenJDK build since
the JCE framework in the OpenJDK can accept unsigned providers.
Valerie
On 05/25/12 15:13, Deneau, Tom wrote:
Valerie --
I don't believe we have a JCE code signing keypair (where would we have gotten
one?)
Is there any test flag that tells the Oracle 7u4 jre to not require a signed
crypto provider
-- Tom
-----Original Message-----
From: Valerie (Yu-Ching) Peng [mailto:valerie.p...@oracle.com]
Sent: Friday, May 25, 2012 12:11 PM
To: Deneau, Tom
Cc: build-dev@openjdk.java.net
Subject: Re: Building sunpkcs11.jar
The provider built from OpenJDK workspace is unsigned.
It can't be used with Oracle 7u4 JRE which require crypto provider to be
signed for export/import conformance.
If Your company has a JCE code signing keypair, you can sign the
provider built using OpenJDK with that keypair and then use it w/ Oracle
7u4 JRE.
Thanks,
Valerie
On 05/23/12 08:54, Deneau, Tom wrote:
I want to be able to modify and rebuild lib/ext/sunpkcs11.jar.
When I do a "make all; make images" everything completes successfully.
With javap, I can see my modified class in the
build/linux-amd64/j2sdk-image/jre/lib/ext
When I use this built ext directory as a replacement of the Oracle 7U4 JRE, and
run some code that does
KeyGenerator gen = KeyGenerator.getInstance("AES");
I get
Test1,java.security.NoSuchAlgorithmException: AES KeyGenerator not
available
at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:158)
at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:207)
This code runs successfully with the regular Oracle 7U4 JRE.
Am I missing something in the build process?
-- Tom Deneau
