JDK-6273223 : Add a KeyGenerator for HMAC keys
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 6
  • Priority: P4
  • Status: Resolved
  • Resolution: Duplicate
  • OS: generic
  • CPU: generic
  • Submitted: 2005-05-19
  • Updated: 2020-12-14
  • Resolved: 2020-12-14
Related Reports
Duplicate :  
Description
The SunPKCS11 provider implements the various HMAC algorithm using a JCE Mac, but it does not offer the corresponding KeyGenerator algorithms. Keys can still be generated using the SunJCE provider and then used by SunPKCS11, but by definition those are not generated on the secure hardware token.

The reason KeyGenerators for HMAC are not currently implemented is that PKCS#11 does not distinguish between different types of HMACs for key generation. It uses CKM_GENERIC_SECRET_KEY_GEN and CKK_GENERIC for all of them, as well as for other purposes. Dealing with this correctly requires some tweaks to our mechanism detection code.

###@###.### 2005-05-19 18:09:58 GMT

Comments
JDK-8242332
14-12-2020

Added KeyGenerator for Hmac (MD5, SHA1, SHA-2 and SHA-3 families of digests) as part of PKCS11 RFE 8242332 "Add SHA3 support to SunPKCS11 provider" https://bugs.openjdk.java.net/browse/JDK-8242332. Will close this one as duplicate.
14-12-2020