java-17-openjdk/nss.fips.cfg.in at 92f9e6d8e30cce2d96af267b7579b4ab851eda0a - java-17-openjdk - Fedora RISC-V Package Sources

rpms/java-17-openjdk

Francisco Ferrari Bihurriet 92f9e6d8e3 RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode

Use SunPKCS11 Attributes Configuration to set CKA_SIGN=true on SecretKey generate/import operations in FIPS mode, see:
https://docs.oracle.com/en/java/javase/17/security/pkcs11-reference-guide1.html#GUID-C4ABFACB-B2C9-4E71-A313-79F881488BB9__PKCS11-ATTRIBUTES-CONFIGURATION

2022-06-30 14:22:25 -03:00

9 lines

197 B

INI

Raw Blame History

 name = NSS-FIPS
 nssLibraryDirectory = @NSS_LIBDIR@
 nssSecmodDirectory = sql:/etc/pki/nssdb
 nssDbMode = readOnly
 nssModule = fips
 attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }