Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: rhel-9.0.0
Component/s: java-11-openjdk
Labels:
- MigratedToJIRA
- Triaged

Reset contact to default:

Watchers
Bugzilla Bug:
RHBZ: 2029658

Pool Team:

sst_java

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Docs Impact:
Unspecified

Release Note Type:
If docs needed, set a value

Architecture:

Unspecified

SFDC Cases Counter:
SFDC Cases Links:

Description

This bug was initially created as a copy of Bug #2023467

I am copying this bug because:

RHEL 9 needs to be kept in sync.

In the context of RH1991003, we implemented an enhancement to import plain secret and private keys (i.e.: obtained from a file-based keystore) into the NSS Software token in FIPS mode. The goal now is to enable the reverse operation: export keys in plain from the NSS Software Token while in FIPS mode.

The scope will be initially constrained to keys of CKO_SECRET_KEY class, as this is what we require for TLS 1.3 key-derivation in FIPS mode (see RH2020290). In the future, we might extend the exporter functionality to support keys of CKO_PRIVATE_KEY class.

In the same way that for the importer functionality, the exporter can be disabled by means of the 'com.redhat.fips.plainKeySupport' system property: -Dcom.redhat.fips.plainKeySupport=false. Default behavior is enabled.

As part of this work, we aim to implement several code, debugging and reliability improvements to the FIPS Key Importer.

Attachments

Issue Links

blocks

RHEL-3428 Support TLS 1.3 in FIPS mode [rhel-9, openjdk-11]

Planning

external trackers

Github rh-openjdk/jdk11u/pull/6

PnT-DevOps Jira RHELPLAN-104926

Red Hat Issue Tracker RHELPLAN-104926

Activity

People

Assignee:: Francisco Ferrari Bihurriet

Reporter:: Andrew Hughes

QA Contact:: java-qa

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2023/09/12 10:08 PM

Updated:: 2023/09/12 10:13 PM