Arshad Noor wrote: > Given that the Fedora community is embarking on an effort > to consolidate crypto keystores and libraries, it would > make sense to take the needs of the Java community also > into consideration in the design and implementation. > [...] > What would be ideal is for JSS to evolve into becoming > just another pluggable JCE Provider and hide the access > to the consolidated Fedora crypto keystore/library > behind that interface. You will then be doing two > communities a great service.
I don't believe this is the best option. Since java 1.5, there is a pkcs#11 base JCE included by default in the SUN JVM. It works with NSS, if you configure correctly some compatibility options : http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS So the best choice would be to rely on that instead, and see if it's possible to have the sun java rpm package preconfigured correctly to use it and to make it the default JCE. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
