allow users to specify the security provider
Issue #35
closed
In my case this is necessary in heterogenous key store environments where I have keys living in an HSM as well as soft keys (living for example in a JKS) used by the same java process. But I am sure one can build a general case for the opportunity to select the security provider for each call into jose4j that results in a crypto operation; if for no other reason but simply because the JCA APIs for getting a Mac, Cipher, etc instance allow for the provider to be explicitly specified.
Comments (5)
-
repo owner -
repo owner KeyAgreement , Cipher (asymmetric and symmetric or maybe mode), Signature, Mac, SecureRandom, MessageDigest
-
repo owner -
assigned issue to
working on this one... it's not small
-
assigned issue to
-
repo owner - changed status to resolved
done with 4360fa8
-
repo owner - changed status to closed
released with v 0.5.0
- Log in to comment
It's something I've thought about a little bit but haven't done any work on (yet anyway). Honestly, I'm a little unsure how to expose security provider selection options in a clean way because jose4j is a higher level abstraction and some calls into it result in more than one crypto operation happening. For example, calling
getCompactSerialization()
on a JWE with ECDH-ES+A128KW and A128CBC-HS256 will do EC key generation, ECDH key agreement, secure random byte generation, message digest, symmetric cipher, MAC, and symmetric cipher again. And there might be something I've forgotten too.I'm not saying it can't be done. Just that there's some things that need to be worked out.
Any thoughts you have on how you'd expect or want to use it would be welcome.