1. Brian Campbell Avatar Brian Campbell
  2. Untitled project
  3. jose4j
  4. Issues

allow users to specify the security provider

Issue #35 closed
Nikola Kolev created an issue

In my case this is necessary in heterogenous key store environments where I have keys living in an HSM as well as soft keys (living for example in a JKS) used by the same java process. But I am sure one can build a general case for the opportunity to select the security provider for each call into jose4j that results in a crypto operation; if for no other reason but simply because the JCA APIs for getting a Mac, Cipher, etc instance allow for the provider to be explicitly specified.

Comments (5)

  1. Brian Campbell repo owner

    It's something I've thought about a little bit but haven't done any work on (yet anyway). Honestly, I'm a little unsure how to expose security provider selection options in a clean way because jose4j is a higher level abstraction and some calls into it result in more than one crypto operation happening. For example, calling getCompactSerialization() on a JWE with ECDH-ES+A128KW and A128CBC-HS256 will do EC key generation, ECDH key agreement, secure random byte generation, message digest, symmetric cipher, MAC, and symmetric cipher again. And there might be something I've forgotten too.

    I'm not saying it can't be done. Just that there's some things that need to be worked out.

    Any thoughts you have on how you'd expect or want to use it would be welcome.

  2. Brian Campbell repo owner

    KeyAgreement , Cipher (asymmetric and symmetric or maybe mode), Signature, Mac, SecureRandom, MessageDigest

  6. Log in to comment
Assignee
Type
enhancement
Priority
major
Status
closed
Votes
0
Watchers
2
Jira: the preferred issue tracker for Bitbucket. Join the team!