1075 # 1076 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name 1077 1078 # 1079 # JCEKS Encrypted Key Serial Filter 1080 # 1081 # This filter, if configured, is used by the JCEKS KeyStore during the 1082 # deserialization of the encrypted Key object stored inside a key entry. 1083 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns 1084 # matches), the filter configured by jdk.serialFilter will be consulted. 1085 # 1086 # If the system property jceks.key.serialFilter is also specified, it supersedes 1087 # the security property value defined here. 1088 # 1089 # The filter pattern uses the same format as jdk.serialFilter. The default 1090 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, 1091 # and javax.crypto.spec.SecretKeySpec and rejects all the others. 1092 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ 1093 java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* 1094 1095 # The iteration count used for password-based encryption (PBE) in JCEKS 1096 # keystores. Values in the range 10000 to 5000000 are considered valid. 1097 # If the value is out of this range, or is not a number, or is unspecified; 1098 # a default of 200000 is used. 1099 # 1100 # If the system property jdk.jceks.iterationCount is also specified, it 1101 # supersedes the security property value defined here. 1102 # 1103 #jdk.jceks.iterationCount = 200000 1104 1105 # 1106 # Disabled mechanisms for the Simple Authentication and Security Layer (SASL) 1107 # 1108 # Disabled mechanisms will not be negotiated by both SASL clients and servers. 1109 # These mechanisms will be ignored if they are specified in the "mechanisms" 1110 # argument of "Sasl.createSaslClient" or the "mechanism" argument of 1111 # "Sasl.createSaslServer". 1112 # 1113 # The value of this property is a comma-separated list of SASL mechanisms. 1114 # The mechanisms are case-sensitive. Whitespaces around the commas are ignored. | 1075 # 1076 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name 1077 1078 # 1079 # JCEKS Encrypted Key Serial Filter 1080 # 1081 # This filter, if configured, is used by the JCEKS KeyStore during the 1082 # deserialization of the encrypted Key object stored inside a key entry. 1083 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns 1084 # matches), the filter configured by jdk.serialFilter will be consulted. 1085 # 1086 # If the system property jceks.key.serialFilter is also specified, it supersedes 1087 # the security property value defined here. 1088 # 1089 # The filter pattern uses the same format as jdk.serialFilter. The default 1090 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, 1091 # and javax.crypto.spec.SecretKeySpec and rejects all the others. 1092 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ 1093 java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* 1094 1095 # 1096 # PKCS12 KeyStore properties 1097 # 1098 # The following properties, if configured, are used by the PKCS12 KeyStore 1099 # implementation during the creation of a new keystore. Several of the 1100 # properties may also be used when modifying an existing keystore. The 1101 # properties can be overridden by a KeyStore API that specifies its own 1102 # algorithms and parameters. 1103 # 1104 # If an existing PKCS12 keystore is loaded and then stored, the algorithm and 1105 # parameter used to generate the existing Mac will be reused. If the existing 1106 # keystore does not have a Mac, no Mac will be created while storing. If there 1107 # is at least one certificate in the existing keystore, the algorithm and 1108 # parameters used to encrypt the last certificate in the existing keystore will 1109 # be reused to encrypt all certificates while storing. If the last certificate 1110 # in the existing keystore is not encrypted, all certificates will be stored 1111 # unencrypted. If there is no certificate in the existing keystore, any newly 1112 # added certificate will be encrypted (or stored unencrypted if algorithm 1113 # value is "NONE") using the "keystore.pkcs12.certProtectionAlgorithm" and 1114 # "keystore.pkcs12.certPbeIterationCount" values defined here. Existing private 1115 # and secret key(s) are not changed. Newly set private and secret key(s) will 1116 # be encrypted using the "keystore.pkcs12.keyProtectionAlgorithm" and 1117 # "keystore.pkcs12.keyPbeIterationCount" values defined here. 1118 # 1119 # In order to apply new algorithms and parameters to all entries in an 1120 # existing keystore, one can create a new keystore and add entries in the 1121 # existing keystore into the new keystore. This can be achieved by calling the 1122 # "keytool -importkeystore" command. 1123 # 1124 # If a system property of the same name is also specified, it supersedes the 1125 # security property value defined here. 1126 # 1127 # If the property is set to an illegal value, 1128 # an iteration count that is not a positive integer, or an unknown algorithm 1129 # name, an exception will be thrown when the property is used. 1130 # If the property is not set or empty, a default value will be used. 1131 # 1132 # Note: These properties are currently used by the JDK Reference implementation. 1133 # They are not guaranteed to be examined and used by other implementations. 1134 1135 # The algorithm used to encrypt a certificate. This can be any non-Hmac PBE 1136 # algorithm defined in the Cipher section of the Java Security Standard 1137 # Algorithm Names Specification. When set to "NONE", the certificate 1138 # is not encrypted. The default value is "PBEWithSHA1AndRC2_40". 1139 #keystore.pkcs12.certProtectionAlgorithm = PBEWithSHA1AndRC2_40 1140 1141 # The iteration count used by the PBE algorithm when encrypting a certificate. 1142 # This value must be a positive integer. The default value is 50000. 1143 #keystore.pkcs12.certPbeIterationCount = 50000 1144 1145 # The algorithm used to encrypt a private key or secret key. This can be 1146 # any non-Hmac PBE algorithm defined in the Cipher section of the Java 1147 # Security Standard Algorithm Names Specification. The value must not be "NONE". 1148 # The default value is "PBEWithSHA1AndDESede". 1149 #keystore.pkcs12.keyProtectionAlgorithm = PBEWithSHA1AndDESede 1150 1151 # The iteration count used by the PBE algorithm when encrypting a private key 1152 # or a secret key. This value must be a positive integer. The default value 1153 # is 50000. 1154 #keystore.pkcs12.keyPbeIterationCount = 50000 1155 1156 # The algorithm used to calculate the optional MacData at the end of a PKCS12 1157 # file. This can be any HmacPBE algorithm defined in the Mac section of the 1158 # Java Security Standard Algorithm Names Specification. When set to "NONE", 1159 # no Mac is generated. The default value is "HmacPBESHA1". 1160 #keystore.pkcs12.macAlgorithm = HmacPBESHA1 1161 1162 # The iteration count used by the MacData algorithm. This value must be a 1163 # positive integer. The default value is 100000. 1164 #keystore.pkcs12.macIterationCount = 100000 1165 1166 # The iteration count used for password-based encryption (PBE) in JCEKS 1167 # keystores. Values in the range 10000 to 5000000 are considered valid. 1168 # If the value is out of this range, or is not a number, or is unspecified; 1169 # a default of 200000 is used. 1170 # 1171 # If the system property jdk.jceks.iterationCount is also specified, it 1172 # supersedes the security property value defined here. 1173 # 1174 #jdk.jceks.iterationCount = 200000 1175 1176 # 1177 # Disabled mechanisms for the Simple Authentication and Security Layer (SASL) 1178 # 1179 # Disabled mechanisms will not be negotiated by both SASL clients and servers. 1180 # These mechanisms will be ignored if they are specified in the "mechanisms" 1181 # argument of "Sasl.createSaslClient" or the "mechanism" argument of 1182 # "Sasl.createSaslServer". 1183 # 1184 # The value of this property is a comma-separated list of SASL mechanisms. 1185 # The mechanisms are case-sensitive. Whitespaces around the commas are ignored. |