103 # Transformations can be specified in their full standard name
104 # (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC).
105 # The provider is the name of the provider. Any provider that does not
106 # also appear in the registered list will be ignored.
107 #
108 # Example:
109 # jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
110 # MessageDigest.SHA-256:SUN
111 #ifdef solaris-sparc
112 jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, SHA-224:SUN, \
113 SHA-256:SUN, SHA-384:SUN, SHA-512:SUN
114 #endif
115 #ifdef solaris-x86
116 jdk.security.provider.preferred=AES:SunJCE, RSA:SunRsaSign
117 #endif
118
119
120 #
121 # Sun Provider SecureRandom seed source.
122 #
123 # Select the primary source of seed data for the "SHA1PRNG" and
124 # "NativePRNG" SecureRandom implementations in the "Sun" provider.
125 # (Other SecureRandom implementations might also use this property.)
126 #
127 # On Unix-like systems (for example, Solaris/Linux/MacOS), the
128 # "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
129 # special device files such as file:/dev/random.
130 #
131 # On Windows systems, specifying the URLs "file:/dev/random" or
132 # "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
133 # mechanism for SHA1PRNG.
134 #
135 # By default, an attempt is made to use the entropy gathering device
136 # specified by the "securerandom.source" Security property. If an
137 # exception occurs while accessing the specified URL:
138 #
139 # SHA1PRNG:
140 # the traditional system/thread activity algorithm will be used.
141 #
142 # NativePRNG:
143 # a default value of /dev/random will be used. If neither
144 # are available, the implementation will be disabled.
145 # "file" is the only currently supported protocol type.
146 #
147 # The entropy gathering device can also be specified with the System
148 # property "java.security.egd". For example:
149 #
150 # % java -Djava.security.egd=file:/dev/random MainClass
151 #
152 # Specifying this System property will override the
153 # "securerandom.source" Security property.
154 #
155 # In addition, if "file:/dev/random" or "file:/dev/urandom" is
156 # specified, the "NativePRNG" implementation will be more preferred than
157 # SHA1PRNG in the Sun provider.
158 #
159 securerandom.source=file:/dev/random
160
161 #
162 # A list of known strong SecureRandom implementations.
163 #
164 # To help guide applications in selecting a suitable strong
165 # java.security.SecureRandom implementation, Java distributions should
166 # indicate a list of known strong implementations using the property.
167 #
168 # This is a comma-separated list of algorithm and/or algorithm:provider
169 # entries.
170 #
171 #ifdef windows
172 securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,SHA1PRNG:SUN
173 #endif
174 #ifndef windows
175 securerandom.strongAlgorithms=NativePRNGBlocking:SUN
176 #endif
177
178 #
179 # Class to instantiate as the javax.security.auth.login.Configuration
180 # provider.
181 #
182 login.configuration.provider=sun.security.provider.ConfigFile
183
184 #
185 # Default login configuration file
186 #
187 #login.config.url.1=file:${user.home}/.java.login.config
188
189 #
190 # Class to instantiate as the system Policy. This is the name of the class
191 # that will be used as the Policy object. The system class loader is used to
192 # locate this class.
193 #
194 policy.provider=sun.security.provider.PolicyFile
195
196 # The default is to have a single system-wide policy file,
197 # and a policy file in the user's home directory.
198 policy.url.1=file:${java.home}/conf/security/java.policy
|
103 # Transformations can be specified in their full standard name
104 # (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC).
105 # The provider is the name of the provider. Any provider that does not
106 # also appear in the registered list will be ignored.
107 #
108 # Example:
109 # jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
110 # MessageDigest.SHA-256:SUN
111 #ifdef solaris-sparc
112 jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, SHA-224:SUN, \
113 SHA-256:SUN, SHA-384:SUN, SHA-512:SUN
114 #endif
115 #ifdef solaris-x86
116 jdk.security.provider.preferred=AES:SunJCE, RSA:SunRsaSign
117 #endif
118
119
120 #
121 # Sun Provider SecureRandom seed source.
122 #
123 # Select the primary source of seed data for the "DRBG", "SHA1PRNG" and
124 # "NativePRNG" SecureRandom implementations in the "Sun" provider.
125 # (Other SecureRandom implementations might also use this property.)
126 #
127 # On Unix-like systems (for example, Solaris/Linux/MacOS), the
128 # "NativePRNG", "DRBG", and "SHA1PRNG" implementations obtains seed data from
129 # special device files such as file:/dev/random.
130 #
131 # On Windows systems, specifying the URLs "file:/dev/random" or
132 # "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
133 # mechanism for DRBG and SHA1PRNG.
134 #
135 # By default, an attempt is made to use the entropy gathering device
136 # specified by the "securerandom.source" Security property. If an
137 # exception occurs while accessing the specified URL:
138 #
139 # DRBG and SHA1PRNG:
140 # the traditional system/thread activity algorithm will be used.
141 #
142 # NativePRNG:
143 # a default value of /dev/random will be used. If neither
144 # are available, the implementation will be disabled.
145 # "file" is the only currently supported protocol type.
146 #
147 # The entropy gathering device can also be specified with the System
148 # property "java.security.egd". For example:
149 #
150 # % java -Djava.security.egd=file:/dev/random MainClass
151 #
152 # Specifying this System property will override the
153 # "securerandom.source" Security property.
154 #
155 # In addition, if "file:/dev/random" or "file:/dev/urandom" is
156 # specified, the "NativePRNG" implementation will be more preferred than
157 # DRBG and SHA1PRNG in the Sun provider.
158 #
159 securerandom.source=file:/dev/random
160
161 #
162 # A list of known strong SecureRandom implementations.
163 #
164 # To help guide applications in selecting a suitable strong
165 # java.security.SecureRandom implementation, Java distributions should
166 # indicate a list of known strong implementations using the property.
167 #
168 # This is a comma-separated list of algorithm and/or algorithm:provider
169 # entries.
170 #
171 #ifdef windows
172 securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,DRBG:SUN
173 #endif
174 #ifndef windows
175 securerandom.strongAlgorithms=NativePRNGBlocking:SUN
176 #endif
177
178 #
179 # Sun provider DRBG configuration and default instantiation request.
180 #
181 # NIST SP 800-90Ar1 lists several DRBG mechanisms, each can be configured with
182 # a DRBG algorithm name, and can be instantiated with a security strength,
183 # prediction resistance support, etc. This property defines the configuration
184 # and the default instantiation request of "DRBG" SecureRandom implemented in
185 # the SUN provider. Applications can request different instantiation parameters
186 # like security strength/capability/personalization strings using
187 # the getInstance(...,SecureRandomParameters,...) APIs with a
188 # DrbgParameters.Instantiate object, but
189 # other settings such as the mechanism and DRBG algorithm names are not
190 # configurable by any API.
191 #
192 # Please note that the SUN implementation of DRBG always supports reseeding.
193 #
194 # The value of this property is a slash-separated list of all configurable
195 # aspects. The aspects can appear in any order but the same aspect can only
196 # appear at most once. Its BNF-style definition is:
197 #
198 # Value:
199 # aspect { "," aspect }
200 #
201 # aspect:
202 # mech_name | algorithm_name | strength | capability | df
203 #
204 # mech_name: default "Hash_DRBG"
205 # "Hash_DRBG" | "HMAC_DRBG" | "CTR_DRBG"
206 #
207 # algorithm_name: For Hash_DRBG and HMAC_DRBG, default to "SHA-256".
208 # For CTR_DRBG, default to "AES-128" when using the limited
209 # cryptographic policy files, or "AES-256" for unlimited.
210 # Any supported MessageDigest or Cipher algorithm name as described
211 # in Section 10 of SP 800-90Ar1
212 #
213 # strength: default "128", or "112" if mech_name is CTR_DRBG
214 # and algorithm_name is "3 Key TDEA"
215 # "112" | "128" | "192" | "256"
216 #
217 # pr: default "none"
218 # "pr_and_reseed" | "reseed_only" | "none"
219 #
220 # df: default "use_df", only applicable to CTR_DRBG
221 # "use_df" | "no_df"
222 #
223 # Examples,
224 # drbg=Hash_DRBG,SHA-1,112,none
225 # drbg=CTR_DRBG,AES-256,256,pr_and_reseed,use_df
226 #
227 # The default value is an empty string, which is equivalent to
228 # drbg=Hash_DRBG,SHA-256,128,none
229 drbg=
230
231 #
232 # Class to instantiate as the javax.security.auth.login.Configuration
233 # provider.
234 #
235 login.configuration.provider=sun.security.provider.ConfigFile
236
237 #
238 # Default login configuration file
239 #
240 #login.config.url.1=file:${user.home}/.java.login.config
241
242 #
243 # Class to instantiate as the system Policy. This is the name of the class
244 # that will be used as the Policy object. The system class loader is used to
245 # locate this class.
246 #
247 policy.provider=sun.security.provider.PolicyFile
248
249 # The default is to have a single system-wide policy file,
250 # and a policy file in the user's home directory.
251 policy.url.1=file:${java.home}/conf/security/java.policy
|