< prev index next >

src/java.base/share/conf/security/java.security

Print this page 
rev 13987 : 8051408: NIST SP 800-90A SecureRandom implementations


 103 # Transformations can be specified in their full standard name
 104 # (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC).
 105 # The provider is the name of the provider. Any provider that does not
 106 # also appear in the registered list will be ignored.
 107 #
 108 # Example:
 109 #   jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
 110 #         MessageDigest.SHA-256:SUN
 111 #ifdef solaris-sparc
 112 jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, SHA-224:SUN, \
 113       SHA-256:SUN, SHA-384:SUN, SHA-512:SUN
 114 #endif
 115 #ifdef solaris-x86
 116 jdk.security.provider.preferred=AES:SunJCE, RSA:SunRsaSign
 117 #endif
 118 
 119 
 120 #
 121 # Sun Provider SecureRandom seed source.
 122 #
 123 # Select the primary source of seed data for the "SHA1PRNG" and
 124 # "NativePRNG" SecureRandom implementations in the "Sun" provider.
 125 # (Other SecureRandom implementations might also use this property.)
 126 #
 127 # On Unix-like systems (for example, Solaris/Linux/MacOS), the
 128 # "NativePRNG" and "SHA1PRNG" implementations obtains seed data from
 129 # special device files such as file:/dev/random.
 130 #
 131 # On Windows systems, specifying the URLs "file:/dev/random" or
 132 # "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
 133 # mechanism for SHA1PRNG.
 134 #
 135 # By default, an attempt is made to use the entropy gathering device
 136 # specified by the "securerandom.source" Security property.  If an
 137 # exception occurs while accessing the specified URL:
 138 #
 139 #     SHA1PRNG:
 140 #         the traditional system/thread activity algorithm will be used.
 141 #
 142 #     NativePRNG:
 143 #         a default value of /dev/random will be used.  If neither
 144 #         are available, the implementation will be disabled.
 145 #         "file" is the only currently supported protocol type.
 146 #
 147 # The entropy gathering device can also be specified with the System
 148 # property "java.security.egd". For example:
 149 #
 150 #   % java -Djava.security.egd=file:/dev/random MainClass
 151 #
 152 # Specifying this System property will override the
 153 # "securerandom.source" Security property.
 154 #
 155 # In addition, if "file:/dev/random" or "file:/dev/urandom" is
 156 # specified, the "NativePRNG" implementation will be more preferred than
 157 # SHA1PRNG in the Sun provider.
 158 #
 159 securerandom.source=file:/dev/random
 160 
 161 #
 162 # A list of known strong SecureRandom implementations.
 163 #
 164 # To help guide applications in selecting a suitable strong
 165 # java.security.SecureRandom implementation, Java distributions should
 166 # indicate a list of known strong implementations using the property.
 167 #
 168 # This is a comma-separated list of algorithm and/or algorithm:provider
 169 # entries.
 170 #
 171 #ifdef windows
 172 securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,SHA1PRNG:SUN
 173 #endif
 174 #ifndef windows
 175 securerandom.strongAlgorithms=NativePRNGBlocking:SUN
 176 #endif
 177 
 178 #





















































 179 # Class to instantiate as the javax.security.auth.login.Configuration
 180 # provider.
 181 #
 182 login.configuration.provider=sun.security.provider.ConfigFile
 183 
 184 #
 185 # Default login configuration file
 186 #
 187 #login.config.url.1=file:${user.home}/.java.login.config
 188 
 189 #
 190 # Class to instantiate as the system Policy. This is the name of the class
 191 # that will be used as the Policy object. The system class loader is used to
 192 # locate this class.
 193 #
 194 policy.provider=sun.security.provider.PolicyFile
 195 
 196 # The default is to have a single system-wide policy file,
 197 # and a policy file in the user's home directory.
 198 policy.url.1=file:${java.home}/conf/security/java.policy




 103 # Transformations can be specified in their full standard name
 104 # (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC).
 105 # The provider is the name of the provider. Any provider that does not
 106 # also appear in the registered list will be ignored.
 107 #
 108 # Example:
 109 #   jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
 110 #         MessageDigest.SHA-256:SUN
 111 #ifdef solaris-sparc
 112 jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, SHA-224:SUN, \
 113       SHA-256:SUN, SHA-384:SUN, SHA-512:SUN
 114 #endif
 115 #ifdef solaris-x86
 116 jdk.security.provider.preferred=AES:SunJCE, RSA:SunRsaSign
 117 #endif
 118 
 119 
 120 #
 121 # Sun Provider SecureRandom seed source.
 122 #
 123 # Select the primary source of seed data for the "DRBG", "SHA1PRNG" and
 124 # "NativePRNG" SecureRandom implementations in the "Sun" provider.
 125 # (Other SecureRandom implementations might also use this property.)
 126 #
 127 # On Unix-like systems (for example, Solaris/Linux/MacOS), the
 128 # "NativePRNG", "DRBG", and "SHA1PRNG" implementations obtains seed data from
 129 # special device files such as file:/dev/random.
 130 #
 131 # On Windows systems, specifying the URLs "file:/dev/random" or
 132 # "file:/dev/urandom" will enable the native Microsoft CryptoAPI seeding
 133 # mechanism for DRBG and SHA1PRNG.
 134 #
 135 # By default, an attempt is made to use the entropy gathering device
 136 # specified by the "securerandom.source" Security property.  If an
 137 # exception occurs while accessing the specified URL:
 138 #
 139 #     DRBG and SHA1PRNG:
 140 #         the traditional system/thread activity algorithm will be used.
 141 #
 142 #     NativePRNG:
 143 #         a default value of /dev/random will be used.  If neither
 144 #         are available, the implementation will be disabled.
 145 #         "file" is the only currently supported protocol type.
 146 #
 147 # The entropy gathering device can also be specified with the System
 148 # property "java.security.egd". For example:
 149 #
 150 #   % java -Djava.security.egd=file:/dev/random MainClass
 151 #
 152 # Specifying this System property will override the
 153 # "securerandom.source" Security property.
 154 #
 155 # In addition, if "file:/dev/random" or "file:/dev/urandom" is
 156 # specified, the "NativePRNG" implementation will be more preferred than
 157 # DRBG and SHA1PRNG in the Sun provider.
 158 #
 159 securerandom.source=file:/dev/random
 160 
 161 #
 162 # A list of known strong SecureRandom implementations.
 163 #
 164 # To help guide applications in selecting a suitable strong
 165 # java.security.SecureRandom implementation, Java distributions should
 166 # indicate a list of known strong implementations using the property.
 167 #
 168 # This is a comma-separated list of algorithm and/or algorithm:provider
 169 # entries.
 170 #
 171 #ifdef windows
 172 securerandom.strongAlgorithms=Windows-PRNG:SunMSCAPI,DRBG:SUN
 173 #endif
 174 #ifndef windows
 175 securerandom.strongAlgorithms=NativePRNGBlocking:SUN
 176 #endif
 177 
 178 #
 179 # Sun provider DRBG configuration and default instantiation request.
 180 #
 181 # NIST SP 800-90Ar1 lists several DRBG mechanisms, each can be configured with
 182 # a DRBG algorithm name, and can be instantiated with a security strength,
 183 # prediction resistance support, etc. This property defines the configuration
 184 # and the default instantiation request of "DRBG" SecureRandom implemented in
 185 # the SUN provider. Applications can request different instantiation parameters
 186 # like security strength/capability/personalization strings using
 187 # the getInstance(...,SecureRandomParameters,...) APIs with a
 188 # DrbgParameters.Instantiate object, but
 189 # other settings such as the mechanism and DRBG algorithm names are not
 190 # configurable by any API.
 191 #
 192 # Please note that the SUN implementation of DRBG always supports reseeding.
 193 #
 194 # The value of this property is a slash-separated list of all configurable
 195 # aspects. The aspects can appear in any order but the same aspect can only
 196 # appear at most once. Its BNF-style definition is:
 197 #
 198 #   Value:
 199 #     aspect { "," aspect }
 200 #
 201 #   aspect:
 202 #     mech_name | algorithm_name | strength | capability | df
 203 #
 204 #   mech_name: default "Hash_DRBG"
 205 #     "Hash_DRBG" | "HMAC_DRBG" | "CTR_DRBG"
 206 #
 207 #   algorithm_name: For Hash_DRBG and HMAC_DRBG, default to "SHA-256".
 208 #                   For CTR_DRBG, default to "AES-128" when using the limited
 209 #                   cryptographic policy files, or "AES-256" for unlimited.
 210 #     Any supported MessageDigest or Cipher algorithm name as described
 211 #     in Section 10 of SP 800-90Ar1
 212 #
 213 #   strength: default "128", or "112" if mech_name is CTR_DRBG
 214 #             and algorithm_name is "3 Key TDEA"
 215 #     "112" | "128" | "192" | "256"
 216 #
 217 #   pr: default "none"
 218 #     "pr_and_reseed" | "reseed_only" | "none"
 219 #
 220 #   df: default "use_df", only applicable to CTR_DRBG
 221 #     "use_df" | "no_df"
 222 #
 223 # Examples,
 224 #   drbg=Hash_DRBG,SHA-1,112,none
 225 #   drbg=CTR_DRBG,AES-256,256,pr_and_reseed,use_df
 226 #
 227 # The default value is an empty string, which is equivalent to
 228 #   drbg=Hash_DRBG,SHA-256,128,none
 229 drbg=
 230 
 231 #
 232 # Class to instantiate as the javax.security.auth.login.Configuration
 233 # provider.
 234 #
 235 login.configuration.provider=sun.security.provider.ConfigFile
 236 
 237 #
 238 # Default login configuration file
 239 #
 240 #login.config.url.1=file:${user.home}/.java.login.config
 241 
 242 #
 243 # Class to instantiate as the system Policy. This is the name of the class
 244 # that will be used as the Policy object. The system class loader is used to
 245 # locate this class.
 246 #
 247 policy.provider=sun.security.provider.PolicyFile
 248 
 249 # The default is to have a single system-wide policy file,
 250 # and a policy file in the user's home directory.
 251 policy.url.1=file:${java.home}/conf/security/java.policy
< prev index next >