1081 # 1082 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name 1083 1084 # 1085 # JCEKS Encrypted Key Serial Filter 1086 # 1087 # This filter, if configured, is used by the JCEKS KeyStore during the 1088 # deserialization of the encrypted Key object stored inside a key entry. 1089 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns 1090 # matches), the filter configured by jdk.serialFilter will be consulted. 1091 # 1092 # If the system property jceks.key.serialFilter is also specified, it supersedes 1093 # the security property value defined here. 1094 # 1095 # The filter pattern uses the same format as jdk.serialFilter. The default 1096 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, 1097 # and javax.crypto.spec.SecretKeySpec and rejects all the others. 1098 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ 1099 java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* 1100 1101 # The iteration count used for password-based encryption (PBE) in JCEKS 1102 # keystores. Values in the range 10000 to 5000000 are considered valid. 1103 # If the value is out of this range, or is not a number, or is unspecified; 1104 # a default of 200000 is used. 1105 # 1106 # If the system property jdk.jceks.iterationCount is also specified, it 1107 # supersedes the security property value defined here. 1108 # 1109 #jdk.jceks.iterationCount = 200000 1110 1111 # 1112 # Disabled mechanisms for the Simple Authentication and Security Layer (SASL) 1113 # 1114 # Disabled mechanisms will not be negotiated by both SASL clients and servers. 1115 # These mechanisms will be ignored if they are specified in the "mechanisms" 1116 # argument of "Sasl.createSaslClient" or the "mechanism" argument of 1117 # "Sasl.createSaslServer". 1118 # 1119 # The value of this property is a comma-separated list of SASL mechanisms. 1120 # The mechanisms are case-sensitive. Whitespaces around the commas are ignored. | 1081 # 1082 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name 1083 1084 # 1085 # JCEKS Encrypted Key Serial Filter 1086 # 1087 # This filter, if configured, is used by the JCEKS KeyStore during the 1088 # deserialization of the encrypted Key object stored inside a key entry. 1089 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns 1090 # matches), the filter configured by jdk.serialFilter will be consulted. 1091 # 1092 # If the system property jceks.key.serialFilter is also specified, it supersedes 1093 # the security property value defined here. 1094 # 1095 # The filter pattern uses the same format as jdk.serialFilter. The default 1096 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, 1097 # and javax.crypto.spec.SecretKeySpec and rejects all the others. 1098 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ 1099 java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* 1100 1101 # 1102 # PKCS12 KeyStore properties 1103 # 1104 # The following properties, if configured, are used by the PKCS12 KeyStore 1105 # implementation during the creation of a new keystore. Several of the 1106 # properties may also be used when modifying an existing keystore. The 1107 # properties can be overridden by a KeyStore API that specifies its own 1108 # algorithms and parameters. 1109 # 1110 # If an existing PKCS12 keystore is loaded and then stored, the algorithm and 1111 # parameter used to generate the existing Mac will be reused. If the existing 1112 # keystore does not have a Mac, no Mac will be created while storing. If there 1113 # is at least one certificate in the existing keystore, the algorithm and 1114 # parameters used to encrypt the last certificate in the existing keystore will 1115 # be reused to encrypt all certificates while storing. If the last certificate 1116 # in the existing keystore is not encrypted, all certificates will be stored 1117 # unencrypted. If there is no certificate in the existing keystore, any newly 1118 # added certificate will be encrypted (or stored unencrypted if algorithm 1119 # value is "NONE") using the "keystore.pkcs12.certProtectionAlgorithm" and 1120 # "keystore.pkcs12.certPbeIterationCount" values defined here. Existing private 1121 # and secret key(s) are not changed. Newly set private and secret key(s) will 1122 # be encrypted using the "keystore.pkcs12.keyProtectionAlgorithm" and 1123 # "keystore.pkcs12.keyPbeIterationCount" values defined here. 1124 # 1125 # In order to apply new algorithms and parameters to all entries in an 1126 # existing keystore, one can create a new keystore and add entries in the 1127 # existing keystore into the new keystore. This can be achieved by calling the 1128 # "keytool -importkeystore" command. 1129 # 1130 # If a system property of the same name is also specified, it supersedes the 1131 # security property value defined here. 1132 # 1133 # If the property is set to an illegal value, 1134 # an iteration count that is not a positive integer, or an unknown algorithm 1135 # name, an exception will be thrown when the property is used. 1136 # If the property is not set or empty, a default value will be used. 1137 # 1138 # Note: These properties are currently used by the JDK Reference implementation. 1139 # They are not guaranteed to be examined and used by other implementations. 1140 1141 # The algorithm used to encrypt a certificate. This can be any non-Hmac PBE 1142 # algorithm defined in the Cipher section of the Java Security Standard 1143 # Algorithm Names Specification. When set to "NONE", the certificate 1144 # is not encrypted. The default value is "PBEWithSHA1AndRC2_40". 1145 #keystore.pkcs12.certProtectionAlgorithm = PBEWithSHA1AndRC2_40 1146 1147 # The iteration count used by the PBE algorithm when encrypting a certificate. 1148 # This value must be a positive integer. The default value is 50000. 1149 #keystore.pkcs12.certPbeIterationCount = 50000 1150 1151 # The algorithm used to encrypt a private key or secret key. This can be 1152 # any non-Hmac PBE algorithm defined in the Cipher section of the Java 1153 # Security Standard Algorithm Names Specification. The value must not be "NONE". 1154 # The default value is "PBEWithSHA1AndDESede". 1155 #keystore.pkcs12.keyProtectionAlgorithm = PBEWithSHA1AndDESede 1156 1157 # The iteration count used by the PBE algorithm when encrypting a private key 1158 # or a secret key. This value must be a positive integer. The default value 1159 # is 50000. 1160 #keystore.pkcs12.keyPbeIterationCount = 50000 1161 1162 # The algorithm used to calculate the optional MacData at the end of a PKCS12 1163 # file. This can be any HmacPBE algorithm defined in the Mac section of the 1164 # Java Security Standard Algorithm Names Specification. When set to "NONE", 1165 # no Mac is generated. The default value is "HmacPBESHA1". 1166 #keystore.pkcs12.macAlgorithm = HmacPBESHA1 1167 1168 # The iteration count used by the MacData algorithm. This value must be a 1169 # positive integer. The default value is 100000. 1170 #keystore.pkcs12.macIterationCount = 100000 1171 1172 # The iteration count used for password-based encryption (PBE) in JCEKS 1173 # keystores. Values in the range 10000 to 5000000 are considered valid. 1174 # If the value is out of this range, or is not a number, or is unspecified; 1175 # a default of 200000 is used. 1176 # 1177 # If the system property jdk.jceks.iterationCount is also specified, it 1178 # supersedes the security property value defined here. 1179 # 1180 #jdk.jceks.iterationCount = 200000 1181 1182 # 1183 # Disabled mechanisms for the Simple Authentication and Security Layer (SASL) 1184 # 1185 # Disabled mechanisms will not be negotiated by both SASL clients and servers. 1186 # These mechanisms will be ignored if they are specified in the "mechanisms" 1187 # argument of "Sasl.createSaslClient" or the "mechanism" argument of 1188 # "Sasl.createSaslServer". 1189 # 1190 # The value of this property is a comma-separated list of SASL mechanisms. 1191 # The mechanisms are case-sensitive. Whitespaces around the commas are ignored. |