1079 # 1080 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name 1081 1082 # 1083 # JCEKS Encrypted Key Serial Filter 1084 # 1085 # This filter, if configured, is used by the JCEKS KeyStore during the 1086 # deserialization of the encrypted Key object stored inside a key entry. 1087 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns 1088 # matches), the filter configured by jdk.serialFilter will be consulted. 1089 # 1090 # If the system property jceks.key.serialFilter is also specified, it supersedes 1091 # the security property value defined here. 1092 # 1093 # The filter pattern uses the same format as jdk.serialFilter. The default 1094 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, 1095 # and javax.crypto.spec.SecretKeySpec and rejects all the others. 1096 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ 1097 java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* 1098 1099 # The iteration count used for password-based encryption (PBE) in JCEKS 1100 # keystores. Values in the range 10000 to 5000000 are considered valid. 1101 # If the value is out of this range, or is not a number, or is unspecified; 1102 # a default of 200000 is used. 1103 # 1104 # If the system property jdk.jceks.iterationCount is also specified, it 1105 # supersedes the security property value defined here. 1106 # 1107 #jdk.jceks.iterationCount = 200000 1108 1109 # 1110 # Disabled mechanisms for the Simple Authentication and Security Layer (SASL) 1111 # 1112 # Disabled mechanisms will not be negotiated by both SASL clients and servers. 1113 # These mechanisms will be ignored if they are specified in the "mechanisms" 1114 # argument of "Sasl.createSaslClient" or the "mechanism" argument of 1115 # "Sasl.createSaslServer". 1116 # 1117 # The value of this property is a comma-separated list of SASL mechanisms. 1118 # The mechanisms are case-sensitive. Whitespaces around the commas are ignored. | 1079 # 1080 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name 1081 1082 # 1083 # JCEKS Encrypted Key Serial Filter 1084 # 1085 # This filter, if configured, is used by the JCEKS KeyStore during the 1086 # deserialization of the encrypted Key object stored inside a key entry. 1087 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns 1088 # matches), the filter configured by jdk.serialFilter will be consulted. 1089 # 1090 # If the system property jceks.key.serialFilter is also specified, it supersedes 1091 # the security property value defined here. 1092 # 1093 # The filter pattern uses the same format as jdk.serialFilter. The default 1094 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, 1095 # and javax.crypto.spec.SecretKeySpec and rejects all the others. 1096 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ 1097 java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* 1098 1099 # 1100 # PKCS12 KeyStore properties 1101 # 1102 # The following properties, if configured, are used by the PKCS12 KeyStore 1103 # implementation during the creation of a new keystore. Several of the 1104 # properties may also be used when modifying an existing keystore. The 1105 # properties can be overridden by a KeyStore API that specifies its own 1106 # algorithms and parameters. 1107 # 1108 # If an existing PKCS12 keystore is loaded and then stored, the algorithm and 1109 # parameter used to generate the existing Mac will be reused. If the existing 1110 # keystore does not have a Mac, no Mac will be created while storing. If there 1111 # is at least one certificate in the existing keystore, the algorithm and 1112 # parameters used to encrypt the last certificate in the existing keystore will 1113 # be reused to encrypt all certificates while storing. If the last certificate 1114 # in the existing keystore is not encrypted, all certificates will be stored 1115 # unencrypted. If there is no certificate in the existing keystore, any newly 1116 # added certificate will be encrypted (or stored unencrypted if algorithm 1117 # value is "NONE") using the "keystore.pkcs12.certProtectionAlgorithm" and 1118 # "keystore.pkcs12.certPbeIterationCount" values defined here. Existing private 1119 # and secret key(s) are not changed. Newly set private and secret key(s) will 1120 # be encrypted using the "keystore.pkcs12.keyProtectionAlgorithm" and 1121 # "keystore.pkcs12.keyPbeIterationCount" values defined here. 1122 # 1123 # In order to apply new algorithms and parameters to all entries in an 1124 # existing keystore, one can create a new keystore and add entries in the 1125 # existing keystore into the new keystore. This can be achieved by calling the 1126 # "keytool -importkeystore" command. 1127 # 1128 # If a system property of the same name is also specified, it supersedes the 1129 # security property value defined here. 1130 # 1131 # If the property is set to an illegal value, 1132 # an iteration count that is not a positive integer, or an unknown algorithm 1133 # name, an exception will be thrown when the property is used. 1134 # If the property is not set or empty, a default value will be used. 1135 # 1136 # Note: These properties are currently used by the JDK Reference implementation. 1137 # They are not guaranteed to be examined and used by other implementations. 1138 1139 # The algorithm used to encrypt a certificate. This can be any non-Hmac PBE 1140 # algorithm defined in the Cipher section of the Java Security Standard 1141 # Algorithm Names Specification. When set to "NONE", the certificate 1142 # is not encrypted. The default value is "PBEWithSHA1AndRC2_40". 1143 #keystore.pkcs12.certProtectionAlgorithm = PBEWithSHA1AndRC2_40 1144 1145 # The iteration count used by the PBE algorithm when encrypting a certificate. 1146 # This value must be a positive integer. The default value is 50000. 1147 #keystore.pkcs12.certPbeIterationCount = 50000 1148 1149 # The algorithm used to encrypt a private key or secret key. This can be 1150 # any non-Hmac PBE algorithm defined in the Cipher section of the Java 1151 # Security Standard Algorithm Names Specification. The value must not be "NONE". 1152 # The default value is "PBEWithSHA1AndDESede". 1153 #keystore.pkcs12.keyProtectionAlgorithm = PBEWithSHA1AndDESede 1154 1155 # The iteration count used by the PBE algorithm when encrypting a private key 1156 # or a secret key. This value must be a positive integer. The default value 1157 # is 50000. 1158 #keystore.pkcs12.keyPbeIterationCount = 50000 1159 1160 # The algorithm used to calculate the optional MacData at the end of a PKCS12 1161 # file. This can be any HmacPBE algorithm defined in the Mac section of the 1162 # Java Security Standard Algorithm Names Specification. When set to "NONE", 1163 # no Mac is generated. The default value is "HmacPBESHA1". 1164 #keystore.pkcs12.macAlgorithm = HmacPBESHA1 1165 1166 # The iteration count used by the MacData algorithm. This value must be a 1167 # positive integer. The default value is 100000. 1168 #keystore.pkcs12.macIterationCount = 100000 1169 1170 # The iteration count used for password-based encryption (PBE) in JCEKS 1171 # keystores. Values in the range 10000 to 5000000 are considered valid. 1172 # If the value is out of this range, or is not a number, or is unspecified; 1173 # a default of 200000 is used. 1174 # 1175 # If the system property jdk.jceks.iterationCount is also specified, it 1176 # supersedes the security property value defined here. 1177 # 1178 #jdk.jceks.iterationCount = 200000 1179 1180 # 1181 # Disabled mechanisms for the Simple Authentication and Security Layer (SASL) 1182 # 1183 # Disabled mechanisms will not be negotiated by both SASL clients and servers. 1184 # These mechanisms will be ignored if they are specified in the "mechanisms" 1185 # argument of "Sasl.createSaslClient" or the "mechanism" argument of 1186 # "Sasl.createSaslServer". 1187 # 1188 # The value of this property is a comma-separated list of SASL mechanisms. 1189 # The mechanisms are case-sensitive. Whitespaces around the commas are ignored. |