1077 # 1078 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name 1079 1080 # 1081 # JCEKS Encrypted Key Serial Filter 1082 # 1083 # This filter, if configured, is used by the JCEKS KeyStore during the 1084 # deserialization of the encrypted Key object stored inside a key entry. 1085 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns 1086 # matches), the filter configured by jdk.serialFilter will be consulted. 1087 # 1088 # If the system property jceks.key.serialFilter is also specified, it supersedes 1089 # the security property value defined here. 1090 # 1091 # The filter pattern uses the same format as jdk.serialFilter. The default 1092 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, 1093 # and javax.crypto.spec.SecretKeySpec and rejects all the others. 1094 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ 1095 java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* 1096 1097 # The iteration count used for password-based encryption (PBE) in JCEKS 1098 # keystores. Values in the range 10000 to 5000000 are considered valid. 1099 # If the value is out of this range, or is not a number, or is unspecified; 1100 # a default of 200000 is used. 1101 # 1102 # If the system property jdk.jceks.iterationCount is also specified, it 1103 # supersedes the security property value defined here. 1104 # 1105 #jdk.jceks.iterationCount = 200000 1106 1107 # 1108 # Disabled mechanisms for the Simple Authentication and Security Layer (SASL) 1109 # 1110 # Disabled mechanisms will not be negotiated by both SASL clients and servers. 1111 # These mechanisms will be ignored if they are specified in the "mechanisms" 1112 # argument of "Sasl.createSaslClient" or the "mechanism" argument of 1113 # "Sasl.createSaslServer". 1114 # 1115 # The value of this property is a comma-separated list of SASL mechanisms. 1116 # The mechanisms are case-sensitive. Whitespaces around the commas are ignored. | 1077 # 1078 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name 1079 1080 # 1081 # JCEKS Encrypted Key Serial Filter 1082 # 1083 # This filter, if configured, is used by the JCEKS KeyStore during the 1084 # deserialization of the encrypted Key object stored inside a key entry. 1085 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns 1086 # matches), the filter configured by jdk.serialFilter will be consulted. 1087 # 1088 # If the system property jceks.key.serialFilter is also specified, it supersedes 1089 # the security property value defined here. 1090 # 1091 # The filter pattern uses the same format as jdk.serialFilter. The default 1092 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, 1093 # and javax.crypto.spec.SecretKeySpec and rejects all the others. 1094 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\ 1095 java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!* 1096 1097 # 1098 # PKCS12 KeyStore properties 1099 # 1100 # The following properties, if configured, are used by the PKCS12 KeyStore 1101 # implementation during the creation of a new keystore. Several of the 1102 # properties may also be used when modifying an existing keystore. The 1103 # properties can be overridden by a KeyStore API that specifies its own 1104 # algorithms and parameters. 1105 # 1106 # If an existing PKCS12 keystore is loaded and then stored, the algorithm and 1107 # parameter used to generate the existing Mac will be reused. If the existing 1108 # keystore does not have a Mac, no Mac will be created while storing. If there 1109 # is at least one certificate in the existing keystore, the algorithm and 1110 # parameters used to encrypt the last certificate in the existing keystore will 1111 # be reused to encrypt all certificates while storing. If the last certificate 1112 # in the existing keystore is not encrypted, all certificates will be stored 1113 # unencrypted. If there is no certificate in the existing keystore, any newly 1114 # added certificate will be encrypted (or stored unencrypted if algorithm 1115 # value is "NONE") using the "keystore.pkcs12.certProtectionAlgorithm" and 1116 # "keystore.pkcs12.certPbeIterationCount" values defined here. Existing private 1117 # and secret key(s) are not changed. Newly set private and secret key(s) will 1118 # be encrypted using the "keystore.pkcs12.keyProtectionAlgorithm" and 1119 # "keystore.pkcs12.keyPbeIterationCount" values defined here. 1120 # 1121 # In order to apply new algorithms and parameters to all entries in an 1122 # existing keystore, one can create a new keystore and add entries in the 1123 # existing keystore into the new keystore. This can be achieved by calling the 1124 # "keytool -importkeystore" command. 1125 # 1126 # If a system property of the same name is also specified, it supersedes the 1127 # security property value defined here. 1128 # 1129 # If the property is set to an illegal value, 1130 # an iteration count that is not a positive integer, or an unknown algorithm 1131 # name, an exception will be thrown when the property is used. 1132 # If the property is not set or empty, a default value will be used. 1133 # 1134 # Note: These properties are currently used by the JDK Reference implementation. 1135 # They are not guaranteed to be examined and used by other implementations. 1136 1137 # The algorithm used to encrypt a certificate. This can be any non-Hmac PBE 1138 # algorithm defined in the Cipher section of the Java Security Standard 1139 # Algorithm Names Specification. When set to "NONE", the certificate 1140 # is not encrypted. The default value is "PBEWithSHA1AndRC2_40". 1141 #keystore.pkcs12.certProtectionAlgorithm = PBEWithSHA1AndRC2_40 1142 1143 # The iteration count used by the PBE algorithm when encrypting a certificate. 1144 # This value must be a positive integer. The default value is 50000. 1145 #keystore.pkcs12.certPbeIterationCount = 50000 1146 1147 # The algorithm used to encrypt a private key or secret key. This can be 1148 # any non-Hmac PBE algorithm defined in the Cipher section of the Java 1149 # Security Standard Algorithm Names Specification. The value must not be "NONE". 1150 # The default value is "PBEWithSHA1AndDESede". 1151 #keystore.pkcs12.keyProtectionAlgorithm = PBEWithSHA1AndDESede 1152 1153 # The iteration count used by the PBE algorithm when encrypting a private key 1154 # or a secret key. This value must be a positive integer. The default value 1155 # is 50000. 1156 #keystore.pkcs12.keyPbeIterationCount = 50000 1157 1158 # The algorithm used to calculate the optional MacData at the end of a PKCS12 1159 # file. This can be any HmacPBE algorithm defined in the Mac section of the 1160 # Java Security Standard Algorithm Names Specification. When set to "NONE", 1161 # no Mac is generated. The default value is "HmacPBESHA1". 1162 #keystore.pkcs12.macAlgorithm = HmacPBESHA1 1163 1164 # The iteration count used by the MacData algorithm. This value must be a 1165 # positive integer. The default value is 100000. 1166 #keystore.pkcs12.macIterationCount = 100000 1167 1168 # The iteration count used for password-based encryption (PBE) in JCEKS 1169 # keystores. Values in the range 10000 to 5000000 are considered valid. 1170 # If the value is out of this range, or is not a number, or is unspecified; 1171 # a default of 200000 is used. 1172 # 1173 # If the system property jdk.jceks.iterationCount is also specified, it 1174 # supersedes the security property value defined here. 1175 # 1176 #jdk.jceks.iterationCount = 200000 1177 1178 # 1179 # Disabled mechanisms for the Simple Authentication and Security Layer (SASL) 1180 # 1181 # Disabled mechanisms will not be negotiated by both SASL clients and servers. 1182 # These mechanisms will be ignored if they are specified in the "mechanisms" 1183 # argument of "Sasl.createSaslClient" or the "mechanism" argument of 1184 # "Sasl.createSaslServer". 1185 # 1186 # The value of this property is a comma-separated list of SASL mechanisms. 1187 # The mechanisms are case-sensitive. Whitespaces around the commas are ignored. |