Building sunpkcs11.jar

Deneau, Tom tom.deneau at
Fri May 25 22:13:30 UTC 2012

Valerie --

I don't believe we have a JCE code signing keypair (where would we have gotten one?)

Is there any test flag that tells the Oracle 7u4 jre to not require a signed crypto provider

-- Tom

-----Original Message-----
From: Valerie (Yu-Ching) Peng [mailto:valerie.peng at] 
Sent: Friday, May 25, 2012 12:11 PM
To: Deneau, Tom
Cc: build-dev at
Subject: Re: Building sunpkcs11.jar

The provider built from OpenJDK workspace is unsigned.
It can't be used with Oracle 7u4 JRE which require crypto provider to be 
signed for export/import conformance.

If Your company has a JCE code signing keypair, you can sign the 
provider built using OpenJDK with that keypair and then use it w/ Oracle 
7u4 JRE.

On 05/23/12 08:54, Deneau, Tom wrote:
> I want to be able to modify and rebuild lib/ext/sunpkcs11.jar.
> When I do a "make all; make images" everything completes successfully.
> With javap, I can see my modified class in the build/linux-amd64/j2sdk-image/jre/lib/ext
> When I use this built ext directory as a replacement of the Oracle 7U4 JRE, and run some code that does
> 	  KeyGenerator gen = KeyGenerator.getInstance("AES");
> I get
>        Test1, AES KeyGenerator not available
> 	at javax.crypto.KeyGenerator.<init>(
> 	at javax.crypto.KeyGenerator.getInstance(
> This code runs successfully with the regular Oracle 7U4 JRE.
> Am I missing something in the build process?
> -- Tom Deneau

More information about the build-dev mailing list