java.security-windows revision 0
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# This is the "master security properties file".
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# In this file, various security properties are set for use by
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# java.security classes. This is where users can statically register
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# Cryptography Package Providers ("providers" for short). The term
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# "provider" refers to a package or set of packages that supply a
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# concrete implementation of a subset of the cryptography aspects of
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# the Java Security API. A provider may, for example, implement one or
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# more digital signature algorithms or message digest algorithms.
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# Each provider must implement a subclass of the Provider class.
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# To register a provider in this master security properties file,
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# specify the Provider subclass name and priority in the format
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# This declares a provider, and specifies its preference
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# order n. The preference order is the order in which providers are
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# searched for requested algorithms (when no specific provider is
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# requested). The order is 1-based; 1 is the most preferred, followed
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# by 2, and so on.
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# <className> must specify the subclass of the Provider class whose
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# constructor sets the values of various properties that are required
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# for the Java Security API to look up the algorithms or other
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# facilities implemented by the provider.
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# There must be at least one provider specification in java.security.
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# There is a default provider that comes standard with the JDK. It
f2fd1e141349fb083bda610ac06557010f0395e4Phill Cunnington# is called the "SUN" provider, and its Provider subclass
f2fd1e141349fb083bda610ac06557010f0395e4Phill Cunnington# named Sun appears in the sun.security.provider package. Thus, the
f2fd1e141349fb083bda610ac06557010f0395e4Phill Cunnington# "SUN" provider is registered via the following:
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# (The number 1 is used for the default provider.)
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# Note: Providers can be dynamically registered instead by calls to
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# either the addProvider or insertProviderAt method in the Security
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Madden# List of providers and their preference orders (see above):
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Maddensecurity.provider.3=com.sun.net.ssl.internal.ssl.Provider
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Maddensecurity.provider.4=com.sun.crypto.provider.SunJCE
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Maddensecurity.provider.5=sun.security.jgss.SunProvider
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Maddensecurity.provider.6=com.sun.security.sasl.Provider
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Maddensecurity.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Maddensecurity.provider.8=sun.security.smartcardio.SunPCSC
16d0ef277ee8c0b63a22677bbcf87a53bdd62e65Neil Maddensecurity.provider.9=sun.security.mscapi.SunMSCAPI
f0b8f6dd844f8752946b865bdd44175863b15812Peter Major# Select the source of seed data for SecureRandom. By default an
# the securerandom.source property. If an exception occurs when
# accessing the URL then the traditional system/thread activity
# On Solaris and Linux systems, if file:/dev/urandom is specified and it
# This "NativePRNG" reads random bytes directly from /dev/urandom.
# be specified with the system property "java.security.egd". For example,
# Specifying this system property will override the securerandom.source
# Class to instantiate as the javax.security.auth.login.Configuration
# with -Djava.security.policy=somefile. Comment out this line to disable
keystore.type=jks
package.access=sun.
# or overridden on the command line via -Djava.security.properties
# the javax.net.ssl package.
ssl.KeyManagerFactory.algorithm=SunX509
# ocsp.enable=true
# then both the "ocsp.responderCertIssuerName" and
# "ocsp.responderCertSerialNumber" properties must be used instead. When this
# ocsp.responderCertSubjectName="CN=OCSP Responder, O=XYZ Corp"
# property is set then the "ocsp.responderCertSerialNumber" property must also
# be set. When the "ocsp.responderCertSubjectName" property is set then this
# ocsp.responderCertIssuerName="CN=Enterprise CA, O=XYZ Corp"
# validation. When this property is set then the "ocsp.responderCertIssuerName"
# property must also be set. When the "ocsp.responderCertSubjectName" property
# ocsp.responderCertSerialNumber=2A:FF:00