T2 HW crypto and Java

As stated in an earlier entry, when running on an UltraSPARC T2 processor, applications using the Java cryptographic extensions (JCE) should (when applicable) automatically leverage the on-chip cryptographic accelerators.

Following a recent conversation with a Java Guru, you should check the following, if you experience problems:

Java on Solaris automatically sets SunPKCS11-Solaris (which calls into
the Solaris Crypto Framework) as the default security provider, so you
need to do nothing.

This begins from some version of J2SE 5.0. You can go look at the
${java.home}/lib/security/java.security file. There should be one line
look like:

security.provider.1=sun.security.pkcs11.SunPKCS11
${java.home}/lib/security/sunpkcs11-solaris.cfg




Interesting article on using AES from Java can be found here

Posted on: May 08, 2008

Posted by: sprack

Category: Crypto

Permanent link to this entry

Comments:

It would be worth noting that, under heavy fork load, that the PKCS11 provider can cause issues and might need disabling; this hit us hard and took quite some time to track down. Bug 6468316 (http://bugs.opensolaris.org/view_bug.do?bug_id=6468316) refers.

Posted by Ceri Davies on May 14, 2008 at 01:42 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2008 by sprack