[keycloak-dev] Protecting/encrypting realm keys
Nagaraj,Vikas
Vikas.Nagaraj at safenet-inc.com
Tue Feb 9 12:56:09 EST 2016
Hi John,
The SafeNet HSM has Java bindings via the JCE interface, as does Thales. I know less about HSMs from other vendors, but I believe most of them support Java via the Pkcs11Provider.
--vikas
-----Original Message-----
From: John Dennis [mailto:jdennis at redhat.com]
Sent: February-09-16 9:41 AM
To: stian at redhat.com; Nagaraj,Vikas
Cc: keycloak-dev at lists.jboss.org
Subject: Re: [keycloak-dev] Protecting/encrypting realm keys
There are C libraries to support HSM devices. I think the big question would be if they are Linux specific or not or if there are Java bindings. I know the Certificate Server (i.e. Dogtag) that Red Hat ships is written in Java and has HSM support. I also believe some of this is in transition. I would suggest a conversation with Ade Lee
(alee at redhat.com) who would have more detailed information.
HTH,
--
John
--
The information contained in this electronic mail transmission
may be privileged and confidential, and therefore, protected
from disclosure. If you have received this communication in
error, please notify us immediately by replying to this
message and deleting it from your computer without copying
or disclosing it.
More information about the keycloak-dev
mailing list