Re: [keycloak-dev] Protecting/encrypting realm keys

On 02/09/2016 09:40 AM, John Dennis wrote: > On 02/08/2016 02:08 PM, Stian Thorgersen wrote: >> In essence the work would be to create a Encryption SPI and a default >> implementation. The default implementation would rely on the keys stored >> in the database. I'm not aware of any standard or libraries that can be >> used to communicate with HSM devices so I would imagine implementations >> for specific HSM vendors would have to be done by users themselves. > There are C libraries to support HSM devices. I think the big question > would be if they are Linux specific or not or if there are Java > bindings. I know the Certificate Server (i.e. Dogtag) that Red Hat ships > is written in Java and has HSM support. I also believe some of this is > in transition. I would suggest a conversation with Ade Lee > (alee(a)redhat.com) who would have more detailed information. So, wouldn't the abstraction be NSS, and the Binding be the TomcatNSS libraries? > > HTH, > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev