Skip to content

Commit

Permalink
Fix the PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT in FIPS mode
Browse files Browse the repository at this point in the history 
Refer to [Redhat-2007331](https://bugzilla.redhat.com/show_bug.cgi?id=2007331). Add a CKA_SIGN attribute to a key that is generated by the MAC service initialization in the FIPS mode.

Signed-off-by: Jinhang Zhang <Jinhang.Zhang@ibm.com>
  • Loading branch information
@JinhangZhang
JinhangZhang committed Oct 11, 2022
1 parent 629c463 commit 2b2697b
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions closed/src/java.base/share/conf/security/nss.fips.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,5 @@ nssLibraryDirectory = /usr/lib64
nssSecmodDirectory = /etc/pki/nssdb
nssDbMode = readOnly
nssModule = fips

attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }

0 comments on commit 2b2697b

Please sign in to comment.