Skip to content

createWithMtlsJavaKeystore should use custom key operations to support non-exportable keys #579

New issue
New issue
Open
Open
createWithMtlsJavaKeystore should use custom key operations to support non-exportable keys#579
Labels
CRT/IoTfeature-requestA feature should be added or improved.p2This is a standard priority issue
@MikeDombo

Description

@MikeDombo
MikeDombo
opened on Jan 13, 2023

Feature Request:

aws-crt-java/src/main/java/software/amazon/awssdk/crt/io/TlsContextOptions.java

Line 373 in 54af471

public static TlsContextOptions createWithMtlsJavaKeystore(

createWithMtlsJavaKeystore extracts the key, assumes it is RSA and then creates the TLS options using the in-memory private key and certificate. There should be a way to use the Java KeyStore via custom key operations to provide security without exporting the key from secure storage such as PKCS11 or AndroidKeyStore.

This can be done by customers manually by writing the necessary code, but having a prebuilt implementation to call the necessary Java APIs to sign and verify using the secure key material would make a lot of sense.

Metadata

Metadata

Assignees

No one assigned

    Labels

    CRT/IoTfeature-requestA feature should be added or improved.p2This is a standard priority issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions