Generated from commit: d6e493b

Signed-off-by: genie-openj9 <[email protected]>

enhancementstoopenjdksecurity/index.html

@@ -8605,6 +8605,7 @@ <h2 id="support-for-pkcs11-token-labels"><img alt="Start of content that applies
 <p>On z/OS and Linux on IBM Z, OpenJ9 supports the use of an extra attribute, <code>tokenlabel</code>, in the SunPKCS11 configuration file. Use this attribute to assign a label to a PKCS#11 token.</p>
 <p>The number of slots and their order depend on the number of tokens in the ICSF token database, their values, and the SAF CRYPTOZ class protection profiles that are currently defined. The ICSF PKCS#11 support ensures that a token resides in its current slot only for the duration of a PKCS#11 session (if the token is not deleted). If you restart an application, or tokens are created or removed, the token might move to a different slot. An application that uses the <code>slot</code> or <code>slotListIndex</code> attributes might fail if it doesn’t first check which slot the token is in. You can avoid this issue by using the <code>tokenlabel</code> attribute instead.</p>
 <p>You can specify only one of the attributes - <code>slot</code>, <code>slotListIndex</code>, or <code>tokenlabel</code>. If you do not specify any of these attributes, the default behavior is that the <code>slotListIndex</code> attribute is set to 0.</p>
+<p><span aria-hidden="true" class="twemoji note"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="m410.3 231 11.3-11.3-33.9-33.9-62.1-62.1-33.9-33.9-11.3 11.3-22.6 22.6L58.6 322.9c-10.4 10.4-18 23.3-22.2 37.4L1 480.7c-2.5 8.4-.2 17.5 6.1 23.7s15.3 8.5 23.7 6.1l120.3-35.4c14.1-4.2 27-11.8 37.4-22.2l199.2-199.2 22.6-22.7zM160 399.4l-9.1 22.7c-4 3.1-8.5 5.4-13.3 6.9l-78.2 23 23-78.1c1.4-4.9 3.8-9.4 6.9-13.3l22.7-9.1v32c0 8.8 7.2 16 16 16h32zM362.7 18.7l-14.4 14.5-22.6 22.6-11.4 11.3 33.9 33.9 62.1 62.1 33.9 33.9 11.3-11.3 22.6-22.6 14.5-14.5c25-25 25-65.5 0-90.5l-39.3-39.4c-25-25-65.5-25-90.5 0zm-47.4 168-144 144c-6.2 6.2-16.4 6.2-22.6 0s-6.2-16.4 0-22.6l144-144c6.2-6.2 16.4-6.2 22.6 0s6.2 16.4 0 22.6z"/></svg></span> <strong>Note:</strong> To configure an ICSF token, add the ICSF token to openCryptoki by using the <code>pkcsicsf</code> utility. The openCryptoki library loads the tokens that provide hardware or software specific support for cryptographic functions. An openCryptoki token uses an RSA key pair of public and private keys to encrypt and decrypt data. <img alt="Start of content that applies to Java 17 plus" src="../cr/java17plus.png" /> You must have openCryptoki version 3.22 or later to generate RSA private keys with the ICA, CCA and EP11 tokens that openCryptoki supports. <img alt="End of content that applies only to Java 17 (LTS) and later" src="../cr/java_close_lts.png" /></p>
 <p>For more information about the SunPKCS11 configuration file, see <a href="https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html">PKCS#11 Reference Guide</a>.</p>
 <!-- ==== END OF TOPIC ==== enhancementstoopenjdksecurity.md ==== -->