Configure cryptographic elliptic curves
NaCl primitives provide good security and speed and this is sufficient in most circumstances.
Configure an alternative cryptographic elliptic curve
encryptor configuration item, you can provide a compatible JCA provider (for example, SunEC provider).
The same enclave encryption process is used regardless of whether the
NaCl or JCA encryptor is configured.
type is set to
CUSTOM, support is provided for an external encryptor implementation to integrate with Tessera. The kalium support module is configured as a custom encryptor. The pilot third party integration is Unbound Tech's Unbound Key Control (UKC) encryptor (jar available at
*[JCA]: Java Cryptography Architecture