Why LLSEC_SECRET_KEY_IMPL_nativeGetCloseId is required?

s.connor · March 27, 2026, 4:35pm

Hi MicroEJ,

I have a question about managing native resources.

I don’t understand the purpose of the following native function:

/**
 * Gets the ID of the native close function.
 *
 * @return the ID of the static native close function
 * @throws NativeException
 *             on error
 */
int32_t LLSEC_SECRET_KEY_IMPL_nativeGetCloseId(void);

The return value appears to be the identifier of a function used to close a native resource created by LLSEC_SECRET_KEY_IMPL_create.
However, it is essential in LLSEC_SECRET_KEY_IMPL_create to use SNI_registerResource, which seems to serve the same purpose as LLSEC_SECRET_KEY_IMPL_nativeGetCloseId. At the risk of getting an IllegalArgumentException.

So I wonder, what is the purpose of the native LLSEC_SECRET_KEY_IMPL_nativeGetCloseId if we are required to call SNI_registerResource in the native creation function

Thanks!

S.

rlouedec · March 30, 2026, 8:56am

Hello @s.connor

This is needed by our SECURITY library.
In LLSEC_SECRET_KEY_IMPL_create(), you need to call SNI_registerResource() to free the native resources for the created secret key in case the MicroEJ Application is killed.

In a Standalone Application context, this is when the application exits.
In a Multi-Sandbox context, this is either when the Kernel exits, or when the Sandboxed Application (that created the key) is stopped.

Yet, the Java standard API for Cryptography (JCA) implemented by our SECURITY library does not expose an API to “close” a SecretKey. Therefore, our SECURITY library implementation additionally binds the native resource with the SecretKey Java object, so that, when it is garbage collected, the native resource is also freed.

See more about this mechanism in our VEE Porting Guide: SNI Resources (NativeResource.closeOnGC())

Best regards,
Rémy