gnu-crypto-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+Bouncy

From: Casey Marshall
Subject: Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?
Date: Tue, 15 Mar 2005 09:56:05 -0800
User-agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (gnu/linux) 
>>>>> "Kevin" == Kevin Smith <address@hidden> writes:

Kevin> Greetings all!

Kevin> We have an app that currently uses BouncyCastle through the
Kevin> standard Sun JCE interface. We would like to switch to
Kevin> gnu-crypto, but we need some algorithms that the gnu-crypto JCE
Kevin> provider doesn't support, so we still want to use BouncyCastle
Kevin> as the provider.

Out of curiosity, what algorithms are we missing, in particular?

Kevin> I have put the gnu crypto jars (javax-crypto and
Kevin> javax-security) earlier in the classpath than the JRE
Kevin> versions. I have tried it with and without gnu-crypto in the
Kevin> classpath. The app builds, but when I try to run it I get this
Kevin> exception:

That might not work; you have to prepend those Jar files to the
bootclasspath, not your normal classpath.

But also; why do you want to do this? Sun's JCE should be compatible
with the one we provide, and our algorithms should work under it,
provided that the jar file is signed first.

Kevin> java.lang.SecurityException: class
Kevin> "org.bouncycastle.asn1.ASN1EncodableVector"'s signer information does
Kevin> not match signer information of other classes in the same package

For the 2.0 release, we used BouncyCastle's clean-room JCE instead of
writing our own (I argued against this, but it was ultimately not my
decision) so our javax-crypto.jar contains some BC code, including
some classes in the 'org.bouncycastle' namespace. It is likely that
one class is being loaded from our javax-crypto.jar, and another from
the BC jar. I rewrote the JCE from scratch, which is in our CVS
sources, and is also now a part of the GNU Classpath project.

See also Wes's comments about the jars being sealed, but I think in
this case it is because one jar is signed, and the other is not.

Kevin> Is it a known limitation that only the gnu-crypto JCE provider
Kevin> can be used at this time? If so, that should probably be added
Kevin> to the docs. Otherwise, any suggestions or things I should try?

That should not be a limitation. The JCE we provide should be
compatible with Sun's, but minus the DRM tomfoolery they use.

Kevin> I'm not subscribed to the list yet, so please CC me with any
Kevin> replies.

Hope this helps!

-- 
Casey Marshall || address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]