Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+Bouncy

gnu-crypto-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+Bouncy

From:	Kevin Smith
Subject:	Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?
Date:	Tue, 15 Mar 2005 14:17:34 -0500
User-agent:	Mozilla Thunderbird 1.0 (X11/20041214)

Casey Marshall wrote:


Out of curiosity, what algorithms are we missing, in particular?


SHA1WithRSA for signing.

That might not work; you have to prepend those Jar files to the
bootclasspath, not your normal classpath.

Hm. I've never dealt with bootclasspath before. I'm in eclipse at themoment, and eventually would also have to know the magic that wouldallow this to work on raw Linux, Mac, and Windows environments. Let'spostpone going down that path while we explore the other possiblecause(s) and solutions.

But also; why do you want to do this? Sun's JCE should be compatible
with the one we provide, and our algorithms should work under it,
provided that the jar file is signed first.

Our app is intended to be installed and used by computer novices aroundthe world. Requiring them to download and install the unlimited strengthcrypto policy file is unacceptable. Distributing the file ourself wouldapparently violate Sun's copyrights, so that's also unacceptable. We arefaced with rewriting our code using the BouncyCastle lightweight API tobypass JCE, or to find a JCE that doesn't enforce those restrictions,like gnu-crypto.

I think we are indifferent about using BouncyCastle's JCE provider orthe gnu-crypto JCE provider, as long as it is compatible with ourexisting data (including SHA1WithRSA signatures).

our javax-crypto.jar contains some BC code, including
some classes in the 'org.bouncycastle' namespace. It is likely that
one class is being loaded from our javax-crypto.jar, and another from
the BC jar. I rewrote the JCE from scratch, which is in our CVS
sources, and is also now a part of the GNU Classpath project.

Ok. That makes sense, I think. How stable is your new JCE? Do you thinkit will be production quality and released soon? Or, will the gnu-cryptoprovider support SHA1WithRSA soon (or does it already and it just isn'tdocumented)?

I suppose the third option would be for me to try to rename packages orstrip out parts of the existing gnu-crypto, bouncy-castle-based JCE totry to get it to work with the BouncyCastle provider.

Hope this helps!


Very helpful!

Thanks much,

Kevin

[Prev in Thread]

Current Thread

[Next in Thread]

[GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?, Kevin Smith, 2005/03/14
- Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?, Wes Biggs, 2005/03/15
- Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?, Casey Marshall, 2005/03/15
  - Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?, Kevin Smith <=
    - Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?, Casey Marshall, 2005/03/15
    - Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?, Kevin Smith, 2005/03/18
- Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?, Doug, 2005/03/17

Prev by Date: [GNU Crypto] More informations about non-primality test
Next by Date: Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?
Previous by thread: Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?
Next by thread: Re: [GNU Crypto] How to replace Sun JCE+BouncyCastle with GNU JCE+BouncyCastle?
Index(es):
- Date
- Thread