Question regaring Password based encryption (PBE)

[Werner Dittmann <We...@t-online.de>]

All,

I started to get PBE up and running in JuiCE. The code modifications
in existing code are fairly small because PBE uses the same existing
encryption engines (AES, DES, etc.). There are problems remaining:
enabling PBE in the existing code requires that we need to copy
a fair amount of code from BouncyCastle to be able to handle the
password based keys.

I've tried to do a "lightwight" implementation but it turned out that
this is not possible because not all required methods are "public" in
BC thus we cannot access them.

As copying over the code and modifing it to run with JuiCE is not a
big deal. Would it be ok to use a larger amount of BC code more or
less verbatim? According to BC's license it is ok to do so.

Regards,
Werner

---------------------------------------------------------------------
To unsubscribe, e-mail: juice-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: juice-dev-help@xml.apache.org

Re: Question regaring Password based encryption (PBE)

[Werner Dittmann <We...@t-online.de>]

Berin,

the license of BC is very iberal and allows to copy their code, modify
it etc for any purpose (there is a copy of BC's license in the LICENSE
directory of JuiCE).

This is what I had in mid as well. The key generation uses message
digests (SHA, MD5, ...) to derive the actual key from a given password,
salt, and iteration count. AFAIK this specific algo is not implemented
in OpenSSL. Thus we can use the OpenSSL digest code to generate the
actual key - this link is already implemented in JuiCE.

Regards,
Werner

Berin Lautenbach wrote:
> What's the license for BC, and what's the code that needs to be
> implemented?  Is it the actual key generation?  If so - might we be
> better off implementing it in the C component of the library and linking
> it more closely with the OpenSSL code?
> 
> If the of JuiCE is to implement as much as we can directly around the
> OpenSSL core in C++/C to give us the speed advantage, then my preference
> would be to go down that track.
> 
> Cheers,
>     Berin
> 
> Werner Dittmann wrote:
> 
>> All,
>>
>> I started to get PBE up and running in JuiCE. The code modifications
>> in existing code are fairly small because PBE uses the same existing
>> encryption engines (AES, DES, etc.). There are problems remaining:
>> enabling PBE in the existing code requires that we need to copy
>> a fair amount of code from BouncyCastle to be able to handle the
>> password based keys.
>>
>> I've tried to do a "lightwight" implementation but it turned out that
>> this is not possible because not all required methods are "public" in
>> BC thus we cannot access them.
>>
>> As copying over the code and modifing it to run with JuiCE is not a
>> big deal. Would it be ok to use a larger amount of BC code more or
>> less verbatim? According to BC's license it is ok to do so.
>>
>> Regards,
>> Werner
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: juice-dev-unsubscribe@xml.apache.org
>> For additional commands, e-mail: juice-dev-help@xml.apache.org
>>
>>
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: juice-dev-unsubscribe@xml.apache.org
> For additional commands, e-mail: juice-dev-help@xml.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: juice-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: juice-dev-help@xml.apache.org

Re: Question regaring Password based encryption (PBE)

[Berin Lautenbach <be...@wingsofhermes.org>]

What's the license for BC, and what's the code that needs to be 
implemented?  Is it the actual key generation?  If so - might we be 
better off implementing it in the C component of the library and linking 
it more closely with the OpenSSL code?

If the of JuiCE is to implement as much as we can directly around the 
OpenSSL core in C++/C to give us the speed advantage, then my preference 
would be to go down that track.

Cheers,
	Berin

Werner Dittmann wrote:

> All,
> 
> I started to get PBE up and running in JuiCE. The code modifications
> in existing code are fairly small because PBE uses the same existing
> encryption engines (AES, DES, etc.). There are problems remaining:
> enabling PBE in the existing code requires that we need to copy
> a fair amount of code from BouncyCastle to be able to handle the
> password based keys.
> 
> I've tried to do a "lightwight" implementation but it turned out that
> this is not possible because not all required methods are "public" in
> BC thus we cannot access them.
> 
> As copying over the code and modifing it to run with JuiCE is not a
> big deal. Would it be ok to use a larger amount of BC code more or
> less verbatim? According to BC's license it is ok to do so.
> 
> Regards,
> Werner
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: juice-dev-unsubscribe@xml.apache.org
> For additional commands, e-mail: juice-dev-help@xml.apache.org
> 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: juice-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: juice-dev-help@xml.apache.org