You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Guillaume Sauthier <Gu...@objectweb.org> on 2005/10/14 18:43:22 UTC
BouncyCastle JCE provider
Hi folks
I wanted to know what's the opinion here about BouncyCastle provider
that includes a patented (IDEA?) algorithm ?
I know that's an issue for geronimo, and it's one for JOnAS too.
I have some questions :
Does the bc guys started to distribute a bcprov-*.jar without the faulty
algo ?
Can we use all features of WSS4j (Encrypt in particular) without BC jar
file ?
If I manually remove the faulty classes, the jar signature will be
broken. If I sign the result jar file with my personnal key, can I still
use WSS4J ?
Regards
Guillaume
Re: BouncyCastle JCE provider
Posted by Werner Dittmann <We...@t-online.de>.
Guillome,
there was a discussion on the BC mailing list some time ago where this
issue was discussed (I saw it in the archives, I'm not subscribed
to that list). Maybe you crosscheck if they can deliver you a
signed jar without IDEA.
AFAIK the standard provider (SUN) does not support all encryptions and
other things we may need, in particular becauls the xml-sec guys require
some ISO padding that ist not included in sun provider (AFAIK).
And no, you can't sign the jar with your personal key, the JCE
implementation of sun requires a cert that was signed by sun.
There is a workaround though by constructing an own BC jar, include
the clean room implememtation of the JCE into it. To use such a
thing you have to move the Sun JCE implementation out of its location
(I do that because I'm just testing/implementing a binding to the
openSSL crypto lib - thus I digged into the BC somewhat).
Regards,
Werner
Guillaume Sauthier wrote:
> Hi folks
>
> I wanted to know what's the opinion here about BouncyCastle provider
> that includes a patented (IDEA?) algorithm ?
>
> I know that's an issue for geronimo, and it's one for JOnAS too.
>
> I have some questions :
>
> Does the bc guys started to distribute a bcprov-*.jar without the faulty
> algo ?
> Can we use all features of WSS4j (Encrypt in particular) without BC jar
> file ?
> If I manually remove the faulty classes, the jar signature will be
> broken. If I sign the result jar file with my personnal key, can I still
> use WSS4J ?
>
>
> Regards
> Guillaume
>
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: BouncyCastle JCE provider
Posted by Werner Dittmann <We...@t-online.de>.
Guillome,
there was a discussion on the BC mailing list some time ago where this
issue was discussed (I saw it in the archives, I'm not subscribed
to that list). Maybe you crosscheck if they can deliver you a
signed jar without IDEA.
AFAIK the standard provider (SUN) does not support all encryptions and
other things we may need, in particular becauls the xml-sec guys require
some ISO padding that ist not included in sun provider (AFAIK).
And no, you can't sign the jar with your personal key, the JCE
implementation of sun requires a cert that was signed by sun.
There is a workaround though by constructing an own BC jar, include
the clean room implememtation of the JCE into it. To use such a
thing you have to move the Sun JCE implementation out of its location
(I do that because I'm just testing/implementing a binding to the
openSSL crypto lib - thus I digged into the BC somewhat).
Regards,
Werner
Guillaume Sauthier wrote:
> Hi folks
>
> I wanted to know what's the opinion here about BouncyCastle provider
> that includes a patented (IDEA?) algorithm ?
>
> I know that's an issue for geronimo, and it's one for JOnAS too.
>
> I have some questions :
>
> Does the bc guys started to distribute a bcprov-*.jar without the faulty
> algo ?
> Can we use all features of WSS4j (Encrypt in particular) without BC jar
> file ?
> If I manually remove the faulty classes, the jar signature will be
> broken. If I sign the result jar file with my personnal key, can I still
> use WSS4J ?
>
>
> Regards
> Guillaume
>
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org