On Sunday 25 September 2005 16:19, Bear Giles wrote: > I looked at this a while back, ultimately decided to go with a > pure java implementation (BouncyCastle, iirc) since it was > sufficient for my needs.
Hi Bear, thanks for the reply. BouncyCastle is what we're doing now. I was looking for something OpenSSL-based because we are working with some hardware which has crypto features, and there is a port of OpenSSL which takes advantage of these. Another reason to prefer a largely-native implementation is that we currently don't have JIT on this hardware. In the meantime I've heard that someone has hacked BouncyCastle to add native access to these features, so it looks like that's the way we'll be going. > Anyway, you can use JNI to create a binding between the OpenSSL > library and Java. This is a C layer and your main hassle will be > ensuring that you have the memory management down cold. > > On the java side, you should find a copy of Java Security > (O'Reilly) or comparable text and implement the full SPI so you > can use the standard java classes. (You'll need to list yourself > as a crypto service provider in the runtime configuration file -- > see the book for details.) In J2SE you'll want to look at the > javax.crypto.*Spi classes, I'm not sure if they're the same in J2ME. Yes, indeed. However that's actually quite a lot of work, and I don't think it's all that easy: it's not just a matter of writing JNI "wrappers". That's why I was looking at picking up from an existing project. > You could implement your own interface, of course, but that would > prevent you from using third party libraries written to the > standard interfaces. I think it's also much more risky from a > project management perspective - how stable will your interface > be, how will changes propagate through the rest of the software, > how long will it take new staff to come up to speed, etc. Yes, this would be a substantial burden, and not the way I would want to go. If there were a non-standard set of bindings already exisitng with some kind of user base then that might be acceptable, but creating a new one would be a Bad Thing. Thanks, Chris -- Chris Gray /k/ Embedded Java Solutions BE0503765045 Embedded & Mobile Java, OSGi http://www.kiffer.be/k/ [EMAIL PROTECTED] +32 3 216 0369 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
