Hi Again this a newbe question: The BouncyCastle jar does not come with normal axis distribution and I guess we have to put a reference to that in the java.security file for Encryption/Signature to work with axis2 and have that jar file in the lib/ext folder of the jre..
Q1>Is the use of BouncyCastle hardcoded in the axis2 software? [this would be not a nice thing] Q2>What value does BouncyCastle provide if I am using jdk1.5 [which somes with a RSA imlpementation by default although not strong enough I guess]? Q3>Can I not have BouncyCastle and have say another provider which provides the same functionality - this is related to Q1. My point is any standard J2EE server today will provide WS-Security support - so they must have some provider which does that encryption [strong enough] and signature for them. I am not sure why wss4j/axis2 cannot use that provider whcih comes with a J2EE server. If it can then I dont have the extra download and also dont have to setup BC in the java.security file. I was looking into the archives and saw some issues with BC and IBM jdk and am not sure if those have been resolved yet. My target platform is Websphere 6.1 [jdk 1.5] and feeling a little bit shaky on BouncyCastle. -- thanks Rishi
