On Wed, May 2, 2012 at 5:01 AM, Darren J Moffat
<[email protected]> wrote:
> On 05/02/12 06:33, Kevin W. Wall wrote:
>>
>> primitives that do not include *any* AE cipher modes at all. Some
>> great examples are in the standard SunJCE that comes with the
>> JDK (you have to use something like BouncyCastle to get things
>> like GCM or CCM for Java and that's often a hard political sell so
>> most developers won't bother). Another example is with the .NET
>> framework. It too has no authenticated mode. Both Java and
>> .NET only support ECB, CBC, CFB, OFB modes and starting
>> with JDK 1.6, Java also offers CTR mode. (.NET may too; I haven't
>> actually looked in a while.)
>
>
> JEP 115: AEAD CipherSuites
>
> http://openjdk.java.net/jeps/115
Darren,
Well, that is definitely good news to be sure, but as I read JEP 115,
it appears that:
1) The interfaces are only defined in JDK 7. A reference implementation
won't come until JDK 8. (Meanwhile, most applications are still on
JDK 6 and some even on earlier, unsupported versions.)
2) As I read this, it appears as though the reference implementation
is only going to address Java Secure Sockets Extension (JSSE)
and for PKCS#11 support. In other words, all they are doing with is
adding support for some new cipher suites for TLS.and adding PKCS11
support to NSA's Suite B compliance for TLS.
Specifically, from the cited URL, it states:
Note that in order to support the GCM AEAD cipher
suite in JSSE, the GCM cipher implementation is
required in the JCA/JCE PKCS11 provider.
So at this point, without having looked at the interfaces in JDK 7,
I am not sure that one will be able to use GCM with AES when
using the Cipher class. However, I will look more deeply. If nothing
else though, it's a step in the right direction, so thanks for the
pointer.
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
