2008/1/17, Zakharov, Vasily M <[EMAIL PROTECTED]>: > > > You said you are chosing between BKS and PKCS12. Is it hypotetical > > choice or you have an implementation of PKCS12? My question was about > > the implementation > > Yes, BouncyCastle has implementation for both BKS and PKCS12. > > > Is there other (non JKS) keystore formats (PKCS12?) available on RI? > > Yes, RI supports JKS and PKCS12 (see [1]).
Then i think PKCS12 is more reasonable for default Thanks, Mikhail > > Vasily > > [1] > http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#AppA > > > -----Original Message----- > From: Mikhail Loenko [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 17, 2008 6:19 PM > To: [email protected] > Subject: Re: [security] Which KeyStore to choose? > > 2008/1/17, Zakharov, Vasily M <[EMAIL PROTECTED]>: > > > > I'm going to specify a default to use by Geronimo when it's running on > > Harmony. > > > > PKCS12 [1] is RSA Labs keystore format. It has the advantage that it > is > > supported > > by both RI and BouncyCastle, but it's not Java-specific, and is > > supported also by > > Internet Explorer and other applications. > > You said you are chosing between BKS and PKCS12. Is it hypotetical > choice or you have an implementation of PKCS12? My question was about > the implementation > > > > > > Do I understand you correctly that as Harmony uses BC that has BKS as > > default keystore, > > I'd pu tit this way: > 1) Harmony uses BC > 2) BC contains implementation of BKS (which is BC Key Store) > 3) Harmony config specifies BKS as default > > > so the BKS is the best default choice, right? > > I don't know what your requirements are. Is there other (non JKS) key > store formats (PKCS12?) available on RI? Can we make it available in > Harmony? > > > > > Vasily > > > > [1] http://en.wikipedia.org/wiki/PKCS12 > > > > > > -----Original Message----- > > From: Mikhail Loenko [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, January 16, 2008 9:43 PM > > To: [email protected] > > Subject: Re: [security] Which KeyStore to choose? > > > > are you talking about ability to specify for Harmony or for Geronimo? > > > > Default for any JRE is specified in the .java.security configuration > > file. BKS is something from BC provider by definition. What is PKCS12? > > > > 2008/1/17, Zakharov, Vasily M <[EMAIL PROTECTED]>: > > > > > > I fully agree with that, but besides, we should propose some choice > to > > > use by default. > > > That's what I'm asking for. > > > > > > Vasily > > > > > > > > > -----Original Message----- > > > From: Alexey Petrenko [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, January 16, 2008 9:14 PM > > > To: [email protected] > > > Subject: Re: [security] Which KeyStore to choose? > > > > > > I think that the best options is possibility to choose :) > > > > > > SY, Alexey > > > > > > 2008/1/16, Zakharov, Vasily M <[EMAIL PROTECTED]>: > > > > Hi, security gurus, what would be you suggestion on which would be > > the > > > > best default keystore type to use in applications like Geronimo? > > > > > > > > I'm now trying to enable Geronimo 2.0.2 on Harmony, and it > requires > > a > > > > proper keystore to operate. By default, it uses JKS which Harmony > > > > doesn't support, and I'm going to propose changing that to > something > > > > else. Previously there were talks on using PKCS12, but for now > > default > > > > keystore type for Harmony is BKS, so I wonder, which would make > the > > > best > > > > default. > > > > > > > > Thank you! > > > > > > > > Vasily Zakharov > > > > Intel ESSD > > > > > > > > > > > > > > > > --- > > > > > > > > > > > > -------------------------------------------------------------------- > > Closed Joint Stock Company Intel A/O > > Registered legal address: 125252, Moscow, Russian Federation, > > Chapayevsky Per, 14. > > > > This e-mail and any attachments may contain confidential material for > > the sole use of the intended recipient(s). Any review or distribution > > by others is strictly prohibited. If you are not the intended > > recipient, please contact the sender and delete all copies. > > > > >
