Hi Tim,
In order to verify the signature of those signed provider jars I believe
that you would also need trusted implementations of :
* SHA-1 and MD5 digest algorithms
* DSA and RSA signature algorithms
Best regards,
George
IBM UK
Tim Ellison wrote:
Stepan Mishura wrote:
<snip>
Returning back to the 'missing post'. I agreed with suggestion but currently
we don't have Harmony provider so we should define how we locate 'trusted
provides' to be secure.
We just need a trusted SHA1PRNG, right? then we can open signed
providers' jars and get any others.
Regards,
Tim
