More implementatoins we have in Harmony - less we depend on third parties. I think SHA-1 and DSA is something to start with.
Makes sense? Thanks, Mikhail On 2/10/06, George Harley <[EMAIL PROTECTED]> wrote: > Hi Stepan, > > In the short term, yes, SHA-1 and DSA should suffice for verifying the > BouncyCastle provider jar. Long term though, Harmony will also need to > support the MD5 and RSA algorithms for other providers that may have > been signed with those algorithms. While the Jar file specification does > not mandate a set of digest and signature algorithms that may be used > for signing, it should be noted that the reference jarsigner tool > supports both DSA+SHA-1 and RSA+MD5. > > Best regards, > George > IBM UK > > PS, Keeping my fingers crossed this ends up on the dev-list :-) > > > Stepan Mishura wrote: > > > > We should have at least to verify BC provider: > > 1) Message digest algorithm: SHA-1 > > 2) Signature algorithm: SHA1withDSA > > > > Other jars may require additional algorithms, for example, > > SHA1withRSA. We can verify BC provider first and use it for further > > jar verifications. > > > > > > Thanks, > > Stepan Mishura > > Intel Middleware Products Division > > > > > > > > On 2/10/06, *George Harley* <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > Hi Tim, > > > > In order to verify the signature of those signed provider jars I > > believe > > that you would also need trusted implementations of : > > > > * SHA-1 and MD5 digest algorithms > > * DSA and RSA signature algorithms > > > > > > Best regards, > > George > > IBM UK > > > > > > Tim Ellison wrote: > > > Stepan Mishura wrote: > > > <snip> > > > > > >> Returning back to the 'missing post'. I agreed with suggestion > > but currently > > >> we don't have Harmony provider so we should define how we > > locate 'trusted > > >> provides' to be secure. > > >> > > > > > > We just need a trusted SHA1PRNG, right? then we can open signed > > > providers' jars and get any others. > > > > > > Regards, > > > Tim > > > > > > > > > > > > > > > > -- > >
