Thank you for the quick response. Just going through the google search and your link, It seems that Crypto-J is not an interface definition/standard. It is a particular product from RSA. So my understanding is that there is no other Crypto-J provider except the one from RSA?
What standards that a security provider has to meet if we want to replace the bouncy castle used in the Rampant? Here is my understanding: 1) JCE standard 2) two addition static methods that you show in the link isFIPS140Compliant() selfTestPassed() Thanks, Jeff From: Martin Gainty <[email protected]> To: <[email protected]>, Jeff J Li/Boca Raton/IBM@IBMUS Date: 03/01/2011 11:53 AM Subject: RE: Can the Apache Axis2 work without the Bouncy Castle Provider? Good Morning Jeff you will need to specify another Crypto-J provider (such as the Crypto-J provider from RSA) be aware that The (Crypto-J) provider could become disabled if either 1)the JCE-required self-integrity check failed or 2)one of the FIPS-required self-tests failed. a test harness to test the capabilities of the provider is available at: http://www.rsa.com/products/bsafe/documentation/cryptoj35html/doc/dev_guide/group__CJ__SAMPLES__RSANOPAD__JCE.html does this answer your question? Martin Gainty ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. To: [email protected] Subject: Can the Apache Axis2 work without the Bouncy Castle Provider? From: [email protected] Date: Tue, 1 Mar 2011 10:23:08 -0500 One instruction for using Rampant is to configure the bouncy castle.jar in java security file in java runtime lib/security file security.provider.99=org.bouncycastle.jce.provider.BouncyCastleProvider There are many security providers out there, can this step be skipped so that JVM uses other security providers? Is this hard coded somewhere in the Rampant or its dependent WSS4J to compile and use the Bouncy castle? Regards, Jeff
