[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference
[
https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15703046#comment-15703046
]
David Hook commented on PDFBOX-2963:
Class wise the fips module is the same at the JCA/JCE level as the regular jar
from 1.54. The low-level/light-weight APIs are quite different though. They
cannot be used in parallel.
> Remove Bouncy Castle Reference
> --
>
> Key: PDFBOX-2963
> URL: https://issues.apache.org/jira/browse/PDFBOX-2963
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto, PDModel
>Affects Versions: 1.8.9, 1.8.10, 2.0.0
>Reporter: Johnny Minty
> Fix For: 2.0.5, 2.1.0
>
>
> PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider
> explicitly (Hard coded)
> Referencing bouncy castle explicitly ties PDF box to a specific provider
> implementation.
> Instead of referencing BouncyCastleProvider explicitly provide an option to
> select another provider or alternatively allow a way to override the default.
> Version 1.8.X:
> https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java
> {code}
> public static SecurityHandlersManager getInstance()
> {
> if(instance == null)
> {
> instance = new SecurityHandlersManager();
> Security.addProvider(new BouncyCastleProvider());
> }
> return instance;
> }
> {code}
> Version 2.0.0:
> https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java
> {code}
>static
> {
> Security.addProvider(new BouncyCastleProvider());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference
[
https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15685784#comment-15685784
]
David Hook commented on PDFBOX-2963:
I think that should do the job. If it's any help BCFIPS is available at
https://www.bouncycastle.org/fips-java/ - we are planning to make it available
on maven central, but it will be a while as there are a few other things we
need to deal with first.
> Remove Bouncy Castle Reference
> --
>
> Key: PDFBOX-2963
> URL: https://issues.apache.org/jira/browse/PDFBOX-2963
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto, PDModel
>Affects Versions: 1.8.9, 1.8.10, 2.0.0
>Reporter: Johnny Minty
> Fix For: 2.0.4, 2.1.0
>
>
> PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider
> explicitly (Hard coded)
> Referencing bouncy castle explicitly ties PDF box to a specific provider
> implementation.
> Instead of referencing BouncyCastleProvider explicitly provide an option to
> select another provider or alternatively allow a way to override the default.
> Version 1.8.X:
> https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java
> {code}
> public static SecurityHandlersManager getInstance()
> {
> if(instance == null)
> {
> instance = new SecurityHandlersManager();
> Security.addProvider(new BouncyCastleProvider());
> }
> return instance;
> }
> {code}
> Version 2.0.0:
> https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java
> {code}
>static
> {
> Security.addProvider(new BouncyCastleProvider());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference
[
https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15679957#comment-15679957
]
David Hook commented on PDFBOX-2963:
It should be safe to remove the setProvider("BC"). The implications of doing
that are that the class will use the JVM's provider precedence for resolving
the algorithm required for unwrapping the secret key.
> Remove Bouncy Castle Reference
> --
>
> Key: PDFBOX-2963
> URL: https://issues.apache.org/jira/browse/PDFBOX-2963
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto, PDModel
>Affects Versions: 1.8.9, 1.8.10, 2.0.0
>Reporter: Johnny Minty
>
> PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider
> explicitly (Hard coded)
> Referencing bouncy castle explicitly ties PDF box to a specific provider
> implementation.
> Instead of referencing BouncyCastleProvider explicitly provide an option to
> select another provider or alternatively allow a way to override the default.
> Version 1.8.X:
> https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java
> {code}
> public static SecurityHandlersManager getInstance()
> {
> if(instance == null)
> {
> instance = new SecurityHandlersManager();
> Security.addProvider(new BouncyCastleProvider());
> }
> return instance;
> }
> {code}
> Version 2.0.0:
> https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java
> {code}
>static
> {
> Security.addProvider(new BouncyCastleProvider());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference
[
https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14740350#comment-14740350
]
David Hook commented on PDFBOX-2963:
I'm not sure how things are implemented by what's needed is a "single place"
where someone can say "I want to use this one" if it's not called by all means
fall back to "BC". I'd strongly advise against having any code that's hard
coded as thing.getInstance("algorithm", "BC"), something
more like this.getInstance("algorithm", providerName) where provider name
refers to something set by Provider.getName() in the "single place", otherwise
it's going to be very hard for the APIs to make use of "BCFIPS".
> Remove Bouncy Castle Reference
> --
>
> Key: PDFBOX-2963
> URL: https://issues.apache.org/jira/browse/PDFBOX-2963
> Project: PDFBox
> Issue Type: Improvement
> Components: Crypto, PDModel
>Affects Versions: 1.8.9, 1.8.10, 2.0.0
>Reporter: Johnny Minty
>
> PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider
> explicitly (Hard coded)
> Referencing bouncy castle explicitly ties PDF box to a specific provider
> implementation.
> Instead of referencing BouncyCastleProvider explicitly provide an option to
> select another provider or alternatively allow a way to override the default.
> Version 1.8.X:
> https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java
> {code}
> public static SecurityHandlersManager getInstance()
> {
> if(instance == null)
> {
> instance = new SecurityHandlersManager();
> Security.addProvider(new BouncyCastleProvider());
> }
> return instance;
> }
> {code}
> Version 2.0.0:
> https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java
> {code}
>static
> {
> Security.addProvider(new BouncyCastleProvider());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference
[
https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14734344#comment-14734344
]
David Hook commented on PDFBOX-2963:
Just further on this one - the issue has come up because there are soon to be 2
Bouncy Castle Providers, one which is FIPS hardened, the other which is the
regular one. The FIPS hardened provider basically works with the S/MIME, CMS
APIs the same as the regular one does, and provides the same ASN.1 library.
I'm aware that this project has some dependencies on S/MIME and the like, but
it would be good to allow injection of the actual provider used (to start with,
providing you don't do anything too crazy, the BC S/MIME API will also work
with the PKCS#11 provider, so while some of the classes in either the FIPS
provider or the regular BC provider are required for S/MIME to work, the
encryption services do not necessarily need to come from them).
If you have any questions about anything I've raised here, please feel free to
comment and/or email me.
> Remove Bouncy Castle Reference
> --
>
> Key: PDFBOX-2963
> URL: https://issues.apache.org/jira/browse/PDFBOX-2963
> Project: PDFBox
> Issue Type: Improvement
> Components: PDModel
>Affects Versions: 1.8.9, 1.8.10, 2.0.0
>Reporter: Johnny Minty
>
> PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider
> explicitly (Hard coded)
> Referencing bouncy castle explicitly ties PDF box to a specific provider
> implementation.
> Instead of referencing BouncyCastleProvider explicitly provide an option to
> select another provider or alternatively allow a way to override the default.
> Version 1.8.X:
> https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java
> public static SecurityHandlersManager getInstance()
> {
> if(instance == null)
> {
> instance = new SecurityHandlersManager();
> Security.addProvider(new BouncyCastleProvider());
> }
> return instance;
> }
> Version 2.0.0:
> https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java
>static
> {
> Security.addProvider(new BouncyCastleProvider());
> }
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
