[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference
[ https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15703046#comment-15703046 ] David Hook commented on PDFBOX-2963: Class wise the fips module is the same at the JCA/JCE level as the regular jar from 1.54. The low-level/light-weight APIs are quite different though. They cannot be used in parallel. > Remove Bouncy Castle Reference > -- > > Key: PDFBOX-2963 > URL: https://issues.apache.org/jira/browse/PDFBOX-2963 > Project: PDFBox > Issue Type: Improvement > Components: Crypto, PDModel >Affects Versions: 1.8.9, 1.8.10, 2.0.0 >Reporter: Johnny Minty > Fix For: 2.0.5, 2.1.0 > > > PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider > explicitly (Hard coded) > Referencing bouncy castle explicitly ties PDF box to a specific provider > implementation. > Instead of referencing BouncyCastleProvider explicitly provide an option to > select another provider or alternatively allow a way to override the default. > Version 1.8.X: > https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java > {code} > public static SecurityHandlersManager getInstance() > { > if(instance == null) > { > instance = new SecurityHandlersManager(); > Security.addProvider(new BouncyCastleProvider()); > } > return instance; > } > {code} > Version 2.0.0: > https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java > {code} >static > { > Security.addProvider(new BouncyCastleProvider()); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference
[ https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15685784#comment-15685784 ] David Hook commented on PDFBOX-2963: I think that should do the job. If it's any help BCFIPS is available at https://www.bouncycastle.org/fips-java/ - we are planning to make it available on maven central, but it will be a while as there are a few other things we need to deal with first. > Remove Bouncy Castle Reference > -- > > Key: PDFBOX-2963 > URL: https://issues.apache.org/jira/browse/PDFBOX-2963 > Project: PDFBox > Issue Type: Improvement > Components: Crypto, PDModel >Affects Versions: 1.8.9, 1.8.10, 2.0.0 >Reporter: Johnny Minty > Fix For: 2.0.4, 2.1.0 > > > PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider > explicitly (Hard coded) > Referencing bouncy castle explicitly ties PDF box to a specific provider > implementation. > Instead of referencing BouncyCastleProvider explicitly provide an option to > select another provider or alternatively allow a way to override the default. > Version 1.8.X: > https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java > {code} > public static SecurityHandlersManager getInstance() > { > if(instance == null) > { > instance = new SecurityHandlersManager(); > Security.addProvider(new BouncyCastleProvider()); > } > return instance; > } > {code} > Version 2.0.0: > https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java > {code} >static > { > Security.addProvider(new BouncyCastleProvider()); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference
[ https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15679957#comment-15679957 ] David Hook commented on PDFBOX-2963: It should be safe to remove the setProvider("BC"). The implications of doing that are that the class will use the JVM's provider precedence for resolving the algorithm required for unwrapping the secret key. > Remove Bouncy Castle Reference > -- > > Key: PDFBOX-2963 > URL: https://issues.apache.org/jira/browse/PDFBOX-2963 > Project: PDFBox > Issue Type: Improvement > Components: Crypto, PDModel >Affects Versions: 1.8.9, 1.8.10, 2.0.0 >Reporter: Johnny Minty > > PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider > explicitly (Hard coded) > Referencing bouncy castle explicitly ties PDF box to a specific provider > implementation. > Instead of referencing BouncyCastleProvider explicitly provide an option to > select another provider or alternatively allow a way to override the default. > Version 1.8.X: > https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java > {code} > public static SecurityHandlersManager getInstance() > { > if(instance == null) > { > instance = new SecurityHandlersManager(); > Security.addProvider(new BouncyCastleProvider()); > } > return instance; > } > {code} > Version 2.0.0: > https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java > {code} >static > { > Security.addProvider(new BouncyCastleProvider()); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference
[ https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14740350#comment-14740350 ] David Hook commented on PDFBOX-2963: I'm not sure how things are implemented by what's needed is a "single place" where someone can say "I want to use this one" if it's not called by all means fall back to "BC". I'd strongly advise against having any code that's hard coded as thing.getInstance("algorithm", "BC"), something more like this.getInstance("algorithm", providerName) where provider name refers to something set by Provider.getName() in the "single place", otherwise it's going to be very hard for the APIs to make use of "BCFIPS". > Remove Bouncy Castle Reference > -- > > Key: PDFBOX-2963 > URL: https://issues.apache.org/jira/browse/PDFBOX-2963 > Project: PDFBox > Issue Type: Improvement > Components: Crypto, PDModel >Affects Versions: 1.8.9, 1.8.10, 2.0.0 >Reporter: Johnny Minty > > PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider > explicitly (Hard coded) > Referencing bouncy castle explicitly ties PDF box to a specific provider > implementation. > Instead of referencing BouncyCastleProvider explicitly provide an option to > select another provider or alternatively allow a way to override the default. > Version 1.8.X: > https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java > {code} > public static SecurityHandlersManager getInstance() > { > if(instance == null) > { > instance = new SecurityHandlersManager(); > Security.addProvider(new BouncyCastleProvider()); > } > return instance; > } > {code} > Version 2.0.0: > https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java > {code} >static > { > Security.addProvider(new BouncyCastleProvider()); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org
[jira] [Commented] (PDFBOX-2963) Remove Bouncy Castle Reference
[ https://issues.apache.org/jira/browse/PDFBOX-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=14734344#comment-14734344 ] David Hook commented on PDFBOX-2963: Just further on this one - the issue has come up because there are soon to be 2 Bouncy Castle Providers, one which is FIPS hardened, the other which is the regular one. The FIPS hardened provider basically works with the S/MIME, CMS APIs the same as the regular one does, and provides the same ASN.1 library. I'm aware that this project has some dependencies on S/MIME and the like, but it would be good to allow injection of the actual provider used (to start with, providing you don't do anything too crazy, the BC S/MIME API will also work with the PKCS#11 provider, so while some of the classes in either the FIPS provider or the regular BC provider are required for S/MIME to work, the encryption services do not necessarily need to come from them). If you have any questions about anything I've raised here, please feel free to comment and/or email me. > Remove Bouncy Castle Reference > -- > > Key: PDFBOX-2963 > URL: https://issues.apache.org/jira/browse/PDFBOX-2963 > Project: PDFBox > Issue Type: Improvement > Components: PDModel >Affects Versions: 1.8.9, 1.8.10, 2.0.0 >Reporter: Johnny Minty > > PDFBox Versions 1.8.X and 2.0.X add Bouncy Castle as a security provider > explicitly (Hard coded) > Referencing bouncy castle explicitly ties PDF box to a specific provider > implementation. > Instead of referencing BouncyCastleProvider explicitly provide an option to > select another provider or alternatively allow a way to override the default. > Version 1.8.X: > https://github.com/apache/pdfbox/blob/1.8.10/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlersManager.java > public static SecurityHandlersManager getInstance() > { > if(instance == null) > { > instance = new SecurityHandlersManager(); > Security.addProvider(new BouncyCastleProvider()); > } > return instance; > } > Version 2.0.0: > https://github.com/apache/pdfbox/blob/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandlerFactory.java >static > { > Security.addProvider(new BouncyCastleProvider()); > } -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org For additional commands, e-mail: dev-h...@pdfbox.apache.org