Many, many thanks Sean. You just settled quite a few discussions in my
shop.
A follow up question:
Slides presented at JavaOne referred to JSR 105 and 106 being included in
J2SE 1.5. What does this imply, exactly? Are JSR 105 and 106 built around
an SPI model like JCA/JCE are? Will there be a "reference implementation"
of 105/106 included in the J2SE 1.5 distro? Or will we still need a 3rd
party XML-Security toolkit like Apache XML-Security alongside J2SE 1.5,
assuming that the toolkit has rolled out 105/106 compliance?
Thanks again,
-Jon
-----Original Message-----
From: Sean Mullan [mailto:[EMAIL PROTECTED]
Sent: Friday, January 23, 2004 1:24 PM
To: [EMAIL PROTECTED]
Subject: Re: [Java] Newb question concerning XML-Sec JCE requirements
Anderson Jonathan wrote:
> Hi everyone,
> Apologies in advance for what is probably a rather naive question.
Current
> distributions of Apache XML-Security contain no third party JCE, but all
of
> the documentation points to using the latest versions of the Bouncy Castle
> JCE as the provider for XML-Security. I am dealing with clients that are
> hyper-sensitive to non-U.S. crypto implementations, and so I pose the
> question:
>
> If I am using J2SE 1.4.2 (1.4.2_03, to be precise), does the default Sun
> provider that ships with 1.4.2 provide everything I need to use
XML-Security
> to both sign and encrypt? I was initially suspicious of the SunJCE
> supporting SHA1withRSA (I am primarily concerned with XML-DSIG), but it
> appears to me that 1.4.2 SunJCE supports it just fine.
>
> I would sincerely be grateful if someone could either confirm that the
> 1.4.2 SunJCE supports all of the Apache XML-Security use cases OR provide
me
> with a list of use cases that require a third party JCE such as Bouncy
> Castle.
Sun's JCA/JCE provider in 1.4.2 should have everything you need for XML DSig
and has
almost everything you need for XML Enc. These are the exceptions:
- we don't support the XML Encryption Block Encryption Padding algorithm
(ISO10126)
This will be fixed in 1.5, which a beta version will be available soon.
As a
workaround you might be to do the padding/unpadding yourself.
- we don't support the XML Encryption RSA and RSA-OAEP key transport
algorithms.
Both of these will be supported in 1.5 (beta available soon).
--Sean
