That is really cool!
You mentioned in your previous e-mail that you have seen significant performance improvements. Is this when interfaced with xml-security?
It would be interesting to turn this (or something like it) into a fully fledged library. I wonder if one could apply for a signing cert from Sun to sign the provider?
Cheers,
BerinScott Cantor wrote:
Is this an open-source effort? (JCE Interface to OpenSSL)? i'd like to use it as well.
Yeah, but it's not in the form of a complete solution so user beware. Just a few needed algorithms and operations are implemented, and we don't implement RSA crypto directly because it's not a signed JCE. You can plug in a signature provider without getting your jar signed, so Walter and Noah basically implemented the signature operation by calling into OpenSSL for the RSA crypto, but you can't invoke the RSA from Java directly outside of the signature calls.
The code's checked into our cvs: http://cvs.internet2.edu/cgi-bin/viewcvs.cgi/NativeJCE/
Check out details can be found on the www.opensaml.org site for that cvs.
There are no copyright statements embedded in the files yet, but for now consider the code covered by the Shibboleth license, which is Apache-like: http://shibboleth.internet2.edu/license.html
-- Scott
