versions 2000

IAIK-JCE 2.61: 10. October 2000

Class or Package

B ug / C hange N ew F eature

Description and Examples

RSA

C

Now that the patent of the RSA algorithm is expired it is included in the iaik_jce.jar file. The RSA algorithm can now be used worldwide without legal problems!

JAR File Structure

C

We have restructured the JAR files we provide. iaik_jce_full.jar still contains the complete package and iaik_jce.jar all classes except the crypto algorithms that may require separate licensing. These algorithms have now all been put in iaik_jce_patented.jar . Currently these are RC4, RC5, RC6 and IDEA. For further information please see http://jcewww.iaik.at/legal/patent.htm .

AES

C

Now that NIST has announced its choice of the AES the Rijndael algorithm is now also available under the name AES with Cipher.getInstance(), etc.

Rijndael-256

NF

The Rijndael algorithm is now also implemented with a blocksize of 256 bit in addition to the standard 128 bit. It is available as Rijndael-256. Note that the difference is to std. Rijndael is blocksize and not key length.

javax.crypto.*

NF

Full Sun JCE 1.2.1 API compatibility. The changes are fairly small, though. Note that in difference to the Sun JCE implementation we do not require signed providers and we do not enforce crypto policies.

AlgorithmParameters

NF

AlgorithmParameters are now supported for all symmetric ciphers. They all support IV; RC2 and RC5 additionally support their separate parameter classes with the init() and getParameters() methods.

RSAKeyPairGenerator

B

The RSA keypairgenerator used to hang when a public exponent was explicitly specified, fixed.

RSAKeyPairGenerator

C

The default public exponent was changed to 65537 (216+1).

javax.crypto.Cipher

B

The getAlgorithm() method used to return only the algorithm name instead of the full transformation string as specified in the JCE.

BufferedCipher

B

Due to padding errors sometimes a NegativeArraySizeException may have been thrown. Now a BadPaddingException is thrown in such cases.

javax.crypto.SealedObject

NF

Now also supports method getObject(Key) .

GeneralKeyFactory

NF

SecretKeyFactories are now available for all symmetric ciphers. They are implemented by the class iaik.security.cipher.GeneralKeyFactory.

DHKeyAgreement

C

The DHKeyAgreement implementation has been changed so that the generateSecret() method returning a SecretKey object works for all symmetric ciphers.

iaik.asn1.DerCoder

B

When running in certain mode a extra EOC octet may have been inserted in implicit encodings. Fixed.

iaik.asn1.structures.AVA

NF

New method setDefaultEncoding allowing to set another default encoding than ASN.1 PrintableString.

iaik.asn1.structures.
GeneralName

NF

Now also allows to create new GeneralName objects of type otherName, e.g.:

iaik.x509.extensions

NF

Now supports all certificate, crl and crl entry extensions described in RFC 2459. The following implementations have been added to complete the list:

• SubjectDirectoryAttributes
• CertificateIssuer
• DeltaCRLIndicator
• HoldInstructionCode
• InvalidityDate
• IssuingDistributionPoint

Qualified Certificates

NF

Implementation of the PKIX Qualified Certificate Profile (see packages iaik.x509.qualified, iaik.x509.extensions.qualified, iaik.x509.extensions.qualified.structures and demo.x509.qualified for a demo.

IAIK-JCE 2.6 Final: 30. June 2000

Class or Package

B ug / C hange N ew F eature

Description and Examples

demo.*

NF,C

The demo class files have been separated from the library. Now the following jar files are available: iaik_jce.jar, rsa_rc4.jar, idea.jar, iaik_jce_full.jar and the demos in iaik_jce_demo.jar

iaik.asn1.UTF8String

NF

New method getRFC2253String(String) for giving a RFC 2253 compatible UTF8-String representation.

iaik.asn1.structures.ChoiceOfTime

NF

New constructor ChoiceOfTime(Date, boolean) allowing to decide whether dates through 2050 shall be automatically encoded as GeneralizedTime.

iaik.asn1.structures.AVA, iaik.asn1.structures.RDN, iaik.asn1.structures.Name

NF

New method getRFC2253String() for giving a full RFC2253 compatible (including escaping) string representation of the AVA, RDN, DN.

iaik.pksc.pkcs7.EncryptedDataStream, iaik.pkcs.pkcs7.EncryptedData

NF

New constrcutors and setup methods for user-friendly doing password based encryption -- the intended usage of PKSC#7 type EncryptedData

iaik.security.cipher.DES, iaik.security.cipher.IDEA

C

Key setup optimized.

iaik.security.cipher.PBE

B

engineInit(int, Key, AlgorithmParameterSpec, SecureRandom) uses the supplied SecureRandom

iaik.security.keystore.IAIKKeyStore

C

Now uses iaik.asn1.UTF8String to overcome problems due to alias encoding...

iaik.utils.RFC2253NameParser

NF

New class for creating a Distinguished Name (iaik.asn1.structures.Name object) from its RFC2253 string representation.

iaik.utils.Util

NF

New method setEncoding allowing to define the encoding to be used for ASN.1 string types (except for UTF8String which is handled in a different way).

iaik.x509.X509Certificate, iaik.x509.X509CRL, iaik.pkcs.pkcs10.CertificateRequest

NF

New method getFingerPrint(String digestAlgorithm) allowing to calculate the fingerprint with the digest algorithm of choice.

iaik.x509.X509Certificate, iaik.x509.X509CRL, iaik.x509.RevokedCertificate

NF

Dates after 2050 are automatically encoded as GeneralizedTime.

iaik.x509.CertificateFactory

NF

Now also handles simple DER encoded cert chains and NetscapeCertLists.

iaik.x509.extensions.
SubjectKeyIdentifier

NF

New Constructor to automatically create a subjectKeyIdentifier from a public key according RFC2459: