IAIK-JCE 3.03 Maintenance Release - 4. April 2003
|
|
Class or Package
|
B
ug /
C
hange
N
ew
F
eature
|
Description and Examples
|
|
iaik.security.cipher.PbeWithSHAAnd3_KeyTripleDES_CBC
iaik.security.cipher.PbeWithSHAAnd40BitRC2_CBC
|
C
|
Changed internal usage of PKCS#12 KeyMaterialGenerator to avoid IllegalAccessError problems with some VMs.
|
|
iaik.security.dsa.DSAKeyFactory
|
B
|
Modified method engineGetKeySpec() to accept private keys of any provider.
|
|
iaik.security.dh.DHKeyFactory
|
B
|
Modified method engineGetKeySpec() to accept private keys of any provider.
|
|
iaik.pkcs.pkcs7.ContentInfo
|
B
|
use changed readEOC() handling of DerInpuStream
|
IAIK-JCE 3.02 Maintenance Release - 7. February 2003
|
|
Class or Package
|
B
ug /
C
hange
N
ew
F
eature
|
Description and Examples
|
|
*
|
C, NF
|
Throughout the library -- where possible -- SecretKey names "RAW" are replaced by the actual cipher algorithm names. This may be required where JCE frameworks (like the one included in JDK1.4) check for key sizes but unlimited strength jurisdiction policy files cannot be used. Class
iaik.security.cipher.SecretKey
contains new method setAlgorithm allowing an application to set the algorithm name.
|
|
jdk11x_update.jar
|
C
|
To may be used with the new IAIK-JCE WebStart edition, the new jdk11x_update.jar file now uses
iaik.utils.IaikSecurity
instead of javax.crypto.IaikSecurity to handle Security providers, algorithm names, aliases.
|
|
WebStart Edition
|
NF
|
New WebStart Edition of IAIK-JCE to avoid troubles due to jar-file double signing when using IAIK-JCE with Java™ WebStart and JDK 1.4.
|
|
iaik.asn1.DerInputStream
|
C
|
When parsing a structured type each DerInputStream component ensures to read away any remaining EOC octets from the prior component; however, final remaining EOC octets of the final (outer) still may have to be read away manually by calling readEOC, if required.
|
|
iaik.asn1.UNKNOWN
|
B
|
Decoding error might have caused "hard coded" printing of stack trace to System.err.
|
|
iaik.asn1.structures.Attributes
|
NF
|
Container class for maintaining/encoding/parsing Attributes.
|
|
iaik.asn1.structures.ChoiceOfTime
|
B,C
|
GenerailzedTime are now encoded down to milliseconds;
getDate()
returns the same milliseconds value on repeated calls; UTCTime encodings with missing seconds are handled properly
|
|
iaik.asn1.structures.PolicyQualifierInfo
|
C
|
explicitText field optional; organization field by default encoded as IA5String (VisibleString so far); any ASN.1 String types allowed for explicitText and organization fields to be open for any changes that may be done by MSIE in the future (RFC 2459 specified the organization field as CHOICE of VisibleString, BMPString or UTF8String; RFC 3280 added IA5String; now MSIE seems to only properly handle organization fields when encoded as IA5String).
|
|
iaik.pkcs.pkcs7
|
C
|
stream implementations now by default use a blocksize value of 2048 to enforce structured encoding by the default; non-stream implementations continue to use a blocksize value of -1 to use definite primitive encoding by default
|
|
iaik.pkcs.pkcs7.RecipientInfo
iaik.pkcs.pkcs7.SignerInfo
iaik.pkcs.pkcs7.RSACipherProvider
|
NF
|
Now delegate RSA cipher encryption/decryption operation to a so-called RSACipherProvider which may be implemented and "plugged in" by the application. This may help integrate smartcards more easily, e.g. based on the IAIK PKCS11Provider:
IAIKPkcs11 pkcs11Provider = new IAIKPkcs11();
Security.addProvider(pkcs11Provider);
...
RSACipherProvider rsaProv = new RSACipherProvider(pkcs11Provider.getName(), null);
...
SignerInfo signerInfo = ...;
...
signerInfo.setRSACipherProvider(rsaProv, null);
An application may override method cipher of the RSACipherProvider to implement its own cipher strategy.
|
|
iaik.security.rsa.RawRSASignature
|
NF
|
RSA signature engine that only performs the RSA cipher operation; all the hashing (and DigestInfo encoding) must be done by the application outside the engine. This may be useful with smartcards that expect the already hashed data, e.g.:
AlgorithmID hashAlgorithm = AlgorithmID.sha1;
MessageDigest hashEngine = MessageDigest.getInstance(hashAlgorithm.getImplementationName());
byte[] rawHash = hashEngine.digest(data);
byte[] preparedHash = new DigestInfo(hashAlgorithm, rawHash).toByteArray();Signature rawRsaSignatureEngine = Signature.getInstance("RSA", "IAIK");
rawRsaSignatureEngine.initSign(rsaPrivateKey);rawRsaSignatureEngine.update(preparedHash);
byte[] signature = rawRsaSignatureEngine.sign();
|
|
iaik.security.rsa.RSAKeyFactory
|
B
|
Modified method
engineGetKeySpec()
to accept private keys of any provider.
|
|
iaik.utils.Uitl
|
NF
|
New methods
toPEMString(CertificateRequest request)
,
toPEMString(X509CRL crl)
,
getRawCipherName(String transformation)
,
getKeyLength(PublicKey key)
,
getKeyLength(PrivateKey key)
|
|
iaik.x509.PublicKeyInfo
|
B
|
Method equals expected a private key.
|
|
iaik.x509.extensions.ErrorExtension
|
B
|
Method
getCritical()
returned false in any case.
|
|
demo.keystore.SetupKeyStore
|
C
|
Now generates X.509 V3 style demo certificates (till now V1 certificates have been used).
|
