JAVA Toolkit
| home | contact




versions 2009

IAIK-JCE 3.181 - 28. September 2009

Class or Package

Bug / Change New Feature

Description and Examples

*

C

Where possible Hashtables are replaced by HashMaps to increase
access performance in multithreaded environments; for
JDK 1.1.x a new jdk11x_update.jar version must be used

iaik.security.cipher.CamelliaKeyWrap

NF

Support for the CamelliaKeyWrap algorithm for wrapping Camellia Camellia content encryption keys with Camellia key encryption keys according to RFC 3657 added.

iaik.security.cipher.HMACwithAESwrap

NF

Support for the HMACwithAESwrap algorithm for wrapping HMAC message authentication code keys
 with a AES key encryption keys according to RFC 3537 added.

iaik.x509.attr.ACRL

B

addCertificate(AttributeCertificate cert, Date revocationDate): Use critical CertificateIssuer
 extension for indirect CRL entries.

iaik.x509.X509CRL

C

listCertificates: the order in the Enumeration of revocation entries reflects the structure of the crl (for each certificate issuer of an indirect crl the first RevokedCertificate contains the CertificateIssuer extension with the name of the certificate issuer)
getRevokedCertificates: the Set of revocation entries does not reflect the order; threfore each RevokedCertificate that represents an indirect crl entry contains the CertificateIssuer extension with the name of the corresponding certificate issuer

iaik.x509.X509Extensions

C

addExtension: now throws an IllegalArgumentException when trying to add a critical/non critical
 extension if an extension with contrarian (non critical / critical) state has been already added;
getExtensionValue: does not clear existing ObjectID name / short name registration anymore

jdk11x_update.jar

C, NF

contains a simple (Hashtable based and therefore still access synchronized) HashMap implementation to allow JDK independent use of HashMaps

IAIK-JCE 3.18 - 5. August 2009

Class or Package

Bug / Change New Feature

Description and Examples

iaik.asn1.DerInputStream

C

readEOC: changed indefinite length encoding check

iaik.asn1.ObjectID

B

Fixed de/encoding of large subid values; fixed de/encoding of first subid value; reject subid encodings with leading zeros; check oid strings for correct syntax (can be turned on/off by new method checkOID or new constructor)

iaik.asn1.structures.AVA

C

toString now quotes attribute vaules if they contain an equals sign ("=") to avoid misinterpration as separate attribute values

iaik.asn1.structures.Name

NF

Added constructor for creating a distinguished name from an RFC2253 String; added getRDN(s) methods to get the RFC2253 representation of RDN values

iaik.asn1.structures.RDN

NF

Added method addAVA allowing to add an AVA without replacing an already existing AVA of the same type; added method getAVAs(ObjectID oid) to get multiple AVAs with same type, if present

iaik.asn1.structures.RDN

B

When decoding an RDN, allow more than only one AVA of same type

iaik.asn1.structures.RDN

C

equals compare AVAs without checking their order

iaik.asn1.structures.PolicyQualifierInfo

C

Default encoding of organization field changed from IAString to UTF8String, of explicitText field from VisibleString to UTF8String

iaik.iso.iso9796.ISO9796P2Signature

B

Registered hash engine id (0x37) for Whirlpool

iaik.pkcs.pkcs1.RSACipher, iaik.pkcs.pkcs1.PKCS1v15Padding

NF

Support for tansformation mode "RSA/SSL/PKCS1Padding" (as used by IBMJSSE) added

iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo

C

Default iteration count for encryption set to 2000

iaik.security.cipher.Camellia, iaik.security.cipher.CamelliaKeyGenerator, iaik.security.cipher.Camellia192KeyGenerator, iaik.security.cipher.Camellia256KeyGenerator

NF

Added support for Camellia, a symmetric 128-bit block cipher and KeyGenerators for Camellia secret keys for the bit sizes 128, 192 and 256. .

iaik.security.cipher.CCMCMSParameters, iaik.security.cipher.CCMCMSParameterSpec

NF

New algorithm parameter implementation for the CCM operation mode. If used with a cipher in CCM mode the MAC block is not concatenated to the ciphertext but can be retrieved as parameter from the CCMCMSParameterSpec. This usage of the CCM mode is needed for CMS.
A CCMCMSParameter object can be instantiated with AlgorithmParameters.getInstance("CCMCMS", "IAIK").

iaik.security.dsa.SHA224withDSA, iaik.security.dsa.SHA256withDSA, iaik.security.dsa.SHA224withDSAKeyPairGenerator, iaik.security.dsa.SHA256withDSAKeyPairGenerator, iaik.security.dsa.DSAKeyFactory, iaik.security.dsa.SHA2withDSAGenParameterSpec, iaik.security.dsa.SHA224withDSAParameterGenerator, iaik.security.dsa.SHA256withDSAParameterGenerator, iaik.security.dsa.SHA2withDSAParameterSpec, iaik.security.dsa.SHA2withDSAParams, iaik.security.dsa.DSAParameters

NF

Added SHA-2 support for Digital Signature Algorithm (DSA) specified by FIPS PUB 186-3.
Code sample:

KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("SHA256withDSA", "IAIK");
 KeyPair keyPair = keyGenerator.generateKeyPair(); 
byte[] message = "Message to be signed".getBytes("ASCII"); 
Signature dsa = Signature.getInstance("SHA256withDSA", "IAIK"); 
dsa.initSign(keyPair.getPrivate()); 
dsa.update(message); 
byte[] dsasig = dsa.sign();

iaik.security.dsa.DSAPrivateKey, iaik.security.dsa.DSAPublicKey

C

Made DSA parameters transient to support serialization

iaik.security.rsa.RSASignature

NF

Added Support for signature algorithm name "RSAforSSL" (as used by IBMJSSE)

iaik.utils.RFC2253NameParser

B

Allow RDNs with more than only one AVA of same type

iaik.x509.ChainVerifier

NF

verifyChain: check if different consecutive certificates have the same signature value (countermeasure against preimage attacks on the signature hash algorithm)

iaik.x509.extensions.ExpiredCertsOnCRL

NF

Implementation of the ITU-T X.509v2 ExpiredCertsOnCRL extension indicating that a CRL containing this extension will includerevocation status information for certificates that have been already expired

iaik.x509.extensions.priv

NF, C

Added support for Austrian E-Government extensions IdentitlyLinkIssuer, MandateIssuer, Official; aligned PublicAuthorityIdentifier, PublicServiceProvider with changed specification

iaik.x509.ocsp.extensions.commonpki.CertHash

NF

Implementation of the CertHash OCSP SingleResponse extension as defined by the German CommonPKI profile for allowing an OCSP responder to provide evidence that the certificate in mind is known to the responder

iaik.x509.ocsp.net.HttpOCSPRequest

NF

Added method sendGETRequest to send OCSP requests by using the GET method according to RFC 5019 (leigtweight OCSP); added method getHeaderField allowing to get response headers

demo.x509.ocsp.OCSPServerThread

NF

Added support for parsing OCSP GET requests as used by leightweight OCSP (RFC 5019)

 

 
print    tip a friend
back to previous page back  |  top to the top of the page