JAVA Toolkit
| home | contact




versions 2010

IAIK-JCE 4.0 - 04. November 2010

Class or Package

Bug / Change New Feature

Description and Examples

 *

C

JDK 1.1.x is no longer supported. Supported Java version are 1.2, 1.3, 1.4, 1.5 (5.0), 1.6 (6.0), 1.7 (7.0)) and compatible.

*

C

overall performance improvements (e.g. of hash functions, ciphers, etc.)

*

C

now security-critical parts of the library use safe comparisons in order to prevent timing attacks (so for example GCM and CCM)

iaik.asn1.UNKOWN

C

method encode implemented

iaik.security.cipher

C

performance improvements affecting repeated invocations of Cipher.doFinal()

iaik.security.cipher.GCM

C

- up to 3.52 times higher throughput of the GCM mode (on 32-bit Windows systems) compared to version 3.181

- up to 2.11 times higher of GCM mode (on 64 bit systems) compared to version 3.181 (on 64 bit systems)

iaik.security.cipher.CCM

B

- fixed wrong computation of maximum input length, and

- 8% higher throughput on 64-bit systems

iaik.security.keystore.IAIKKeyStore

C

method engineLoad() throws IOException if a null password has been
 specified and also tries to verify the MAC if a zero-length password has been specified

iaik.security.md

C

- up to 63% higher throughput of RipeMd128 on 32-bit systems (depending on the input length),

- up to 55% higher throughput of RipeMd160 on 32-bit Windows systems (depending on the input length),

iaik.security.md

NF

new message digests: RipeMd256 and RipeMd320

iaik.security.provider.IAIK

NF

new PRNG registrations:

- SHA1PRNG, SHA256PRNG, SHA384PRNG, SHA512PRNG, MD5PRNG, RipeMd128PRNG, RipeMd160PRNG, WhirlpoolPRNG,

- SHA1PRNG-FIPS, SHA256PRNG-FIPS, SHA384PRNG-FIPS, SHA512PRNG-FIPS, RipeMd160PRNG-FIPS (FIPS-186-2 PRNGs),

- 3DESPRNG (corresponds to ANSIRandom class),

- SHA1PRNG-SP80090, SHA224PRNG-SP80090, SHA256PRNG-SP80090, SHA384PRNG-SP80090, SHA512PRNG-SP80090 (new hash based NIST SP800-90 PRNGs),

- HMacSHA1PRNG-SP80090, HMacSHA224PRNG-SP80090, HMacSHA256PRNG-SP80090, HMacSHA384PRNG-SP80090, HMacSHA512PRNG-SP80090 (new HMAC based NIST SP800-90 PRNGs),

- AES128PRNG-SP80090, AES192PRNG-SP80090, AES256PRNG-SP80090 (new block cipher based NIST SP800-90 PRNGs),

as well as new RSA key pair generator registrations:

- RSA-FIPS, RSA-OAEP-FIPS, RSA-PSS-FIPS

iaik.security.provider.IAIK

C

Method addAsJDK14Provider() deprecated; IAIK provider can be added as first provider by calling

IAIK.addAsProvider or Security.insertProviderAt(new IAIK(), 1);

iaik.security.provider.IAIK

C

Since JDK 1.1 compatiblity is no more required, registration of algorithm engines can be done
 as privileged action

iaik.security.random

NF

transition to the SecureRandom framework. Now, SecureRandom instances can (and should) be obtained using SecureRandom.getInstance(). 

 Code sample:

        SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "IAIK");
        byte[] bytes = new byte[8];
        random.nextBytes(bytes);

See below for a full list of algorithms.

iaik.security.random

NF

new NIST SP800-90 pseudo-random number generators based on

- SHA1

- SHA-224

- SHA-256

- SHA-384, and

- SHA-512

added.

iaik.security.random

NF

new NIST SP800-90 pseudo-random number generators based on

- HMac/SHA1

- HMac/SHA-224

- HMac/SHA-256

- HMac/SHA-384, and

- HMac/SHA-512

added.

iaik.security.random

NF

new NIST SP800-90 pseudo-random number generators based on

- AES-128

- AES-192

- AES-256

added.

iaik.security.random.SecRandom

C

Method SecRandom.setDefault(Class) is now deprecated; use SecRandom.setDefault(String) instead

iaik.security.rsa

NF

new RSA signature class based on RipeMd256: RipeMd256RSASignature

Code sample:

      Signature sig = Signature.getInstance("RipeMd256withRSA", "IAIK");
      ...
      sig.update(data);
      byte[] signature = sig.sign();
      

iaik.security.rsa.RSAKeyPairGenerator

C

the key pair generation is now based on IEEE P1363.

iaik.security.rsa.RSAOaepKeyPairGenerator

C

the key pair generation of the OAEP key pair generator is now based on IEEE P1363.

iaik.security.rsa.RSAPssKeyPairGenerator

C

the key pair generation of the Pss key pair generator is now based on IEEE P1363.

iaik.security.rsa.RSAKeyPairGeneratorFIPS

NF

new key pair generator that is based on the FIPS-186-3 standard.

iaik.security.rsa.RSAOaepKeyPairGeneratorFIPS

NF

OAEP key pair generator that is based on the new FIPS-186-3 key pair generator.

iaik.security.rsa.RSAPssKeyPairGeneratorFIPS

NF

PSS key pair generator that is based on the new FIPS-186-3 key pair generator.

iaik.security.rsa.RawRSAPkcs1v15Signature

NF, C

Verification now checks both absent and NULL digest algorithm parameters.

iaik.utils.Utils

C

performance improvements of several central methods (note that this also affects the overall performance)

iaik.utils.CryptoUtils

C

performance improvements of several central methods (note that this also affects the overall performance)

iaik.utils.CryptoUtils

NF

new method overloads: many important helper methods are now not only availaible for the datatype byte[], but also for the datatypes int[] and long[]

 iaik.utils.CryptoUtils

NF

two new  secureEqualsBlock methods that provide a timing-attack-resistant way to compare two byte arrays.

iaik.utils.CryptoUtils

NF

new addModBlockSize method that allows the addition of two blocks modulo a specific blocksize.

iaik.utils.NumberTheory

C

millerRabin is now implemented according to IEEE P1363.

 iaik.x509.X509Certificate
 iaik.x509.X509CRL
 iaik.x509.X509Extensions
 iaik.x509.RevokedCertificate

NF

New method getRawExtensionValue to get the raw DER encoded extension (not wrapped into an OCTET STRING)


 
print    tip a friend
back to previous page back  |  top to the top of the page