WebStart Edition

The WebStart Editions of IAIK JCE , iSaSiLk and IAIK-CMS have the same API and functionality as the standard editions of these libraries. However, they include a few modifications that allow them to be used with Java™ WebStart easily, mainly to avoid problems due to the requirement of jar-file double signing when running Java™ WebStart with JDK 1.4 or later.

Background

If you try to run the standard edition of IAIK-JCE with Java™ WebStart you may run into the following problem, especially when using JDK1.4 or later:
The JCE framework included in JDK 1.4 / JDK 1.5 requires a JCE provider to be signed by the SUN JCE Code Signing CA. However, Java™ WebStart does not have the corresponding certificate in its pool of trusted CAs. So when running an application with Java™ WebStart a warning message will pop up saying that is highly recommended not to launch the application because it has been signed by an untrusted CA. Basically there may be two options for solving this problem:

• Installing the JCE Code Signing CA certificate on each intended client.
• Signing the iaik_jce_(full).jar file a second time now using a certificate (e.g. issued from Verisign) that is automatically trusted by WebStart.

However, requiring each intended client to install the JCE Code Signing CA certificate may not be the prefered way for an application vendor. And double signing (with the JCE Code Signing and, e.g. the Verisign certificate) a jar file may not work with Java™ WebStart.

The IAIK-JCE, iSaSiLk and IAIK-CMS WebStart Editions offer a third alternative to solve the problem by moving all the JCE API implementing classes from javax.crypto.* to iaik.javax.crypto.* . Following this, signing of the JCE provider jar file ( iaik_jce_(full)_ws.jar ) is no longer required. Now you can (single) sign iaik_jce_(full)_ws.jar with your WebStart trusted (e.g.Verisign) certificate in the accustomed way.

As you see, the IAIK-JCE, iSaSiLk and IAIK-CMS WebStart Editions follow the same strategy as used for our Applet Editions , except that now the java.security.* classes are not reimplemented and moved to the packages in iaik.java.security.* , and classes java.util.Set and java.util.ArraySet are not moved, too. This may simplify usage of the WebStart Edition with JDK versions > 1.1.x. However, if this is not a problem for you, you may use the applet edition with Java™ WebStart, too. Please note, that in contrast to the Applet Edition (which under certain circumstances may be used without any jar file signing) the IAIK-JCE, iSaSiLk and IAIK-CMS WebStart Editions do not assume to use entirely unsigned jar files; it only addresses the WebStart problem that it might not be possible to sign one single jar file with two different certificates.

However, it requires that all programs using the IAIK-JCE, iSaSiLk, and IAIK-CMS WebStart Editions must use this renamed API as described in the next section.

Writing Programs for the IAIK-JCE, iSaSiLk and IAIK-CMS WebStart Editions

The only difference between the IAIK standard editions and the IAIK WebStart editions is that the packages from the JCE API for the Java™ platform have been moved from javax.crypto.* to iaik.javax.crypto.* .
That means if you write a program all you need to do is to use the classes from those packages instead of those from the standard packages. If you have any existing source code that uses IAIK-JCE, iSaSiLk and/or IAIK-CMS those changes have to be made to it as well, but this is easily achieved by using the ConvertSource program supplied with the WebStart edition of the IAIK-JCE.

Converting Existing Source Code

As mentioned above, all classes that use classes from javax.crypto.* have to be modified to take them from iaik.javax.crypto.* instead. This is easily achieved using the ConvertSource program supplied with the WebStart edition of the IAIK-JCE in the tools/ConvertSource directory. It is fully automatic and the entire IAIK-JCE, iSaSiLk and IAIK-CMS sources have been converted using it.

Its usage is