IAIK-JCE 3.181 - 28. September 2009
|
|
Class or Package
|
B
ug /
C
hange
N
ew
F
eature
|
Description and Examples
|
|
*
|
C
|
Where possible Hashtables are replaced by HashMaps to increase
access performance in multithreaded environments; for
JDK 1.1.x a new
jdk11x_update.jar
version must be used
|
|
iaik.security.cipher.CamelliaKeyWrap
|
NF
|
Support for the CamelliaKeyWrap algorithm for wrapping Camellia Camellia content encryption keys with Camellia key encryption keys according to RFC 3657 added.
|
|
iaik.security.cipher.HMACwithAESwrap
|
NF
|
Support for the HMACwithAESwrap algorithm for wrapping HMAC message authentication code keys
with a AES key encryption keys according to RFC 3537 added.
|
|
iaik.x509.attr.ACRL
|
B
|
addCertificate(AttributeCertificate cert, Date revocationDate)
: Use critical CertificateIssuer
extension for indirect CRL entries.
|
|
iaik.x509.X509CRL
|
C
|
listCertificates
: the order in the Enumeration of revocation entries reflects the structure of the crl (for each certificate issuer of an indirect crl the first RevokedCertificate contains the CertificateIssuer extension with the name of the certificate issuer)
getRevokedCertificates
: the Set of revocation entries does not reflect the order; threfore each RevokedCertificate that represents an indirect crl entry contains the CertificateIssuer extension with the name of the corresponding certificate issuer
|
|
iaik.x509.X509Extensions
|
C
|
addExtension
: now throws an IllegalArgumentException when trying to add a critical/non critical
extension if an extension with contrarian (non critical / critical) state has been already added;
getExtensionValue
: does not clear existing ObjectID name / short name registration anymore
|
|
jdk11x_update.jar
|
C, NF
|
contains a simple (Hashtable based and therefore still access synchronized) HashMap implementation to allow JDK independent use of HashMaps
|
IAIK-JCE 3.18 - 5. August 2009
|
|
Class or Package
|
B
ug /
C
hange
N
ew
F
eature
|
Description and Examples
|
|
iaik.asn1.DerInputStream
|
C
|
readEOC
: changed indefinite length encoding check
|
|
iaik.asn1.ObjectID
|
B
|
Fixed de/encoding of large subid values; fixed de/encoding of first subid value; reject subid encodings with leading zeros; check oid strings for correct syntax (can be turned on/off by new method checkOID or new constructor)
|
|
iaik.asn1.structures.AVA
|
C
|
toString
now quotes attribute vaules if they contain an equals sign ("=") to avoid misinterpration as separate attribute values
|
|
iaik.asn1.structures.Name
|
NF
|
Added constructor for creating a distinguished name from an RFC2253 String; added
getRDN(s)
methods to get the RFC2253 representation of RDN values
|
|
iaik.asn1.structures.RDN
|
NF
|
Added method addAVA allowing to add an AVA without replacing an already existing AVA of the same type; added method
getAVAs(ObjectID oid)
to get multiple AVAs with same type, if present
|
|
iaik.asn1.structures.RDN
|
B
|
When decoding an RDN, allow more than only one AVA of same type
|
|
iaik.asn1.structures.RDN
|
C
|
equals compare AVAs without checking their order
|
|
iaik.asn1.structures.PolicyQualifierInfo
|
C
|
Default encoding of organization field changed from IAString to UTF8String, of explicitText field from VisibleString to UTF8String
|
|
iaik.iso.iso9796.ISO9796P2Signature
|
B
|
Registered hash engine id (0x37) for Whirlpool
|
|
iaik.pkcs.pkcs1.RSACipher, iaik.pkcs.pkcs1.PKCS1v15Padding
|
NF
|
Support for tansformation mode "RSA/SSL/PKCS1Padding" (as used by IBMJSSE) added
|
|
iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo
|
C
|
Default iteration count for encryption set to 2000
|
|
iaik.security.cipher.Camellia, iaik.security.cipher.CamelliaKeyGenerator, iaik.security.cipher.Camellia192KeyGenerator, iaik.security.cipher.Camellia256KeyGenerator
|
NF
|
Added support for Camellia, a symmetric 128-bit block cipher and KeyGenerators for Camellia secret keys for the bit sizes 128, 192 and 256. .
|
|
iaik.security.cipher.CCMCMSParameters, iaik.security.cipher.CCMCMSParameterSpec
|
NF
|
New algorithm parameter implementation for the CCM operation mode. If used with a cipher in CCM mode the MAC block is not concatenated to the ciphertext but can be retrieved as parameter from the
CCMCMSParameterSpec
. This usage of the CCM mode is needed for CMS.
A
CCMCMSParameter
object can be instantiated with
AlgorithmParameters.getInstance("CCMCMS", "IAIK")
.
|
|
iaik.security.dsa.SHA224withDSA, iaik.security.dsa.SHA256withDSA, iaik.security.dsa.SHA224withDSAKeyPairGenerator, iaik.security.dsa.SHA256withDSAKeyPairGenerator, iaik.security.dsa.DSAKeyFactory, iaik.security.dsa.SHA2withDSAGenParameterSpec, iaik.security.dsa.SHA224withDSAParameterGenerator, iaik.security.dsa.SHA256withDSAParameterGenerator, iaik.security.dsa.SHA2withDSAParameterSpec, iaik.security.dsa.SHA2withDSAParams, iaik.security.dsa.DSAParameters
|
NF
|
Added SHA-2 support for Digital Signature Algorithm (DSA) specified by FIPS PUB 186-3.
Code sample:
KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("SHA256withDSA", "IAIK");
KeyPair keyPair = keyGenerator.generateKeyPair();
byte[] message = "Message to be signed".getBytes("ASCII");
Signature dsa = Signature.getInstance("SHA256withDSA", "IAIK");
dsa.initSign(keyPair.getPrivate());
dsa.update(message);
byte[] dsasig = dsa.sign();
|
|
iaik.security.dsa.DSAPrivateKey, iaik.security.dsa.DSAPublicKey
|
C
|
Made DSA parameters transient to support serialization
|
|
iaik.security.rsa.RSASignature
|
NF
|
Added Support for signature algorithm name "RSAforSSL" (as used by IBMJSSE)
|
|
iaik.utils.RFC2253NameParser
|
B
|
Allow RDNs with more than only one AVA of same type
|
|
iaik.x509.ChainVerifier
|
NF
|
verifyChain
: check if different consecutive certificates have the same signature value (countermeasure against preimage attacks on the signature hash algorithm)
|
|
iaik.x509.extensions.ExpiredCertsOnCRL
|
NF
|
Implementation of the ITU-T X.509v2 ExpiredCertsOnCRL extension indicating that a CRL containing this extension will includerevocation status information for certificates that have been already expired
|
|
iaik.x509.extensions.priv
|
NF, C
|
Added support for Austrian E-Government extensions IdentitlyLinkIssuer, MandateIssuer, Official; aligned PublicAuthorityIdentifier, PublicServiceProvider with changed specification
|
|
iaik.x509.ocsp.extensions.commonpki.CertHash
|
NF
|
Implementation of the CertHash OCSP SingleResponse extension as defined by the German CommonPKI profile for allowing an OCSP responder to provide evidence that the certificate in mind is known to the responder
|
|
iaik.x509.ocsp.net.HttpOCSPRequest
|
NF
|
Added method
sendGETRequest
to send OCSP requests by using the GET method according to RFC 5019 (leigtweight OCSP); added method
getHeaderField
allowing to get response headers
|
|
demo.x509.ocsp.OCSPServerThread
|
NF
|
Added support for parsing OCSP GET requests as used by leightweight OCSP (RFC 5019)
|
