print Print
Logo: Stiftung Secure Information and Communication Technologies SIC Stiftung Secure Information and Communication Technologies SIC

Main Features

  • Written entirely in Java™ language guaranteeing cross platform portability
  • Works on all JDK versions 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8 and compatible
  • Centralized security policy configuration
  • Stream based CMS implementation for supporting one-pass processing making it possible to handle large amounts of data without running into memory problems
  • S/MIME library compatible with the javax.mail architecture from SUN
  • Supports ESS TripleWrapping and arbitrary nesting of S/MIME entities

 Protocol Standards Compliance: 

  • Implements the IETF CMS, S/MIMEv3 and ESS specifications ( RFC 5652; 5751; 2634, 5053)
  • Implements all CMS content types:
    • Data
    • Signed-data
    • Enveloped-data
    • Digested-data
    • Encrypted-data
    • Authenticated-data
      and
    • Authenticated-Enveloped-Data ( RFC 5083)
    • Compressed-data ( RFC 3274)
  • Implements all CMS RecipientInfo types:
    • KeyTransRecipientInfo
    • KeyAgreeRecipientInfo
    • KEKRecipientInfo
    • PasswordRecipientInfo ( RFC 3211)
    • OtherRecipientInfo (user plugable)
  • Supports all algorithms required and recommended for the implemented content types: SHA-1 (also SHA-224, SHA-256, SHA-384, SHA-512), MD5 (digest), RSA (PKCS#1v1.5 and PKCS#1v2.1 PSS signature, PKCS#1v1.5 and PKCS#1v2.1 OAEP key transport), DSA (signature), X9.42 Ephemeral Static and Static Static Diffie Hellman - RFC 2631 (key agreement), AES Key Wrap, Triple-DES Key Wrap, RC2 Key Wrap, HMACwith3DESwrap and HMACwithAESwrap (key encryption), AES, Triple-DES CBC and RC2 CBC (content encryption), PBKDF2 with PWRI-KEK (RFC 3211, password-based encryption for CMS)
  • Can be used with any alternative algorithm fulfilling the requirements of the CMS / S/MIME protocols and supported by an installed security provider
  • Supports Elliptic Curve Cryptography (ECDSA, ECDH)
  • Supports DSA with SHA-2 according to FIPS 186-3
  • Supports Camellia Encryption and Key Wrap algorithm ( RFC 3657)
  • Supports X.509 public key and attribute certificates
  • Supports all content types of S/MIMEv3 and ESS:
    • multipart/signed with application/pkcs7-signature
    • application/pkcs7-mime
      • signed-data
      • enveloped-data
      • certs-only
      • signed-receipt ( ESS)
      • application/pkcs10 from S/MIMEv2 respectively CMC (Certificate Management Messages over CMS)
      • compressed-data (from S/MIMEv3.1)
  • Supports ESS TripleWrapping and arbitrary nesting of S/MIME parts
  • Supports all Enhanced Security Services specified by ESS: ( RFC 2634, 5035):
    • Signing Certificates (+ V2 Signing Certificates)
    • Security Labels
    • Signed Receipts
    • Secure Mailing List

 Application Extensible Design: 

  • Pluggable custom content-type implementations
  • Pluggable custom certification path verification
  • Pluggable custom cryptographic algorithm implementations
  • Pluggable custom canonicalization policies (S/MIME)
  • Pluggable custom security label policies (S/MIME ESS)
  • Allows application defined crypto methods

 Proven Interoperability: 

  • Interoperates with any CMS and S/MIMEv3 implementation
  • Backwards compatible to PKCS#7v1.5 and S/MIMEv2
  • Interoperability tested among others with clients Microsoft Outlook Express, Microsoft Outlook, Netscape,Mozilla Messenger and Thunderbird
  • Listed in the IETF CMS Draft Standard Implementation Report ( see http://www.ietf.org/iesg/implementation/: pdf, txt)

 Cryptographic Provider Independence: 

  • Can be used with any JCA/JCE 1.2 (or later) compliant cryptography provider
  • Can use several different cryptography providers at the same time
  • Provisions for easy integration of smartcards and other secure hardware devices
  • Allows plug-in of user written JCA/JCE engines
  • Allows plug-in of user written non JCA/JCE compliant crypto code
  • Comes with the IAIK-JCE provider by default (included in license)
 

print Print