print Print
Logo: Stiftung Secure Information and Communication Technologies SIC Stiftung Secure Information and Communication Technologies SIC

versions 2008

IAIK-JCE 3.17 - 23. December 2008

Class or Package

Bug / Change New Feature

Description and Examples

*

NF

jar files signed with new certificate

*

NF

Provides special versions of iaik_jce.jar and iaik_jce_full.jar allowing to use
 unlimited strength cryptography also if only the default jurisdiction policy files are
 installed (to may be used in countries with no restrictions of key sizes);

iaik.asn1.UTF8String

C

Method getRFC2253String(char[] str, boolean strictEscaping): escape null
 ('\u0000') in any case (even if strictEscaping is false) since
 required by RFC 4514

iaik.asn1.structures.GeneralName

C, NF

Support for subnet mask representation for GeneralName of type ipAddress as
 required for NameConstraints extension

iaik.asn1.structures.Name

NF

New method getRDNs returning the RDNs as array of
 RDN objects

iaik.asn1.structures.RDN

NF

New method getAVAs returning the AVAs as array of
 AVA objects

iaik.pkcs.pkcs1.RSACipher

C

Only acquire SecureRandom object if actually required

iaik.pkcs.pkcs7.ContentInfo

B

Fixed EOC parsing for nested content

iaik.pkcs.pkcs7.Data

C

Use DerCoder for parsing to support arbitrary nested octet strings

iaik.pkcs.pkcs7.SignedDataStream

C

If signature verification fails with attributes in parsed order try
 a second time with sorted attributes

iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo

C

PrivateKey object is cleared when encrypt is called

iaik.pkcs.pkcs12.PKCS12KeyStore

C

Changed order of certificates when storing the keystore; end-user certificate is at index 0 and
 top-CA-certificate at the end of the certificate chain

iaik.pkcs.pkcs12.PKCS12KeyStore

B

Support for key entry encryption and keystore storage with different passwords

iaik.security.cipher

C

Default padding mode for block ciphers changed from NoPadding to PKCS5Padding.
 Now, e.g., calling Cipher.getInstance("AES") is equal to Cipher.getInstance("AES/ECB/PKCS5Padding").
 Default padding for CTR, CTS, CCM and GCM remains NoPadding.

iaik.security.cipher

NF

Implementation of the GCM (Galois/Counter) mode as defined in NIST Special Publication 800-38D and
 the CTS (Ciphertext Stealing) mode for block ciphers as defined in Applied Cryptography by Bruce Schneier.
 In order to use these modes call Cipher.getInstance("AES/GCM/NoPadding") or
Cipher.getInstance("AES/CTS/NoPadding"). Both modes can only be used with NoPadding.

iaik.security.cipher

C

Modes CTR and CCM can now only be used with padding NoPadding.
 Modes OFB and CFB can also be used with data that is not a multiple of the block size.

iaik.security.cipher

C

Cipher of mode CCM returns nonce if calling cipher.getIV() and may be initialized
 with IvParameterSpec objects and AlgorithmParameters of type IV.

iaik.security.cipher

C

Method engineGetIv() clones iv value before returning it to the calling
 application (to avoid not intended zeroization of application kept iv values).

iaik.security.cipher.CCMParameters

C

CCMParameters objects may be initialized with IvParameterSpec objects.
 Nonce-length (IV length) is checked when initialized.

iaik.security.cipher.GCMParameters,
 iaik.security.cipher.GCMParameterSpec

NF

Opaque and transparent parameter implementations for the GCM operation mode

iaik.security.mac.HMacWhirlpool,
 iaik.security.mac.HMacWhirlpoolKeyGenerator

NF

HMAC implementation and key generator using Whirlpool message digest algorithm

iaik.security.random.WhirlpoolRandom

NF

Pseudo-random number generator based on the Whirlpool message digest algorithm

iaik.security.rsa

NF

Implementations of RSA signature schemes (PKCS#1v1.5, PKCS#1v2.1 PSS, ISO 9796)
 using Whirlpool as hash algorithm

iaik.utils.IaikSecurity

NF

New getCipher methods to may be used for Cipher object creation
when using unlimited strength cryptography with default jurisdiction policy
files

iaik.utils.ObjectFactory

NF, C

New Factory used by the library for implementation class registration and object
 creation; similar to Factory, but uses a HashMap for JDK versions higher than 1.1 and does
 not synchronize on object creation to optimize performance on multiprocessor systems

iaik.utils.RFC2253NameParser

C

Allows "=" sign to be escaped, too (according to RFC 4514)

iaik.utils.SmtpMailer

C

Allows to configure the line separator to be used

iaik.x509.extensions.qualified.structures.etsi.QcEuSSCD

NF

Implementation of the qualified QcEuSSCD statement as specified by ETSI TS 101 862
 to indicate that the private key that belongs to the public key of the certificate
 resides on a Secure Signature Creation Device (SSCD)

 

print Print