JAVA Toolkit
| home | contact




versions 2006

IAIK-JCE 3.142 Final - 22. September 2006

Class or Package

Bug / Change New Feature

Description and Examples

Distribution

C

iaik_rc.jar, iaik_idea.jar, iaik_esdh.jar, iaik_jce_full.jar (both, signed and unsigned versions) are packed into one single zip file (iaik_jce_full.zip) to reduce the number of download files

iaik.security.rsa.RSASignature, iaik.pkcs.pkcs7.DigestInfo

C

Signature verification accepts both digest algorithm ids with NULL parameter field (as recommended by PKCS#1v1.5) and missing parameter field (as, e.g., recommended by CMS for the SHA-1 algorithm); where multiple OIDs are known for digest algorithms (e.g. RIPEMD), they are also checked

iaik.x509.attr

NF

New classes ACRL, RevokedAttributeCertificate to be used for crl based attribute certificate revocation, e.g.:, e.g.:

ACRL acrl = new ACRL();
...
// set issuer, thisUpdate, nextUpdate, ... fields
...
// add attribute certificate to be revoked
AttributeCertificate ac = ...;
Date revocationDate = ...;
RevokedAttributeCertificate revCert = 
  new RevokedAttributeCertificate(cert, revocationDate);
acrl.addCertificate(revCert);
...                     
// sign and encode crl
PrivateKey caKey = ...;
acrl.sign(caKey);
byte[] enc = acrl.getEncoded();

iaik.x509.extensions.smime

NF

New classes SMIMECapabilities, SMIMECapability implement the SMIMECapabilities certificate extension for announcing cryptographic capabilities within a certificate

IAIK-JCE 3.141 Maintenance Release - 12. September 2006

Class or Package

Bug / Change New Feature

Description and Examples

demo.keystore.IaikKeyStore

C

RSASSA-PSS and RSAES-OAEP key/certificate samples added

iaik.asn1.BIT_STRING

NF, C

Automatic unused bit calculation if -1 is specified as bitsNotValid

iaik.asn1.DerCoder

B

encodeTo: fixed long form tag encoding and implicit tagging

iaik.asn1.DerInputStream

NF, C

OctetInputStream.available first checks available bytes from the underlying stream

iaik.asn1.DerInputStream

NF

New method readOctetString(boolean skipOuter) to parse "away" any constructed octet strings at the outermost level to read the content of the the innermost (definite primitive or constructed with definite primitive components) octet string

iaik.asn1.DerInputStream

C

Method readOctetString now does not read the data of a definite primitive encoded OCTET STRING into a ByteArrayInputStream buffer; rather it retruns the original stream to read the data from it

iaik.asn1.OCTET_STRING

B, C

Fixed getValue when getting value of a nested octet string where some of the value(s) maybe supplied from streams; some performance improvements

iaik.asn1.structures.GeneralName,
 iaik.asn1.structures.OtherName

NF,C

GeneralName now allows to implement and register OtherName types

iaik.pkcs.pkcs10.CertificateRequest

B,C

sign: check if parameters shall be included in signature algorithm id encodings

iaik.pkcs.pkcs12.PKCS12

C

Default iteration count changed to 2000 (since now supported by all current browsers and providing enhanced security)

iaik.security.cipher.GeneralKeyFactory

B,C

Fixed internal KeyGenerator usage

iaik.security.cipher.TripleDESKeyWrap

C

Final decipher check for odd parity can be turned off (some application may not take care for odd parity on the sending side)

iaik.security.mac.CMac,
iaik.security.mac.CMacAES,
iaik.security.mac.CMacDESede

NF

Implementation of CMAC based on AES and Triple DES as specified in NIST SP 800-38B.

iaik.security.md.Whirlpool

NF

Implementation of the Whirlpool message digest algorithm; developed by Paulo S.L.M. Barreto and Vincent Rijmen; specified in ISO/IEC 10118-3.

iaik.security.provider.IAIK

C, NF

Added method setCheckPKCS5PaddingBytes to turn PKCS#5 byte value check on/off

iaik.security.rsa.RSASignature,
iaik.pkcs.pkcs7.DigestInfo

C

Implemented countermeasure against RSA signature forgery attack by Daniel Bleichenbacher (see http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html)

iaik.security.spec.IaikPBEParameterSpec

B

Fixed constructor IaikPBEParameterSpec(ASN1Object) to work with other JCE frameworks

iaik.utils.Base64OutputStream, iaik.utils.PemOutputStream

C

flush: calls flush on original stream

iaik.utils.Util

NF

New method createCertificateChain to build a certificate chain from an arbitrary list of certificates

iaik.x509.X509Certificate, iaik.x509.X509CRL, iaik.x509.attr.AttributeCertificate, iaik.x509.ocsp.BasicOCSPResponse, iaik.x509.ocsp.OCSPRequest

B,C

sign: check if parameters shall be included in signature algorithm id encodings

iaik.x509.stream.X509CRLStream, iaik.x509.stream.RevokedCertificatesCRLListener

C

Improved handling of CRL entries to increase performance.

javax.crypto.Cipher

B

Fixed method getInstance for support of Cipher transformations with missing mode specification (e.g. "AES//PKCS5Padding")

IAIK-JCE 3.14 Final - 09. February 2006

Class or Package

Bug / Change New Feature

Description and Examples

demo.RSAPssKeys,
 demo.RSAOeapKeys

NF

Usage samples for the new RSA-PSS, RSA-OAEP key implementation (RFC 4055).

demo.x509.attr

NF

AttributeCertificateDemo (demonstrates how to use IAIK AttributeCertificate library
with PKIX standard attributes and extensions).

demo.x509.net.ldap

NF

LdapCertSearch, LdapCrlSearch, LdapAttributeCertSearch demos (command line utilities)
using new IAIK LdapURLConnection for searching and downloading certificates,
crls, attribute certificates from LDAP directories (require iaik_ldap,
iaik_ldap_demo.jar (and JNDI) in your classpath).

demo.x509.ocsp

C

OCSPClient, HttpOCSPClient: target and issuer certificate now can be specified
separatly; jce.keystore not required by default.

iaik.asn1.ASN1

C

Decoding routine now ignores invalid characters
in base64 encoding; ; EOF exception is thrown if
no data is available from underlying input stream

iaik.asn1.ASN1

C

Decoding routine now ignores invalid characters
in base64 encoding; EOF exception is thrown if no data is available
from underlying input stream

iaik.asn1.DerInputStream

B, C

Fixed Method available

iaik.asn1.structures.AccessDescription

NF

New constructors and methods allowing to get/set uri
accessLocation immediately as String.

iaik.asn1.structures.AlgorithmID

NF

New equals method allows optinal parameter comparison.

iaik.asn1.structures.Attribute

C

Checks for multipleAllowed if an Attribute is added.

iaik.asn1.structures.DistributionPoint

NF

New loadCrl, loadCrlStream methods for downloading
crls from http or ldap distribution points, e.g.:

DistributionPoint dp = ...;
  X509CRL crl = dp.loadCrl();

New constructors and methods allowing to get/set uri
 distribution point names immediately as Strings, e.g:

String crlUri = "http://ca.iaik.at/test.crl";
     DistributionPoint dp = new DistributionPoint(new String[] { crlUri });

iaik.asn1.structures.Name

NF

Method insertRDNAt added.

iaik.iso.iso9796

NF

Signature engine and parameter base classes for the
ISO 9796-2 signature schemes..

iaik.pkcs.pkcs1.RSACipher

C

Data now can also provide via update calls.

iaik.pkcs.pkcs1.RSACipher

NF

Support for RSAES-OAEP keys according to RFC 4055;
method setValidateAgainstOaepKeyParameters
allows to decide whether to validate OAEP parameters

iaik.pkcs.pkcs10.CertificateRequest

C

method signif Signature engine creates parameters
 they are set for the Signature AlgorithmID.

iaik.security.cipher

C

All Cipher engines now include the required padding length in the value
returned by method getOutputSize (to be compliant to
JCE Cipher spec).

iaik.security.cipher.AESKeyWrap

NF

Implementation of the AES KeyWrap algorithm as specified
by RFC 3394.

iaik.security.cipher

NF

Added KeyGenerators for AES-192 and AES-256

iaik.security.cipher.GeneralKeyFactory

C

Method engineGenerateSecret: tries to create key of max/default/min
length, if supplied KeySpec is of invalid length
(required when called from KeyAgreement.engineGenerateSecret)

iaik.security.dh

NF

all DH, ESDH keys: improved serialization behaviour.

iaik.security.dsa

NF

DSA and RawDSA signature engines allow to set SecureRandom by calling
method setParameter, and support methods
initSign(PrivateKey, SecureRandom) (>= JDK 1.2)
and getParameters() (>= JDK 1.4)).

iaik.security.provider.IAIK

NF, C

New improved provider regsitration workaround allowing to install the
 IAIK provider as first provider in the common way by calling
Security.insertProviderAt(new IAIK(), 1) or statically
 register it as first provider in the java.security file.
 A CertPath supporting CertificateFactory automatically is pluged-in
 for JDK versions >= 1.4 (which may be required for jar file verification)

iaik.security.provider.IAIK

NF, C

added "NONEwithRSA" as alias for raw RSA signature (for JSSE 1.5
 compatibility)

iaik.security.random

NF

RipeMd128Random added

iaik.security.rsa

NF

RSAPssPrivateKey, RSAPssPublicKey, RSAPssKeyFactory, RSAPssKeyPairGenerator:
Key, KeyFactory and KeyPairGenerator implementations for the RSASSA-PSS signature scheme
  according to RFC 4055, support for RSASSA-PSS keys for PSS signature engines

iaik.security.rsa

NF

Added RSA based signature engines for all three ISO 9796-2 (2002) signature schemes
with hash algorithms SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-128, RIPEMD-160,
and mask generation function MGF1 (for signature schemes 2 and 3)

iaik.security.rsa

NF

RSAOaepPrivateKey, RSAOaepPublicKey, RSAOaepKeyFactory, RSAOaepKeyPairGenerator:
 Key, KeyFactory and KeyPairGenerator implementations for the RSAES-OAEP encryption scheme
 according to RFC 4055.

iaik.utils.CipherInputStream

B, C

Fixed method available

iaik.utils.PemOutputStream

C

Default line-break (till now System line.separator): CRLF according to PEM sepcification.
 Added feature to allow setting the line-break to be used (in accordance with parent
 Base64OutputStream).

iaik.x509.CertificateFactory,
 iaik.x509.qualified.QualifiedCertificateFactory

B, C

Internally uses collection vector to the preserve oder

iaik.x509.CertificateFactory

NF

Now also can decode base64 encoded PKCS#7 and Netscape
cert lists; PkiPath decoding added

iaik.x509.X509Certificate

B

Fixed method getVersion which had returned 0 for

iaik.x509.X509Certificate

NF

New method getEmailAddresses to get all email
addresses that may be included in a certificate.

iaik.x509.X509Certificate,
 iaik.x509.X509CRL

C

method signif Signature engine creates parameters
 they are set for the Signature AlgorithmID.

iaik.x509.X509CRL

B

Fixed version number setting when constructor
X509CRL(ASN1Object) is used.

iaik.x509.X509CertificateFactory,
 iaik.x509.X509CertPath

NF,C

CertPath supporting CertificateFactory; automatically pluged-in
 for JDK versions >= 1.4 (which may be required for jar file verification)

iaik.x509.extensions.priv

NF

Added extension PublicServiceProvider
 ("Dienstleistereigenschaft") to be used within Austrian E-Government

iaik.x509.X509Extensions

C

add/getExtension: now allows extnValue to be empty OCTET STRING

iaik.x509.attr.AttributeCertificate

C

method sign if Signature engine creates parameters
they are set for the Signature AlgorithmID.

iaik.x509.attr.AttributeCertificate

B

method toString has dumped MD5 fingerprint two times,
instead MD5 and SHA-1 fingerprint.

iaik.x509.attr.attributes

NF

Implementations of all mandatory IETF PKIX attributes from RFC 3281:
Service Authentication Information, Access Identity, Charging Identity
Group, Role, Clearance

iaik.x509.attr.extensions

NF

Implementations of all mandatory IETF PKIX attribute certificate extensions from RFC 3281:
 Audit Identity, No Revocation Available, TargetInformation, + optional extension ProxyInfo,
 + ITU-T AcceptableCertPolicies, BasicAttConstraints extensions

iaik.x509.net.ldap

NF

New class LdapURLConnection allowing to search LDAP directories
 for certificates, attribute certificates, revocation lists in an easy way as
 accustomed from the java.net URL framework, e.g.:

// register ldap protocol handler
   System.getProperties().put("java.protocol.handler.pkgs", "iaik.x509.net");
   // the ldap url
   URL url = new URL("ldap://...");
   // open connection
   LdapURLConnection con = (LdapURLConnection)url.openConnection();
   ...
   // set any request properties (if required)
   ...
   // connect to the ldap server and read the result:
   InputStream ldapIn = new BufferedInputStream(con.getInputStream());
   // or:
   X509Certificate[] certs = (X509Certificate[])con.getContent();

iaik.x509.ocsp.BasicOCSPResponse,
 iaik.x509.ocsp.OCSPRequest

C

method signif Signature engine creates parameters
 they are set for the Signature AlgorithmID.

iaik.x509.ocsp.OCSPRequest

B

Fixed NullpointerException in method toASN1Object.

iaik.x509.ocsp.net.HttpOCSPRequest

C

explicitly sets the Content-Length header field since JDK1.3 uses
 "Content-length" which may cause problems with some
non http compliant OCSP servers that expect case sensitive header
fields

javax.crypto.CipherInputStream

B, C

Fixed method available

 

 
print    tip a friend
back to previous page back  |  top to the top of the page