Third-Party Security Providers (Java Security)

C.2. Third-Party Security Providers

There is an increasing number of third-party security providers for both the standard Java Cryptography Architecture and for the Java Cryptography Extension. A partial list of these security providers follows. Note that most of them are based outside the United States. As we discussed in Chapter 13, "Encryption", this frees some restrictions and places other restrictions upon their use: the non-U.S. implementations of the JCE are freed from the export restrictions of the U.S. government (but may still be subject to other export and import restrictions). However, these packages may be subject to patent restrictions--especially within the United States if they include RSA or RC4 forms of cryptography (even if the package originated outside the United States), and within the U.S. and Europe if they include IDEA encryption.

The following list is not exclusive: new providers will certainly have been written in the time this book has been published, and the algorithms provided by each entry in the list are subject to change. In addition to the listed engines, these packages will all provide the necessary key classes and engines to support the algorithms in the package.

Baltimore Technologies (http://www.baltimore.ie/jcrypto.htm)

The J/Crypto product of Baltimore Technologies in Ireland furnishes a security provider for the standard JCA that includes implementations of the following engines:

Message digests: MD5 and SHA

Digital signatures: DSA and RSA/SHA

In addition, J/Crypto provides a JCE-compatible replacement that includes the following engines:

Cipher: DES, DESede, RSA, RC4, PBE

Key agreement: Diffie-Hellman
IAIK-JCE (http://kopernikus.iaik.tu-graz.ac.at/JavaSecurity/index.htm)

This package from the Institute for Applied Information Processing and Communications in Austria (IAIK) comes with a security provider that performs the following:

Digital signatures: RSA/MD5 and RSA/SHA

Message digests: MD5 and SHA

Certificate and CRL classes: X509

While IAIK must be purchased for commercial use, it is free for noncommercial use.

IAIK also provides a JCE-compatible replacement that includes the following engines:

Cipher: DES, DESede, IDEA, RC2, RC4
JCP Computer Services LTD (http://www.jcp.co.uk/products/index.html)

The JCP Crypto product of JCP Computer Services LTD in the United Kingdom furnishes a security provider that includes implementations of the following engines:

Message digests: MD5 and SHA

Digital signatures: RSA/MD5 and RSA/SHA

JCP Crypto also comes with a JCE replacement that includes implementations of the following:

Cipher: DES, DESede, IDEA, RSA, RC4
Systemics LTD (http://www.systemics.com/software/cryptix-java/)

The Cryptix package from Systemics LTD in the United Kingdom furnishes a security provider that includes implementations of the following engines:

Message digest: Haval, MD2, MD4, MD5, RIPE-MD128, RIPE-MD160, SHA

Digital signature: RSA with MD2, MD4, MD5 and SHA, El Gamal

In addition, Cryptix supplies a replacement for the JCE that includes the following:

Cipher: Blowfish, CAST 5, DES, DESede, IDEA, Loki, RC2, RC4, Safer, Speed, Square, El Gamal

Cryptix is freely available.
RSA Data Security, Inc. (http://www.rsa.com/rsa/products/jsafe/)

The JSafe product from RSA Data Security in the United States furnishes a security provider that implements the following:

Message digest: MD5, SHA

Digital signature: RSA/MD5, RSA/SHA

In addition, JSafe has a JCE-security provider that implements the following:

Cipher: DES, DESede, RC2, RC4, RC5

Key agreement: Diffie-Hellman

Since RSA is the holder of the patents for these algorithms in the United States, they are able to sell licenses for this technology within the U.S. Note that unlike the other items listed in this section, the JCE security provider is just that; it requires the official JCE from Sun. The remaining JCE packages come with their own JCE implementation.