C.2. Third-Party Security Providers
There is an increasing number of
third-party security providers for both the standard Java
Cryptography Architecture and for the Java Cryptography Extension. A
partial list of these security providers follows. Note that most of
them are based outside the United States. As we discussed in Chapter 13, "Encryption", this frees some restrictions and places other
restrictions upon their use: the non-U.S. implementations of the JCE
are freed from the export restrictions of the U.S. government (but
may still be subject to other export and import restrictions).
However, these packages may be subject to patent
restrictions--especially within the United States if they
include RSA or RC4 forms of cryptography (even if the package
originated outside the United States), and within the U.S. and Europe
if they include IDEA encryption.
The following list is not exclusive: new providers will certainly
have been written in the time this book has been published, and the
algorithms provided by each entry in the list are subject to change.
In addition to the listed engines, these packages will all provide
the necessary key classes and engines to support the algorithms in
the package.
-
Baltimore Technologies
(http://www.baltimore.ie/jcrypto.htm)
The J/Crypto product of Baltimore Technologies in Ireland furnishes a
security provider for the standard JCA that includes implementations
of the following engines:
Message digests: MD5 and SHA
Digital signatures: DSA and RSA/SHA
In addition, J/Crypto provides a JCE-compatible replacement that
includes the following engines:
Cipher: DES, DESede, RSA, RC4, PBE
Key agreement: Diffie-Hellman
-
IAIK-JCE
(http://kopernikus.iaik.tu-graz.ac.at/JavaSecurity/index.htm)
This package from the Institute for Applied Information Processing
and Communications in Austria (IAIK) comes with a security provider
that performs the following:
Digital signatures: RSA/MD5 and RSA/SHA
Message digests: MD5 and SHA
Certificate and CRL classes: X509
While IAIK must be purchased for commercial use, it is free for
noncommercial use.
IAIK also provides a JCE-compatible replacement that includes the
following engines:
Cipher: DES, DESede, IDEA, RC2, RC4
-
JCP Computer Services LTD
(http://www.jcp.co.uk/products/index.html)
The JCP Crypto product of JCP Computer Services LTD in the United
Kingdom furnishes a security provider that includes implementations
of the following engines:
Message digests: MD5 and SHA
Digital signatures: RSA/MD5 and RSA/SHA
JCP Crypto also comes with a JCE replacement that includes
implementations of the following:
Cipher: DES, DESede, IDEA, RSA, RC4
-
Systemics LTD
(http://www.systemics.com/software/cryptix-java/)
The Cryptix package from Systemics LTD in the United Kingdom
furnishes a security provider that includes implementations of the
following engines:
Message digest: Haval, MD2, MD4, MD5, RIPE-MD128, RIPE-MD160, SHA
Digital signature: RSA with MD2, MD4, MD5 and SHA, El Gamal
In addition, Cryptix supplies a replacement for the JCE that includes
the following:
Cipher: Blowfish, CAST 5, DES, DESede, IDEA, Loki, RC2, RC4, Safer, Speed, Square, El Gamal
Cryptix is freely available.
-
RSA Data Security, Inc.
(http://www.rsa.com/rsa/products/jsafe/)
The JSafe product from RSA Data Security in the United States
furnishes a security provider that implements the following:
Message digest: MD5, SHA
Digital signature: RSA/MD5, RSA/SHA
In addition, JSafe has a JCE-security provider that implements the
following:
Cipher: DES, DESede, RC2, RC4, RC5
Key agreement: Diffie-Hellman
Since RSA is the holder of the patents for these algorithms in the
United States, they are able to sell licenses for this technology
within the U.S. Note that unlike the other items listed in this
section, the JCE security provider is just that; it requires the
official JCE from Sun. The remaining JCE packages come with their own
JCE implementation.
| | |
C.1. Security Bugs | | C.3. Security References |
Copyright © 2001 O'Reilly & Associates. All rights reserved.
|
|