Summary: | Keyring file cannot be read using IBM 1.4.0 JRE | ||
---|---|---|---|
Product: | [Eclipse Project] Platform | Reporter: | Tim Ellison <t.p.ellison> |
Component: | Resources | Assignee: | DJ Houghton <dj.houghton> |
Status: | RESOLVED FIXED | QA Contact: | |
Severity: | major | ||
Priority: | P3 | CC: | john.arthorne, Kevin_McGuire |
Version: | 2.0 | ||
Target Milestone: | 2.0.1 | ||
Hardware: | All | ||
OS: | Windows 2000 | ||
Whiteboard: |
Description
Tim Ellison
2002-07-16 07:33:46 EDT
SHA1PRNG is listed as a standard algorithm name in the Java 2 SDK Security API (Appendix A). That spec states that the algorithm names in that appendix are the standard required names. Shouldn't all compliant JREs have that algorithm available? It is available in IBM JRE 1.3 and in J9. Since SHA1PRNG is the only specified algorithm name, the only alternative is to use the default constructor of SecureRandom. The only problem with using it is that we won't know what algorithm is used. This means the keyring file will probably never be portable across VMs. It might also be difficult for export control requirements which require us to specify what encryption algorithms are used in the product. I have released a fix to the HEAD (2.1) stream. We're now using our own secure number generator based on SHA-1. This also fixes our long-standing problem that SHA1PRNG produced a different bit stream on J9, thus .keyring files were never portable between J9 and non-J9 VMs. We should consider as a 2.0.1 candidate. I agree this should be 2.0.1. |