Saturday, April 09, 2005

Java Cryptography Extension

iSeries Information Center: "The Java(TM) Cryptography Extension (JCE) 1.2 is a standard extension to the Java 2 Software Development Kit (J2SDK), Standard Edition. The JCE implementation on an iSeries server is compatible with the implementation of Sun Microsystems, Inc. This documentation covers the unique aspects of the iSeries implementation. We assume that you are familiar with the general documentation for the JCE extensions. To make it easier for you to work with that and our iSeries information, we provide a link to the Sun JCE documentation.
On the iSeries server, the level of encryption is controlled by the Cryptographic Access Provider Product. This is available in two versions, 5722-AC2 and 5722-AC3. The 5722-AC3 product allows all of the encryption algorithms. The 5722-AC2 product does not allow Triple-DES, and limits symmetric algorithms to 56 bits and asymmetric algorithms to 1024 bits.
With the exception of the restrictions on 5722-AC2 already mentioned, the IBM JCE Provider supports the following algorithms:
DES
Triple-DES
RC2
RC4
Blowfish
RSA
Diffie-Hellman
DSA
Mars
MD2
MD5
SHA-1
Seal
In addition, it also provides a random number generator.
If you want to use IBM JCE with Java 1.2, edit the /QIBM/ProdData/Java400/jdk12/lib/security/java.security file. The section of the file that needs to be changed is shown as follows.
#
# To use the IBMJCE security provider, you need to:
# 1) Install an IBM Cryptographic Access Provider Product
# 2) uncomment the second provider entry that follows.
#
# List of providers and their preference orders:
#
security.provider.1=sun.security.provider.Sun
#security.provider.2=com.ibm.crypto.provider.IBMJCE

If you want to use IBM JCE with Java 1.3, edit the /QIBM/ProdData/OS400/Java400/jdk/lib/security/java.security file. The section of the file that needs to be changed is shown as follows.

#
# To use the IBMJCE security provider, you need to:
# 1) Install an IBM Cryptographic Access Provider Product
# 2) Uncomment the third provider entry that follows.
#
# List of providers and their preference orders:
#
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.rsajca.Provider
#security.provider.3=com.ibm.crypto.provider.IBMJCE

In both cases, it is just a matter of deleting one character.

No comments:

Post a Comment