There is an increasing number of third-party security providers for both the standard Java Cryptography Architecture and for the Java Cryptography Extension. A partial list of these security providers follows. Note that most of them are based outside the United States. As we discussed in Chapter 13, "Encryption", this frees some restrictions and places other restrictions upon their use: the non-U.S. implementations of the JCE are freed from the export restrictions of the U.S. government (but may still be subject to other export and import restrictions). However, these packages may be subject to patent restrictions--especially within the United States if they include RSA or RC4 forms of cryptography (even if the package originated outside the United States), and within the U.S. and Europe if they include IDEA encryption.
The following list is not exclusive: new providers will certainly have been written in the time this book has been published, and the algorithms provided by each entry in the list are subject to change. In addition to the listed engines, these packages will all provide the necessary key classes and engines to support the algorithms in the package.
Baltimore Technologies (http://www.baltimore.ie/jcrypto.htm)
The J/Crypto product of Baltimore Technologies in Ireland furnishes a security provider for the standard JCA that includes implementations of the following engines:
Message digests: MD5 and SHA
Digital signatures: DSA and RSA/SHA
In addition, J/Crypto provides a JCE-compatible replacement that includes the following engines:
Cipher: DES, DESede, RSA, RC4, PBE
Key agreement: Diffie-Hellman
IAIK-JCE (http://kopernikus.iaik.tu-graz.ac.at/JavaSecurity/index.htm)
This package from the Institute for Applied Information Processing and Communications in Austria (IAIK) comes with a security provider that performs the following:
Digital signatures: RSA/MD5 and RSA/SHA
Message digests: MD5 and SHA
Certificate and CRL classes: X509
While IAIK must be purchased for commercial use, it is free for noncommercial use.
IAIK also provides a JCE-compatible replacement that includes the following engines:
Cipher: DES, DESede, IDEA, RC2, RC4
JCP Computer Services LTD (http://www.jcp.co.uk/products/index.html)
The JCP Crypto product of JCP Computer Services LTD in the United Kingdom furnishes a security provider that includes implementations of the following engines:
Message digests: MD5 and SHA
Digital signatures: RSA/MD5 and RSA/SHA
JCP Crypto also comes with a JCE replacement that includes implementations of the following:
Cipher: DES, DESede, IDEA, RSA, RC4
Systemics LTD (http://www.systemics.com/software/cryptix-java/)
The Cryptix package from Systemics LTD in the United Kingdom furnishes a security provider that includes implementations of the following engines:
Message digest: Haval, MD2, MD4, MD5, RIPE-MD128, RIPE-MD160, SHA
Digital signature: RSA with MD2, MD4, MD5 and SHA, El Gamal
In addition, Cryptix supplies a replacement for the JCE that includes the following:
Cipher: Blowfish, CAST 5, DES, DESede, IDEA, Loki, RC2, RC4, Safer, Speed, Square, El Gamal
Cryptix is freely available.
RSA Data Security, Inc. (http://www.rsa.com/rsa/products/jsafe/)
The JSafe product from RSA Data Security in the United States furnishes a security provider that implements the following:
Message digest: MD5, SHA
Digital signature: RSA/MD5, RSA/SHA
In addition, JSafe has a JCE-security provider that implements the following:
Cipher: DES, DESede, RC2, RC4, RC5
Key agreement: Diffie-Hellman
Since RSA is the holder of the patents for these algorithms in the United States, they are able to sell licenses for this technology within the U.S. Note that unlike the other items listed in this section, the JCE security provider is just that; it requires the official JCE from Sun. The remaining JCE packages come with their own JCE implementation.
 |  |  |
| C.1. Security Bugs |  | C.3. Security References |
Copyright © 2001 O'Reilly & Associates. All rights reserved.