Arshad Noor wrote:
Yes, we chose not to use JSS directly for a couple of reasons: 1) The JSS interface does not map closely to the JCE in J2SE5 and required us to write JSS-specific code. This was something we wanted to avoid, to keep our focus above the abstraction layer provided by JCE.
True, and this is why JSS can also be used as a JCE provider. The provider's name is "Mozilla-JSS". See http://www.mozilla.org/projects/security/pki/jss/provider_notes.html.
With JDK6, we expect to go one step further by using the new SunCAPI bridge and using Windows-specific drivers of CSP's for which no PKCS11/JCE interface exists.
Bob Relyea announced his (not yet released) work in another thread this week: http://lxr.mozilla.org/security/source/security/nss/lib/ckfw/capi/ http://lxr.mozilla.org/security/source/security/nss/lib/ckfw/nssmkey/
P.S. If you believe that JSS is evolving to map to the JCE interfaces completely, and if there are specific advantages to going to JSS directly instead of the SunPKCS11 bridge, do let us know. We would be interested in hearing them. Thanks.
I just wanted to know what you found insufficient in the Mozilla-JSS provider. We wrote the Mozilla-JSS provider before the SunPKCS11 bridge existed. If the SunPKCS11 bridge had existed then, I'm not sure if we would still have written the Mozilla-JSS provider. Mozilla-JSS also allows you to plug in third-party PKCS #11 tokens, so it seems to be similar to SunPKCS11 in features. Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
