Nelson B Bolyard wrote:
On 2010-04-30 10:25 PST, Marsh Ray wrote:
On 4/30/2010 12:17 PM, Nelson B Bolyard wrote:
Unfortunately, Sun's JRE requires signed jars for JCE providers,
so the Mozilla signed jar file is pretty useful.
Signed bits may be available directly from Sun. It's also conceivable
that IBM or some other other big proponents of Java may be able to sign
those bits if they find it in their interest to do so.
Perhaps it would be possible to install your own root cert and sign it
yourself?
Probably not the simplest procedure. If you get it working it would be
nice to post a description for others.
- Marsh
Interesting thought. NSS even includes a JAR signing tool that was
originally written for this purpose (among others). But I suspect that
Sun's JVM requires that the signature come from one of a very select few
roots any not just any old trusted root. Hope I'm wrong!
Everything, I've read indicates that a JCE Provider's signing cert must
be signed by a cert from Sun (or maybe IBM).
http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step6
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
