>>>>> "Kevin" == Kevin Smith <[EMAIL PROTECTED]> writes:
Kevin> Greetings all! Kevin> We have an app that currently uses BouncyCastle through the Kevin> standard Sun JCE interface. We would like to switch to Kevin> gnu-crypto, but we need some algorithms that the gnu-crypto JCE Kevin> provider doesn't support, so we still want to use BouncyCastle Kevin> as the provider. Out of curiosity, what algorithms are we missing, in particular? Kevin> I have put the gnu crypto jars (javax-crypto and Kevin> javax-security) earlier in the classpath than the JRE Kevin> versions. I have tried it with and without gnu-crypto in the Kevin> classpath. The app builds, but when I try to run it I get this Kevin> exception: That might not work; you have to prepend those Jar files to the bootclasspath, not your normal classpath. But also; why do you want to do this? Sun's JCE should be compatible with the one we provide, and our algorithms should work under it, provided that the jar file is signed first. Kevin> java.lang.SecurityException: class Kevin> "org.bouncycastle.asn1.ASN1EncodableVector"'s signer information does Kevin> not match signer information of other classes in the same package For the 2.0 release, we used BouncyCastle's clean-room JCE instead of writing our own (I argued against this, but it was ultimately not my decision) so our javax-crypto.jar contains some BC code, including some classes in the 'org.bouncycastle' namespace. It is likely that one class is being loaded from our javax-crypto.jar, and another from the BC jar. I rewrote the JCE from scratch, which is in our CVS sources, and is also now a part of the GNU Classpath project. See also Wes's comments about the jars being sealed, but I think in this case it is because one jar is signed, and the other is not. Kevin> Is it a known limitation that only the gnu-crypto JCE provider Kevin> can be used at this time? If so, that should probably be added Kevin> to the docs. Otherwise, any suggestions or things I should try? That should not be a limitation. The JCE we provide should be compatible with Sun's, but minus the DRM tomfoolery they use. Kevin> I'm not subscribed to the list yet, so please CC me with any Kevin> replies. Hope this helps! -- Casey Marshall || [EMAIL PROTECTED] _______________________________________________ gnu-crypto-discuss mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-crypto-discuss
