Easy to Learn Java: Programming Articles, Examples and Tips

Start with Java in a few days with Java Lessons or Lectures

Home

Code Examples

Java Tools

More Java Tools!

Java Forum

All Java Tips

Books

Submit News
Search the site here...
Search...
 
Search the JavaFAQ.nu
1000 Java Tips ebook

1000 Java Tips - Click here for the high resolution copy!1000 Java Tips - Click here for the high resolution copy!

Java Screensaver, take it here

Free "1000 Java Tips" eBook is here! It is huge collection of big and small Java programming articles and tips. Please take your copy here.

Take your copy of free "Java Technology Screensaver"!.

IBM Security Providers: An Overview

JavaFAQ Home » General Java Go to all tips in General Java


Bookmark and Share

Security has been a major design goal and a key architectural feature of Java™ technology since its inception. The security capabilities of Java technology have two roots:

  • The Java Runtime Environment (JRE), a ready-made platform on which applications can run in a secure fashion

  • Security tools and services APIs, which provide a security infrastructure by serving as building blocks in developing secure systems

Several Java security components are responsible for providing security services. The components were developed based on a set of design principles -- implementation independence and interoperability, algorithm independence and extensibility -- that were first introduced in the Java Cryptography Architecture (JCA) framework. They all follow the JCA framework architecture, which is a service provider-based architecture that allows you to plug in multiple security mechanisms through the Service Provider Interface (SPI). But the components have different purposes and security operations, and each one supports a different set of algorithms and protocols.

Each Java Software Development Kit (SDK) has a default list of security providers preregistered in the Java security configuration located in /jre/lib/security/java.security. You simply request a particular security service through Java APIs. This shields you from the complexity of the underlying implementation of the security operations, while allowing the Java security components to support an increasing number of algorithms and security mechanisms.

The IBM® 1.4.2 SDK is the most comprehensive security offering available from IBM for the Java 2 platform. It differs from the Sun 1.4.2 JDK in that IBM has implemented providers for all the Java security components. Previous versions of the JRE (1.2.x and 1.3.x) came with a default Sun provider. In the IBM 1.4 environment, a number of new providers replace that default provider.

IBM's Java security configuration includes four default security providers and several optional providers you can register and configure to use for your applications. We'll go through each of the providers in more detail and highlight the differences between the IBM and Sun providers.

The IBMJSSE provider
The Java Secure Socket Extension (JSSE) provides a standard Java API for encapsulating the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols, including functionality for data encryption, server authentication, message integrity, and optional client authentication. JSSE users can write to a standard API without worrying about the underlying SSL/TLS implementation. JSSE also supports HTTP encapsulated in the SSL protocol (HTTPS), which allows access to data such as Web pages using HTTPS. JSSE was an optional package to Java 1.2 and 1.3 and has been integrated into the JDK since Version 1.4. In the IBM 1.4.2 SDK, the JSSE framework allows additional JSSE providers; the Sun JSSE framework doesn't. The IBM SDK comes preinstalled with two additional JSSE providers -- IBMJSSEProvider2 and IBMJSSEFIPSProvider, which we'll discuss later in this article. IBMJSSE is the preregistered provider, and IBMJSSEProvider2 and IBMJSSEFIPSProviders are optional.

The IBMJSSE provider supports the following standard algorithms and types:

  • SSLContext: SSLv2, SSLv3, SSL, TLSv1, TLS, and SSL_TLS
  • KeyManagerFactory: IbmX509
  • TrustManagerFactory: IbmX509
  • Cipher suites:
    • SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_NULL_SHA, SSL_DH_anon_WITH_AES_128_CBC_SHA, SSL_DH_anon_WITH_AES_256_CBC_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, and SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA

Differences from the Sun version
The JSSE documentation includes the complete set of differences between the IBM and Sun JSSE implementations. The major differences are detailed below:

Full text


 Printer Friendly Page  Printer Friendly Page
 Send to a Friend  Send to a Friend

.. Bookmark and Share

Search here again if you need more info!
Custom Search



Home Code Examples Java Forum All Java Tips Books Submit News, Code... Search... Offshore Software Tech Doodling

RSS feed Java FAQ RSS feed Java FAQ News     

    RSS feed Java Forums RSS feed Java Forums

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest 1999-2006 by Java FAQs Daily Tips.

Interactive software released under GNU GPL, Code Credits, Privacy Policy