Sharon Liu		Sun Microsystems, Inc.
	Jan Luehe		Sun Microsystems, Inc.

 

Sun Microsystems, Inc.

Expert Group Private Page

 

Original Java Specification Request (JSR)

Identification   |   Request  |   Contributions

Section 1: Identification

Submitted by:

Sharon Liu and Jan Luehe
Java Software, Sun Microsystems, Inc.

E-Mail: sharon.liu@eng.sun.com, jan.luehe@eng.sun.com
Phone: +1 408 343 1910

This JSR is endorsed by the following Java Community Process Participants:

• Sun Microsystems
• IBM

Section 2: Request

This JSR is to enhance Java Cryptography Extension 1.2 and make it exportable.

2.1 What is Java Cryptography Extension  1.2?

The Java Cryptography Extension (JCE) 1.2 is an officially released Standard Extension to the Java 2 Platform. JCE 1.2 provides a framework and implementation for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. JCE 1.2 supplements the Java 2 platform, which already includes interfaces and implementations of message digests and digital signatures.

2.2 Target Java Platform

Java 2 SDK, Standard Edition, v 1.2 and above.

2.3 Needs of Java Community This Specification Addresses

JCE 1.2 was officially released on March 15, 1999 after a long beta testing period. JCE 1.2 has been welcomed by the Java Community. Several companies have developed compatible service providers and clean room implementations; lots have used JCE in their products; and even more are considering using JCE.

But JCE 1.2 cannot be exported outside the U.S. or Canada. This has limited its usability and deployment. Making JCE exportable is very important to keep and attract JCE users, and ensure ubiquity.

Compared to more mature cryptography frameworks (such as CDSA), JCE lacks key wrapping and some key management functionality such as key usage control. Without key wrapping, exporting and importing keys is difficult. JCE 1.3 will support key wrapping  and key usage control.

JCE 1.2 has defined several types of cryptography services. But new types of cryptography services may emerge in the future. The JCE framework should be extensible so new types of cryptography services can be seamlessly integrated in. JCE 1.3 will add new APIs to make JCE extensible.

JCE 1.3 will also add APIs and SPIs to support exemption mechanism services. It will be possible for products to use exemption mechanisms to get stronger cryptography.

2.4 The APIs being defined

JCE 1.3 supports all of the APIs in JCE 1.2. In addition, JCE 1.3 will add APIs for the following:

• Key wrapping
• Key usage control
• Framework extensibility
• Exemption mechanism services

2.5 Underlying technologies

Java entension framework and J2SE code signing.

2.6 Proposed package names

No new packages will be added to JCE 1.2.

2.7 Possible platform dependencies

None.

2.8 Security implications

None.

2.9 Internationalization implications

TBD

2.10 Localization implications

TBD

2.11 Risk assessment

Backwards compatibility with JCE 1.2 will be maintained at the application level, i.e., applications written to JCE 1.2 will continue to work with JCE 1.3. However, JCE 1.2 compliant CSPs will need to be digitally signed in order to work with JCE 1.3.

2.12 Existing specifications rendered obsolete or deprecated

None.

2.13 Existing specifications needing revision

Java Cryptography Extension.

Section 3: Contributions

Documents describing JCE 1.2 can be found at http://java.sun.com/products/jce.