JSRs: Java Specification Requests
JSR 27: JavaTM Cryptography Extension 1.3
This JSR has been Withdrawn
Section 1: Identification
Sharon Liu and Jan Luehe
This JSR is endorsed by the following Java Community Process Participants:
Section 2: Request
This JSR is to enhance Java Cryptography Extension 1.2 and make it exportable.
2.1 What is Java Cryptography Extension 1.2?The Java Cryptography Extension (JCE) 1.2 is an officially released Standard Extension to the Java 2 Platform. JCE 1.2 provides a framework and implementation for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. JCE 1.2 supplements the Java 2 platform, which already includes interfaces and implementations of message digests and digital signatures.
2.2 Target Java PlatformJava 2 SDK, Standard Edition, v 1.2 and above.
2.3 Needs of Java Community This Specification AddressesJCE 1.2 was officially released on March 15, 1999 after a long beta testing period. JCE 1.2 has been welcomed by the Java Community. Several companies have developed compatible service providers and clean room implementations; lots have used JCE in their products; and even more are considering using JCE.
But JCE 1.2 cannot be exported outside the U.S. or Canada. This has limited its usability and deployment. Making JCE exportable is very important to keep and attract JCE users, and ensure ubiquity.
Compared to more mature cryptography frameworks (such as CDSA), JCE lacks key wrapping and some key management functionality such as key usage control. Without key wrapping, exporting and importing keys is difficult. JCE 1.3 will support key wrapping and key usage control.
JCE 1.2 has defined several types of cryptography services. But new types of cryptography services may emerge in the future. The JCE framework should be extensible so new types of cryptography services can be seamlessly integrated in. JCE 1.3 will add new APIs to make JCE extensible.
JCE 1.3 will also add APIs and SPIs to support exemption mechanism services. It will be possible for products to use exemption mechanisms to get stronger cryptography.
2.4 The APIs being definedJCE 1.3 supports all of the APIs in JCE 1.2. In addition, JCE 1.3 will add APIs for the following:
2.5 Underlying technologiesJava entension framework and J2SE code signing.
2.6 Proposed package namesNo new packages will be added to JCE 1.2.
2.7 Possible platform dependenciesNone.
2.8 Security implicationsNone.
2.9 Internationalization implicationsTBD
2.10 Localization implicationsTBD
2.11 Risk assessmentBackwards compatibility with JCE 1.2 will be maintained at the application level, i.e., applications written to JCE 1.2 will continue to work with JCE 1.3. However, JCE 1.2 compliant CSPs will need to be digitally signed in order to work with JCE 1.3.
2.12 Existing specifications rendered obsolete or deprecatedNone.
2.13 Existing specifications needing revision
Java Cryptography Extension.
Section 3: Contributions
Documents describing JCE 1.2 can be found at http://java.sun.com/products/jce.