|
|
|
|
|
Security Enhancements in the Java 2 Platform, Standard Edition 5 (Java SE 5) A Detailed Look at the Many Improvements in the New Architecture August 28, 2006, Volume 102, Issue 5 Many security enhancements have been introduced in the J2SETM 5 release of the JavaTM 2 SDK over the 1.4 version, including an SSLEngine, support for Kerberos ciphersuites, support for Time-Stamp Protocol (TSP) and more. An online site provides a list of resources all related to security issues. (Note, the JavaTM 2 Platform, Standard Edition (J2SETM) 6.0 is now the JavaTM Standard Edition (JavaTM SE) 6 (code name Mustang), and J2SE 7.0 will become Java SE 7 (code name Dolphin).) JavaTM Secure Socket Extension (JSSE) Reference Guide
The security enhancement of the SSLEngine which allows for non-blocking SSL/TLS implementations by abstracting the SSL/TLS layer from the I/O layer is covered in the reference guide. The online guide covers the JavaTM Secure Socket Extension (JSSE) for the J2SE 5 (Jave SE 5). It discusses the benefits of SSL and how it works, classes such as core classes and interfaces, support classes and secondary support classes. JSSE can be customized, and a table lists which aspects can be customized, what the defaults are, and which mechanisms are used to provide customization. Customizable items include the X509 certificate implementation, the HTTPS protocol implementation, the default keystore and truststore and more. JCE Enhancements: What's New
Major enhancements have been made in JavaTM Cryptography Extension (JCE): new APIs facilitating support for ECC; support for RSA encryption and several additional algorithms in the SunJCE provider. In JDK 5.0, a JCA/JCE provider, SunPKCS11 that acts as a generic gateway to the native PKCS#11 API has been implemented. PKCS#11 is the de-facto standard for crypto accelerators and also widely used to access cryptographic smartcards. The administrator/user can configure this provider to talk any PKCS#11 v2.x compliant token. The online guide provides an example of the configuration format. Prior to JDK 5.0 the JCA/JCE framework did not include support classes for ECC-related crypto algorithms. Users who wanted to use ECC had to depend on a 3rd party library that implemented ECC. However, this did not integrate well with existing JCA/JCE framework. Starting in JDK 5.0, full support for ECC classes to facilitate providers that support ECC have been included. Interfaces that have been added include: java.security.spec.ECField, java.security.interfaces.ECKey and java.security.interfaces.ECPublicKey. Classes have been added also, including java.security.spec.ECFieldF2m, java.security.spec.ECGenParameterSpec and java.security.spec.ECPublicKeySpec. Signature Timestamp Support in J2SE 5.0
Prior to J2SE 5.0, the signature generated by jarsigner contained no information about w hen the signature was generated. Starting in J2SE 5.0, jarsigner can generate signatures that include a timestamp, thus enabling systems/deployer (including Java Plug-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition, APIs were added in J2SE 5.0 to allow applications to obtain the timestamp information. The following time-of-signing enhancements and additions are supported in version 5.0 of the Java 2 platform:
For a list of other enhancements and links to documentation see the Security Enhancements Guide online.
[...read more...]
|
|
|||||||||||||||||||||||||
Print
Email
Security Enhancements in the Java 2 Platform, Standard Edition 5 (Java SE 5)
(this article)|
News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
Just the news you need, none of what you don't – 42,000+ Members – 24,000+ Articles Published since 1998 |
Copyright © 1998-2011 System News, Inc.
