Right now I'm using BinaryNotes to parse ASN.1 files for use in a Java project. It takes an ASN.1 definition and produces Java class(s) that let me manipulate ASN.1 files.
I've hit a wall with extension markers (...) because it doesn't support them. The source forge project page says they're coming in the next release, but the last release was nearly 2 years ago so I fear the project is dead.
Can anyone recommend an easy (and $free) replacement that does a similar thing and does support extension markers?
Have you tried Bouncy Castle.
From the site:
Bouncy Castle Crypto APIs for Java consist of the following:
A lightweight cryptography API.
A provider for the Java Cryptography Extension and the Java Cryptography Architecture.
A clean room implementation of the JCE 1.2.1.
A library for reading and writing encoded ASN.1 objects.
...
Binary Notes is unsupported, but you can try jASN1 from OpenMuc. It appears to be based in part on Binary Notes and is currently active. The jASN1 libraries are available for download on their home page, and on JCenter and Maven Central under the group org.openmuc
Related
One of my projects requires to me to parse an ASN.1 file, and put its data into database. Is there any JAVA api or any other way which can parse the ASN.1 file using JAVA.
There is a great list of ASN.1 Tools at http://www.itu.int/en/ITU-T/asn1/Pages/Tools.aspx which includes a section for Java Tools. There are both commercial and free tools listed here. Using a good tool will save you a lot of time and frustration when working with the details of encoding and decoding ASN.1 messages.
My program is a simetric crypter that uses a key lenght of 256. When I use it on a computer that didn't have the JCE installed (for no key lenght), it crashes with the following error:
java.security.InvalidKeyException: Illegal key size or default parameters
So it is because the computer didn't have the extension that allows to use this keysize.
Is there any way to put the java unlimited strength extension with my program for use it without install? Or can I open a dialog for install it automatically?
In other hand, there are a better solution for do an AES encryption with a 256 key? Maybe another API allows me to do it without adding any extension? (like bouncy castle).
JCE Unlimited Strength can be downloaded from the Oracle website. (Or at least, I can download it in Australia.)
However, you first need to agree to the Oracle Binary Code Licende for Java, and clause 7 says this:
"7. EXPORT REGULATIONS. You agree that U.S. export control laws and other applicable export and import laws govern your use of the Software, including technical data; additional information can be found on Oracle's Global Trade Compliance web site (http://www.oracle.com/us/products/export). You agree that neither the Software nor any direct product thereof will be exported, directly, or indirectly, in violation of these laws, or will be used for any purpose prohibited by these laws including, without limitation, nuclear, chemical, or biological weapons proliferation."
So to answer your questions about JCE
Is there any way to put the java unlimited strength extension with my program for use it without install?
I'm not a lawyer, but I think that the Oracle license says that you can only use the JCE code (and that includes distributing it in your product) if your usage conforms to US export law. Be aware that crypto software is specifically restricted.
Or can I open a dialog for install it automatically?
That is unclear, both legally, and technically.
Maybe another API allows me to do it without adding any extension? (like bouncy castle).
Bouncy Castle is also covered by US export laws. Furthermore, in the Bouncy Castle FAQs, FAQ #1 says that key lengths in Bouncy Castle's Java SE compatible crypto provides are governed by the same mechanism (and policy files) that JCE uses. However FAQ #10 says:
"At the time of writing (16 May 2007) Bouncy Castle is approved classified under ECCN code 5D002 and approved for export under License Exception TSU."
I also looked up "License Exception TSU" and I found that it is defined in the Exceptions to the Export Administration Regulations (EAR) as:
"§ 740.13 TECHNOLOGY AND SOFTWARE UNRESTRICTED (TSU)
This license exception authorizes exports and
reexports of operation technology and software;
sales technology and software; software updates
(bug fixes); “mass market” software subject to
the General Software Note; and encryption
source code (and corresponding object code) that
would be considered publicly available under
§734.3(b)(3) of the EAR."
And so on.
It looks promising, especially for an open source product, but I would still advise getting advise to a real expert; i.e. a professional with appropriate legal training.
Good news, everyone!
Starting with Java 6u181, 7u171 and 8u151 you will be able to programmatically change the policy with a call
Security.setProperty("crypto.policy", "unlimited");
If you have a security manager installed you will need to configure it to allow setting security property. More info in JDK-8169716.
Even better is that in Java 9, and also starting with future Java 6u181, 7u171, 8u162 releases the unlimited crypto will be enabled by default! More info in JDK-1870157
I am writing you because I programmed a signature algorithm with elliptic curves in Java on PC and I would like to integrate it on a Java Card. In my program, I use the crypto library BouncyCastle.
So my question is the following : is it possible to use external libraries on Java Card ?
Thank you very much for your help !
Kind of. You can use external libraries that were explicitly written for Java Card. Java Card (Classic) is a very constrained Java environment, which has quite a lot of Java SE functionality missing. Heck, usually it even doesn't have integers, only bytes and shorts.
You cannot use external libraries written for Java SE. And you certainly cannot use Bouncy Castle. Java Card has its own crypto library (which actually has got a lot of functionality, some even not found in Java SE).
Note that even if you could rewrite cryptographic functionality, it would be pretty tricky to get enough performance out of Java Card. The crypto libraries of Java Card usually rely on native processing and co-processor support.
I was reading a tutorial about java encryption using the DOM, and I cam across a strange case of a package javax.xml.crypto.enc.* not existing. I had heard that not all packages were shipped with the standard JDK, and instead needing to be downloaded as separate modules and imported into the project, is this one of these cases? If so, where can I download it?
I just did some research about the package, and it turns out that it was a part of, the now withdrawn, JSR-106: XML Digital Encryption APIs. http://jcp.org/en/jsr/detail?id=106
I`m searching if there is how to execute the XML-Enc specification http://en.wikipedia.org/wiki/XML_Encryption without use of external APIs like Apache Santuario.
Thanks in advance!
Nope, there is no internal XML encryption library, because the JSR-106 has been withdrawn. So you have to use a external API. Unfortunately the Santuario API is not as clean as most API's that are included in the Java runtime.
http://www.jcp.org/en/jsr/detail?id=106
PS when using any XML encryption library, be sure to verify the content before decrypting, or you will have problems with e.g. padding oracle attacks (this warning is in the W3C XML encryption specification, but it is ignored all to often).