Date: Sat, 6 Mar 1999 10:21:25 -0800
Message-Id: <199903061821.KAA00291@awe181-20.>
From: Frank Yellin <fy@awe181-20.Sun.COM>
To: java-security@java.sun.com
Subject: Comments, questions, etc. .
I'm taking an SITN course at Stanford, and have been using the JCE rather
extensively. I used the documentation dated 19 November, 1998. Here are
some comments I had:
#1) MAC's seem to be underspecified and underdocumented. How do I make a
key for them? Neither the KeyGenerator class nor the SecretKeyFactory
seemed to want to make secret keys for me. I couldn't get the KeyAgreement
class to make one (which seems an obvious use for a MAC!)
I finally had to use SecretKeySpec, and just guess at a key of 64 bytes.
But I really had no idea.
#2) There has to be a way of adding a new Crypto provider to code that I
don't own. For example, the JCE says that I shouldn't use the normal
KeyStore implementation, but use the new JCEKS.
But unless I reinstall my own copy of the JDK, I have no way of telling
keytool about "com.sun.crypto.provider.SunJCE". The JDK looks in
one public file to get the list of providers, and no where else. And I
can't add the line
Security.addProvider(new com.sun.crypto.provider.SunJCE());
to code that I haven't written.
Or perhaps keytool needs an argument to tell it to load additional
subscribers.
#3) Continuing on about MAC's. Is there a reason that we have
DigestOutputStream but not MaCOutputStream? And MacInputStream? A
MAC is just Digest with a key. . . .
== Frank