Cryptix JCE for Java 1.4 Released

Yoda2 writes "A new snapshot of the Cryptix Java Cryptography Extensions (JCE) API was released on the Cryptix.org site yesterday. You can download the file here. Among other things, this finally allows for PGP encryption/decryption of files from the Java JDK 1.4 when used in conjunction with Cryptix OpenPGP."

This is important

[JohnA]

Take note of this... until now, there were no open source implementations of the JCE that ran under JDK 1.4. Sun's implementation does not have source available, and they even went the extra step to obfuscate their JCE with DashO-Pro. Transparency is vital to cryptography, as anything less casts a shadow of doubt.

Just my humble opinion...

Re:great, but

[ToastedBagel]

Hmmm...

> First off, it uses Java, which is notoriously non- FREE.

Are you talking about Java Verification Program (US$15,000 wow... http://www.keylabs.com/j2ee/trademark.html). Yes, it costs you a bit to get the license, but as long as you are writing (even enterprise) application for you or your organization, it's really free, right? No source code available for Sun JDK, but it costs US$0.00 to download it and use it, doesn't it?

> Second off, they rely on the PGP encryption too, which is closed source, ...

The reason that we have PGP today is that the author decided to make it open source (for various reasons), right? I just checked PGP Corporation web site (http://www.pgp.com/display.php?pageID=51#anch107) and they say that the source code is available. Am I missing something here?

My prediction

[0x0d0a]

I predict a stunning lack of impact in the Java using world -- people will continue using insecure storage and protocols and plaintext all over the place.

Developers *like* features. They have to have security *forced* upon them.