Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cryptix JCE for Java 1.4 Released

Posted by michael on from the java-plus-crypto-equals-good dept.

Yoda2 writes "A new snapshot of the Cryptix Java Cryptography Extensions (JCE) API was released on the Cryptix.org site yesterday. You can download the file here. Among other things, this finally allows for PGP encryption/decryption of files from the Java JDK 1.4 when used in conjunction with Cryptix OpenPGP."

7 of 24 comments (clear)

  1. Since my submission... by Yoda2 · · Score: 3, Informative

    The Cryptix site was actually updated since my submission to announce an updated snapshot of OpenPGP. You can download it here.

  2. Progress by ChaosMourn · · Score: 3, Interesting

    I'm glad to see this is finally making progress (at least their OpenPGP implementation is no longer a developer's release...), but I imagine it'll be a while yet until it's ready for commercial use. Unfortunately, it's the only game going for Java-based PGP (except for some API out of China). This leaves me doing some rather tacky things to use GPG in a commercial environment. Why is it that there's so little interest in a real Java API for PGP?

  3. This is important by JohnA · · Score: 3, Insightful

    Take note of this... until now, there were no open source implementations of the JCE that ran under JDK 1.4. Sun's implementation does not have source available, and they even went the extra step to obfuscate their JCE with DashO-Pro. Transparency is vital to cryptography, as anything less casts a shadow of doubt.

    Just my humble opinion...

  4. Re:great, but by ToastedBagel · · Score: 2, Insightful

    Hmmm...

    > First off, it uses Java, which is notoriously non- FREE.

    Are you talking about Java Verification Program (US$15,000 wow... http://www.keylabs.com/j2ee/trademark.html). Yes, it costs you a bit to get the license, but as long as you are writing (even enterprise) application for you or your organization, it's really free, right? No source code available for Sun JDK, but it costs US$0.00 to download it and use it, doesn't it?

    > Second off, they rely on the PGP encryption too, which is closed source, ...

    The reason that we have PGP today is that the author decided to make it open source (for various reasons), right? I just checked PGP Corporation web site (http://www.pgp.com/display.php?pageID=51#anch107) and they say that the source code is available. Am I missing something here?

  5. My prediction by 0x0d0a · · Score: 3, Insightful

    I predict a stunning lack of impact in the Java using world -- people will continue using insecure storage and protocols and plaintext all over the place.

    Developers *like* features. They have to have security *forced* upon them.

    --
    May we never see th
  6. Re:What about BouncyCastle by OttoM · · Score: 2, Informative
    Make that 1.4. I hit submit too soon by accident.

    What I meant to say is that until now, Cryptix implements the 1.1 version of JCE. This version was never offcially released by Sun. Any decent JCE provider should implement the 1.2 version of the JCE. Luckily Cryptix now seems to to this, after a long period of little activity.

  7. Re:What about BouncyCastle by JohnA · · Score: 3, Informative
    Actually, I was referring to the JCE implementation as well as the provider implementation. According to the release page, their clean room JCE doesn't run under JDK 1.4. Cryptix provides a JCE implementation that runs under 1.4, as well as their provider.

    I was under the impression that the BouncyCastle license was less than free, but I was mistaken. It is a great package, and it's good to know that there are a variety of open implementations of strong crypto under Java.