releasenotes.html

java非对称加密的源代码

<html>
<head>
<title>Bouncy Castle Crypto Package - Release Notes</title>
</head>

<body bgcolor="#ffffff" text="#000000#">

<center>
<h1>Bouncy Castle Crypto Package - Release Notes</h1>
<font size=1>
<pre>
</pre>
</font>
</center>
<h2>1.0 Introduction</h2>
The Bouncy Castle Crypto package is a Java implementation of 
cryptographic algorithms.  The package is organised so that it 
contains a light-weight API suitable for use in any environment
(including the newly released J2ME) with the additional infrastructure
to conform the algorithms to the JCE framework.
<p>
<h2>2.0 Release History</h2>

<h3>2.1.1 Version</h3>
Release 1.38
<h3>2.1.2 Defects Fixed</h3>
<ul>
<li>SMIME signatures containing non-standard quote-printable data could be altered by SMIME encryption. This has been fixed.</li>
<li>CMS signatures that do not use signed attributes were vulnerable to one of Bleichenbacher's RSA signature forgery attacks. This has been fixed.</li>
<li>The SMIMESignedParser(Part) constructor was not producing a content body part that cleared itself after writeTo() as indicated in the JavaDoc. This has been fixed.</li>
<li>BCPGInputStream now handles data blocks in the 2**31->2**32-1 range.</li>
<li>A bug causing second and later encrypted objects to be ignored in KeyBasedFileProcessor example has been fixed.</li>
<li>Value of the TstInfo.Tsa field is now directly accessible from TimeStampTokenInfo.</li>
<li>Generating an ECGOST-3410 key using an ECGenParameterSpec could cause a ClassCastException in the key generator. This has been fixed.</li>
<li>Use of the parameters J and L in connection with Diffie-Hellman parameters in the light weight API was ambiguous and confusing. This has been dealt with.</li>
<li>Some entities were not fully removed from a PKCS#12 file when deleted due to case issues. This has been fixed.</li>
<li>Overwriting entities in a PKCS#12 file was not fully compliant with the JavaDoc for KeyStore. This has been fixed.</li>
<li>TlsInputStream.read() could appear to return end of file when end of file had not been reached. This has been fixed.</li>
</ul>
<h3>2.1.3 Additional Features and Functionality</h3>
<ul>
<li>Buffering in the streaming CMS has been reworked. Throughput is now usually higher and the behaviour is more predictable.</li>
<li>It's now possible to pass a table of hashes to a CMS detached signature rather than having to always pass the data.</li>
<li>Classes supporting signature policy and signer attributes have been added to the ASN.1 ESS/ESF packages.</li>
<li>Further work has been done on optimising memory usage in ASN1InputStream. In some cases memory usage has been reduced to 25% of previous.</li>
<li>Pre-existing signers can now be added to the SMIMESignedGenerator.</li>
<li>Support has been added to the provider for the VMPC stream cipher.</li>
<li>CertPathReviewer has better handling for problem trust anchors.</li>
<li>Base64 encoder now does initial size calculations to try to improve resource usage.</li>
</ul>
<h3>2.2.1 Version</h3>
Release 1.37
<h3>2.2.2 Defects Fixed</h3>
<ul>
<li>The ClearSignedFileProcessor example for OpenPGP did not take into account trailing white space in
the file to be signed. This has been fixed.</li>
<li>A possible infinite loop in the CertPathBuilder and SignedMailValidator have been removed.</li>
<li>Requesting DES, DESede, or Blowfish keys using regular Diffie-Hellman now returns the same length keys as the regular JCE provider.</li>
<li>Some uncompressed EC certificates were being interpreted as compressed and causing an exception. This has been fixed.</li>
<li>Adding a CRL with no revocations on it to the CRL generator could cause an exception to be thrown. This has been fixed.</li>
<li>Using the default JDK provider with the CMS library would cause exceptions in some circumstances. This has been fixed.</li>
<li>BC provider DSAKeys are now serializable.</li>
<li>Using only a non-sha digest in S/MIME signed data would produce a corrupt MIME header. This has been fixed.</li>
<li>The default private key length in the lightweght API for generated DiffieHellman parameters was absurdly small, this has been fixed.</li>
<li>Cipher.getParameters() for PBEwithSHAAndTwofish-CBC was returning null after intialisation. This has been fixed.</li>
</ul>
<h3>2.2.3 Additional Features and Functionality</h3>
<ul>
<li>The block cipher mode CCM has been added to the provider and light weight API.</li>
<li>The block cipher mode EAX has been added to the provider and light weight API.</li>
<li>The stream cipher HC-128 and HC-256 has been added to the provider and lightwieght API.</li>
<li>The stream cipher ISAAC has been added to the lighwieght API.</li>
<li>Support for producing and parsing notation data signature subpackets has been added to OpenPGP.</li>
<li>Support for implicit tagging has been added to DERApplicationSpecific.</li>
<li>CMS better supports basic Sun provider.</li>
<li>A full set of SEC-2 EC curves is now provided in the SEC lookup table.</li>
<li>Specifying a null provider in CMS now always uses the default provider, rather than causing an exception.</li>
<li>Support has been added to the OpenPGP API for parsing experimental signatures</li>
<li>CertPath validator now handles inherited DSA parameters and a wider range of name constraints.</li>
<li>Further work has been done on improving the performance of ECDSA - it is now about two to six times faster depending on the curve.</li>
<li>The Noekeon block cipher has been added to the provider and the lightweight API.</li>
<li>Certificate generation now supports generation of certificates with an empty Subject if the subjectAlternativeName extension is present.</li>
<li>The JCE provider now supports RIPEMD160withECDSA.</li>
</ul>

<h3>2.3.1 Version</h3>
Release 1.36
<h3>2.3.2 Defects Fixed</h3>
<ul>
<li>DSA key generator now checks range and keysize.</li>
<li>Class loader issues with i18n classes should now be fixed.</li>
<li>X.500 name serial number value now output as unambiguous long form SERIALNUMBER</li>
<li>The fix for multipart messages with mixed content-transfer-encoding in 1.35 caused a
regression for processing some messages with embedded multiparts that contained blank lines of preamble text - this should now be fixed.</li>
<li>Another regression which sometimes affected the SMIMESignedParser has also been fixed.</li>
<li>SharedFileInputStream compatability issues with JavaMail 1.4 have been addressed.</li>
<li>JDK 1.5 and later KeyFactory now accepts ECPublicKey/ECPrivateKey to translateKey.</li>
<li>JDK 1.5 and later KeyFactory now produces ECPublicKeySpec/ECPrivateKeySpec on getKeySpec.</li>
<li>Some surrogate pairs were not assembled correctly by the UTF8 decoder. This has been fixed.</li>
<li>Alias resolution in PKCS#12 is now case insensitive.</li>
</ul>
<h3>2.3.3 Additional Features and Functionality</h3>
<ul>
<li>CMS/SMIME now supports basic EC KeyAgreement with X9.63.</li>
<li>CMS/SMIME now supports RFC 3211 password based encryption.</li>
<li>Support has been added for certificate, CRL, and certification request generation for the regular SHA algorithms with RSA-PSS.</li>
<li>Further work has been done in speeding up prime number generation in the lightweight BigInteger class.</li>
<li>Support for the SEED algorithm has been added to the provider and the lightweight API.</li>
<li>Support for the Salsa20 algorithm has been added to the provider and the lightweight API.</li>
<li>CMS/SMIME now support SEED and Camellia</li>
<li>A table of TeleTrusT curves has been added.</li>
<li>CMSSignedData creation and Collection CertStore now preserves the order of certificates/CRls if the backing collection is ordered.</li>
<li>CMS Signed objects now use BER encdoing for sets containing certificates and CRLs, allowing specific ordering to be specified for the objects contained.</li>
<li>CMS enveloped now works around providers which throw UnsupportedOperationException if key wrap is attempted.</li>
<li>DSASigner now handles long messages. SHA2 family digest support for DSA has been added to the provider.</li>
</ul>

<h3>2.4.1 Version</h3>
Release 1.35
<h3>2.4.2 Defects Fixed</h3>
<ul>
<li>Test data files are no longer in the provider jars.</li>
<li>SMIMESignedParser now handles indefinite length data in SignerInfos.</li>
<li>Under some circumstances the SMIME library was failing to canonicalize mixed-multipart data correctly. This has been fixed.</li>
<li>The l parameter was being ignored for the DH and ElGamal key generation. This has been fixed.</li>
<li>The ASN1Sequence constructor for OtherRecipientInfo was broken. It has been fixed</li>
<li>Regression - DN fields SerialNumber and Country were changed to encode as UTF8String in 1.34 in the X509DefaultEntryConverter, these now encode as PrintableString.</li>
<li>CMSSignedData.replaceSigners() was not replacing the digest set as well as the signers. This has been fixed.</li>
<li>DERGeneralizedTime produced a time string without a GMT offset if they represented local time. This has been fixed.</li>
<li>Some temp files were still being left on Windows by the SMIME library. All of the known problems have been fixed.</li>
<li>Comparing ASN.1 object for equality would fail in some circumstances. This has been fixed.
<li>The IESEngine could incorrectly encrypt data when used in block cipher mode. This has been fixed.
<li>An error in the encoding of the KEKRecipientInfo has been fixed. Compatability warning: this may mean that versions of BC mail prior to 1.35 will have trouble processing KEK messages produced by 1.35 or later.
</ul>
<h3>2.4.3 Additional Features and Functionality</h3>
<ul>
<li>Further optimisations to elliptic curve math libraries.</li>
<li>API now incorporates a CertStore which should be suitable for use with LDAP.</li>
<li>The streaming ASN.1 API is now integrated into the base one, the sasn1 package has been deprecated.</li>
<li>The OpenPGP implementation now supports SHA-224 and BZIP2.</li>
<li>The OpenPGP implementation now supports SHA-1 checksumming on secret keys.</li>
<li>The JCE provider now does RSA blinding by default.</li>
<li>CMSSignedDataParser now provides methods for replacing signers and replacing certificates and CRLs.</li>
<li>A generic store API has been added to support CRLs, Certificates and Attribute certificates.</li>
<li>The CMS/SMIME API now supports inclusion and retrieval of version 2 attribute certificates.</li>
<li>Support for generating CertificationRequests and Certificates has been added for GOST-3410-2001 (ECGOST)</li>
<li>CMS/SMIME now support ECGOST</li>
<li>Basic BER Octet Strings now encode in a canonical fashion by default.</li>
<li>DERUTCTime can now return Date objects</li>
<li>Validating constructors have been added to DERPrintableString, DERIA5String, and DERNumericString.</li>
<li>A lightweight API for supporting TLS has been added.</li>
<li>Implementations of the TEA and XTEA ciphers have been added to the light weight API and the provider.</li>
<li>PEMReader now supports OpenSSL ECDSA key pairs.</li>
</ul>
<h3>2.5.1 Version</h3>
Release 1.34
<h3>2.5.2 Defects Fixed</h3>
<ul>
<li>Endianess of integer conversion in KDF2BytesGenerator was incorrect. This has been fixed.
<li>Generating critical signature subpackets in OpenPGP would result in a zero packet tag. This has been fixed.
<li>Some flags in PKIFailure info were incorrect, and the range of values was incomplete. The range of values has been increased and the flags corrected.
<li>The helper class for AuthorityKeyExtension generation was including the subject rather than the issuer DN of the CA certificate. This has been fixed.
<li>SMIMESignedParser now avoids JavaMail quoted-printable recoding issue.
<li>Verification of RSA signatures done with keys with public exponents of 3 was vunerable to
Bleichenbacher's RSA signature forgery attack. This has been fixed.
<li>PGP Identity strings were only being interpreted as ASCII rather than UTF8. This has been fixed.
<li>CertificateFactory.generateCRLs now returns a Collection rather than null.
</ul>
<h3>2.5.3 Additional Features and Functionality</h3>
<ul>
<li>An ISO18033KDFParameters class had been added to support ISO18033 KDF generators.
<li>An implemention of the KDF1 bytes generator algorithm has been added.
<li>An implementation of NaccacheStern encryption has been added to the lightweight API.
<li>X509V2CRLGenerator can now be loaded from an existing CRL.
<li>The CMS enveloped data generators will now attempt to use the default provider for encryption if the passed in provider can only handle key exchange.
<li>OpenPGP file processing has been substantially speeded up.
<li>The PKCS1Encoder would accept PKCS1 packets which were one byte oversize. By default this will now cause an error. However, as there are still implementations which still produce such packets the older behaviour can be turned on by setting the VM system property org.bouncycastle.pkcs1.strict to false before creating an RSA cipher using PKCS1 encoding.
<li>A target has been added to the bc-build.xml to zip up the source code rather than leaving it in a directory tree.
The build scripts now run this target by default.
<li>Use of toUpperCase and toLowerCase has been replaced with a locale independent converter where appropriate.
<li>Support for retrieving the issuers of indirect CRLs has been added.
<li>Classes for doing incremental path validation of PKIX cert paths have been added to the X.509 package and S/MIME.
<li>Locale issues with String.toUpperCase() have now been worked around.
<li>Optional limiting has been added to ASN1InputStream to avoid possible OutOfMemoryErrors on corrupted streams.
<li>Support has been added for SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, and SHA512withECDSA for the generation of signatures, certificates, CRLs, and certification requests.
<li>Performance of the prime number generation in the BigInteger library has been further improved.
</ul>
<h3>2.5.5 Security Advisory</h3>
<ul>
<li>If you are using public exponents with the value three you *must* upgrade to this release, otherwise it
will be possible for attackers to exploit some of Bleichenbacher's RSA signature forgery attacks on your applications.
</ul>
<h3>2.6.1 Version</h3>
Release 1.33
<h3>2.6.2 Defects Fixed</h3>
<ul>
<li>OCSPResponseData was including the default version in its encoding. This has been fixed.
<li>BasicOCSPResp.getVersion() would throw a NullPointer exception if called on a default version response. This has been fixed.
<li>Addition of an EC point under Fp could result in an ArithmeticException. This has been fixed.
<li>The n value for prime192v2 was incorrect. This has been fixed.
<li>ArmoredInputStream was not closing the underlying stream on close. This has been fixed.
<li>Small base64 encoded strings with embedded white space could decode incorrectly using the Base64 class. This has been fixed.
</ul>
<h3>2.6.3 Additional Features and Functionality</h3>
<ul>
<li>The X509V2CRLGenerator now supports adding general extensions to CRL entries.
<li>A RoleSyntax implementation has been added to the x509 ASN.1 package, and the AttributeCertificateHolder class now support the IssuerSerial option.
<li>The CMS API now correctly recognises the OIW OID for DSA with SHA-1.
<li>DERUTF8String now supports surrogate pairs.
</ul>

<h3>2.7.1 Version</h3>
Release 1.32
<h3>2.7.2 Defects Fixed</h3>
<ul>
<li>Further work has been done on RFC 3280 compliance.
<li>The ASN1Sequence constructor for SemanticsInformation would sometimes throw a ClassCastException on reconstruction an object from a byte stream. This has been fixed.
<li>The SharedInputStream.read(buf, 0, len) method would return 0 at EOF, rather than -1. This has been fixed.
<li>X9FieldElement could fail to encode a Fp field element correctly. This has been fixed.
<li>The streaming S/MIME API was occasionally leaving temporary files around. The SIMEUtil class responsible for creating the files now returns a FileBackedMimeBodyPart object
which has a dispose method on it which should allow removal of the file backing the body part.