releasenotes.html

java非对称加密的源代码

<li>Support for extracting signatures based on PGP user attributes has been
added to PGPPublicKey.
<li>BCPGArmoredInputStream should cope with plain text files better.
<li>The OpenPGP library can now create indefinite length streams and handle packets greater than (2^32 - 1) in length.
<li>Direct support for adding SignerUserID and PrimaryUserID has been added to the PGPSignatureSubpacketGenerator.
<li>Support for ISO-9796-2/PSS has been added to the lightweight API.
<li>API support for extracting recovered messages from signatures that support
message recovery has been added to the lightweight API.
<li>String value conversion in a DN being processed by X509Name is now fully
configurable.
<li>It is now possible to create new versions of CMSSignedData objects without
having to convert the original object down to its base ASN.1 equivalents.
<li>Support for adding PGP revocations and other key signatures has been added.
<li>Support for SHA-224 and SHA224withRSA has been added.
<li>Trailing bit complement (TBC) padding has been added.
<li>OID components of up to 2^63 bits are now supported.
</ul>
<h3>2.15.1 Version</h3>
Release 1.24
<h3>2.15.2 Defects Fixed</h3>
<ul>
<li>OpenPGP Secret key rings now parse key rings with user attribute packets in them correctly.
<li>OpenPGP Secret key rings now parse key rings with GPG comment packets in them.
<li>X509Name and X509Principal now correctly handle BitStrings.
<li>OpenPGP now correctly recognises RSA signature only keys.
<li>When re-encoding PGP public keys taken off secret keys getEncoded would
sometimes throw a NullPointerException. This has been fixed.
<li>A basic PKCS12 file with a single key and certificate, but no attributes, would cause a null pointer exception. This has been fixed.
<li>Signature verification now handles signatures where the parameters block is missing rather than NULL.
<li>Lightweight CBCBlockCipherMac was failing to add padding if padding was
being explicitly provided and data length was a multiple of the block size. This has been fixed.
<li>ZIP compression in PGP was failing to compress data in many cases. This has been fixed.
<li>Signatures were occassionally produced with incorrect padding in their associated bit strings, this has been fixed.
<li>An encoding error introduced in 1.23 which affected generation of the
KeyUsage extension has been fixed.
</ul>
<h3>2.15.3 Additional Features and Functionality</h3>
<ul>
<li>PKCS12 keystore now handles single key/certificate files without any attributes present.
<li>Support for creation of PGPKeyRings incorporating sub keys has been added.
<li>ZeroPadding for encrypting ASCII data has been added.
</ul>
<h3>2.16.1 Version</h3>
Release 1.23
<h3>2.16.2 Defects Fixed</h3>
<ul>
<li>Reading a PGP Secret key file would sometimes cause a class cast exception. This has been fixed.
<li>PGP will now read SecretKeys which are encrypted with the null algorithm.
<li>PGP ObjectFactory will recognise Marker packets.
<li>BasicConstraints class now handles default empty sequences correctly.
<li>S2K Secret Key generation now supported in OpenPGP for keys greater than 160 bits, a bug causing
it to occasionally generate the wrong key has been fixed.
<li>OpenPGP implementation can now read PGP 8 keys.
<li>Decoding issues with Secret Sub Keys should now be fixed.
<li>PGP would occasionally unpack ElGamal encrypted data incorrectly, this has been fixed.
<li>OCSP TBSRequest now uses abreviated encoding if the default version is used.
<li>X509Name class will now print names with nested pairs in component sets correctly.
<li>RC4 now resets correctly on doFinal.
</ul>
<h3>2.16.3 Additional Features and Functionality</h3>
<ul>
<li>PGP V3 keys and V3 signature generation is now supported.
<li>Collection classes have been added for representing files of PGP public and secret keys.
<li>PEMReader now supports "RSA PUBLIC KEY".
<li>RipeMD256 and RipeMD320 have been added.
<li>Heuristic decoder stream has been added to OpenPGP which "guesses" how the input is
constructed.
<li>ArmoredInputStream now recognises clear text signed files.
<li>ArmoredOutputStream now provides support for generating clear text signed files.
<li>Support has been added to CMS for RipeMD128, RipeMD160, and RipeMD256.
<li>Support for generating certification directly and editing PGP public key
certifications has been added.
<li>Support has been added for modification detection codes to the PGP library.
<li>Examples have been rewritten to take advantage of the above.
<li>SMIMESigned can now covert data straight into a mime message.
<li>DERGeneralizedTime getTime() method now handles a broader range of input strings.
</ul>

<h3>2.17.1 Version</h3>
Release 1.22
<h3>2.17.2 Defects Fixed</h3>
<ul>
<li>Generating DSA signatures with PGP would cause a class cast exception, this has been fixed.
<li>PGP Data in the 192 to 8383 byte length would sometimes be written with the wrong length header. This has been fixed.
<li>The certificate factory would only parse the first certificate in a PKCS7 object. This has been fixed.
<li>getRevocationReason() in RevokedStatus in OCSP would throw an exception for
a non-null reason, rather than a null one. This has been fixed.
<li>PSS signature verification would fail approximately 0.5 % of the time on correct signatures. This has been fixed.
<li>Encoding of CRL Distribution Points now always works.
</ul>
<h3>2.17.3 Additional Features and Functionality</h3>
<ul>
<li>Additional methods for getting public key information have been added to the PGP package.
<li>Some support for user attributes and the image attribute tag has been added.
<li>Support for the AuthorityInformationAccess extension has been added.
<li>Support for ElGamal encryption/decryption has been added to the PGP package.
</ul>

<h3>2.18.1 Version</h3>
Release 1.21
<h3>2.18.2 Defects Fixed</h3>
<ul>
<li>The CertPath validator would fail for some valid CRLs. This has been  fixed.
<li>AES OIDS for S/MIME were still incorrect, this has been fixed.
<li>The CertPathBuilder would sometimes throw a NullPointerException looking for an issuer. This has been fixed.
<li>The J2ME BigInteger class would sometimes go into an infinite loop generating prime numbers. This has been fixed.
<li>DERBMPString.equals() would throw a class cast exception. This has been fixed.
</ul>
<h3>2.18.3 Additional Features and Functionality</h3>
<ul>
<li>PEMReader now handles public keys.
<li>OpenPGP/BCPG should now handle partial input streams. Additional methods for reading subpackets off signatures.
<li>The ASN.1 library now supports policy qualifiers and policy info objects.
</ul>

<h3>2.19.1 Version</h3>
Release 1.20
<h3>2.19.2 Defects Fixed</h3>
<ul>
<li>BigInteger toString() in J2ME/JDK1.0 now produces same output as the Sun one.
<li>RSA would throw a NullPointer exception with doFinal without arguments. This has been fixed.
<li>OCSP CertificateID would calculate wrong issuer hash if issuer cert was not self signed. This has been fixed.
<li>Most of response generation in OCSP was broken. This has been fixed.
<li>The CertPath builder would sometimes go into an infinite loop on some chains if the trust anchor was missing. This has been fixed.
<li>AES OIDS were incorrect, this has been fixed.
<li>In some cases BC generated private keys would not work with the JSSE. This has been fixed.
</ul>
<h3>2.19.3 Additional Features and Functionality</h3>
<ul>
<li>Support for reading/writing OpenPGP public/private keys and OpenPGP signatures has been added.
<li>Support for generating OpenPGP PBE messages and public key encrypted messages has been added.
<li>Support for decrypting OpenPGP messages has been added.
<li>Addition of a Null block cipher to the light weight API.
</ul>

<h3>2.20.1 Version</h3>
Release 1.19
<h3>2.20.2 Defects Fixed</h3>
<ul>
<li>The PKCS12 store would throw an exception reading PFX files that had attributes with no values. This has been fixed.
<li>RSA Private Keys would not serialise if they had PKCS12 bag attributes attached to them, this has been fixed.
<li>GeneralName was encoding OtherName as explicitly tagged, rather than implicitly tagged. This has been fixed.
<li>ASN1 parser would sometimes mistake an implicit null for an implicit empty
sequence. This has been fixed.
</ul>
<h3>2.20.3 Additional Features and Functionality</h3>
<ul>
<li>S/MIME and CMS now support the draft standard for AES encryption.
<li>S/MIME and CMS now support setable key sizes for the standard algorithms.
<li>S/MIME and CMS now handle ARC4/RC4 encrypted messages.
<li>The CertPath validator now passes the NIST test suite.
<li>A basic OCSP implementation has been added which includes request generation
and the processing of responses. Response generation is also provided, but should be treated as alpha quality code.
<li>CMS now attempts to use JCA naming conventions in addition to the OID name
in order to find algorithms.
</ul>

<h3>2.21.1 Version</h3>
Release 1.18
<h3>2.21.2 Defects Fixed</h3>
<ul>
<li>DESKeySpec.isParityAdjusted in the clean room JCE could go into an
infinite loop. This has been fixed.
<li>The SMIME API would end up throwing a class cast exception if a
MimeBodyPart was passed in containing a MimeMultipart. This is now fixed.
<li>ASN1InputStream could go into an infinite loop reading a truncated
input stream. This has been fixed.
<li>Seeding with longs in the SecureRandom for the J2ME and JDK 1.0,
only used 4 bytes of the seed value. This has been fixed.
</ul>
<h3>2.21.3 Additional Features and Functionality</h3>
<ul>
<li>The X.509 OID for RSA is now recognised by the provider as is the OID for RSA/OAEP.
<li>Default iv's for DES are now handled correctly in CMS.
<li>The ASN.1 classes have been updated to use the generic ASN1* classes where
possible.
<li>A constructor has been added to SMIMESigned to simplify the processing
of "application/pkcs7-mime; smime-type=signed-data;" signatures.
<li>Diffie-Hellman key generation is now faster in environments using the
Sun BigInteger library.
</ul>
<h3>2.22.1 Version</h3>
Release 1.17
<h3>2.22.2 Defects Fixed</h3>
<ul>
<li>Reuse of an CMSSignedObject could occassionally result in a class
cast exception. This has been fixed.
<li>The X.509 DistributionPointName occasionally encoded incorrectly. This has
been fixed.
<li>BasicConstraints construction would break if an ASN.1 sequence was used
with only the required parameter. This has been fixed.
<li>The DERObject constructor in OriginatorIdentifierOrKey was leaving 
the id field as null. This has been fixed.
</ul>
<h3>2.22.2 Additional Functionality and Features</h3>
<ul>
<li>RC2 now supports the full range of parameter versions and effective
key sizes.
<li>CompressedData handling has been added to CMS/SMIME.
<li>The 1.4 version now allows X500Principles to be generated directly
from CRLs.
<li>SMIME objects now support binary encoding. The number of signature
types recognised has been increased. 
<li>CMS can create signed objects with encapsulated data. Note: while
this was been done we realised we could simplify things, we did and
for the most part people won't notice, other than the occassional
reference to CMSSignable will need to be replaced with CMSProcessable.
<li>X509Name and X509Principal now support forward and reverse X509Name
to string conversion, with changeable lookup tables for converting OIDs
into strings. Both classes also now allow the direction of encoding to
be set when a string is converted as well as changeable lookup tables for
string to OID conversion.
</ul>

<h3>2.23.1 Version</h3>
Release 1.16
<h3>2.23.2 Defects Fixed</h3>
<ul>
<li>CRLS were only working for UTC time constructed Time objects, this has
been fixed.
<li>KeyUsage and ReasonFlags sometimes encoded longer than necessary. This