releasenotes.html

java非对称加密的源代码

has been fixed.
<li>BER encoded sets are now recognised and dealt with.
<li>Encoding issues in CMS which were causing problems with backwards
compatibility with older CMS/SMIME clients have been fixed.
<li>KeyFactory now allows for creation of RSAKey*Spec classes.
<li>The X509CertSelector in the clean room CertPath API is now less likely
to throw a NullPointerException at the wrong time.
<li>Macs now clone correctly in the clean room JCE.
</ul>
<h3>2.23.3 Additional Functionality and Features</h3>
<ul>
<li>PGPCFB support has been added to the provider and the lightweight API.
<li>There are now three versions of the AESEngine, all faster than before,
with the largest footprint one being the fastest. The JCE AES now refers
to the fastest.
<li>The 1.4 version of the library now allows for X500Principals to be
generated directly from certificates.
<li>X509Name has been extended to parse numeric oids, "oid." oids, and to
recognise the LDAP UID.
<li>Immutable sequences and sets have been introduced to the ASN.1 package.
<li>The SMIME/CMS ASN.1 base classes have been rewritten to reduce the
size of the package for use with the lightweight API.
<li>The SMIME/CMS api's have been rewritten to allow them to take advantage
of the Cert Path API, remove code suited to inclusion in the provider,
and to support multiple recipients/signers.
</ul>
<h3>2.24.1 Version</h3>
Release 1.15
<h3>2.24.2 Defects Fixed</h3>
<ul>
<li>The base string for the oids in asn1.x509.KeyPurposeId was incorrect. This
has been fixed.
<li>MimeBodyParts in the SMIME Generator did not have their Content-Type
properly set up after decryption. This has been fixed.
<li>If a X.509 certificate did not have all the keyUsage extension bits set,
the provider wasn't padding the return value of the key usage extension to
8 booleans in length. This has been fixed.
<li>In some cases the simple BC keystore allowed overwriting of an alias with
one of the same name. This has been fixed.
<li>The key schedule for RC5-64 was not always being calculated correctly. This
has been fixed.
<li>On reset buffered blockcipher was only partially erasing the previous buffer. This has been fixed.
<li>All lightweight mac classes now do a reset on doFinal.
<li>ASN.1 object identifiers wouldn't encode the first byte correctly if the
OID started with 2 and the second number was greater than 47. This has been
fixed.
<li>If a key had PKCS9 attributes associated with it on storage they took
precedence over the local alias used to add the key to the PKCS12 key store.
The local name now takes precedence.
<li>ReasonFlags now correctly encodes.
</ul>
<h3>2.24.3 Additional Functionality and Features</h3>
<ul>
<li>The PKCS12 key store now handles key bags in encryptedData bags.
<li>The X509NameTokenizer now handles for '\' and '"' characters.
<li>SMIME v2 compliance has been added. Use setVersion(2) in the generator classes.
<li>The ASN.1 library now supports ENUMERATED, UniversalString and the X.509 library support for CRLs now includes CRLReason, and some elements of CertificatePolicies.
<li>Both the provider and the lightweight library now support a basic SIC mode for block ciphers.
</ul>
<h3>2.25.1 Version</h3>
Release 1.14
<h3>2.25.2 Defects Fixed</h3>
<ul>
<li>there was a bug in the BigInteger right shifting for > 31 bit shifts.
This has been fixed.
<li>x509 name had it's equality test based on the order of the directory
elements, this has been fixed.
<li>the mode used with the RSA cipher in KeyTransRecipientInfoParser in
the smime implementation was not compatible with the Sun JCE.
This has been fixed.
<li>PKCS7 SignedData now supports single length signing chains.
<li>When a root certificate had a different issuer id from the subject id, or
had it's own AuthorityKeyExtension the PKCS12 key store would drop the root
certificate from the certificate chain. This has been fixed.
<li>The PKCS10 CertificationRequestInfo class always expected at least one
attribute. This has been fixed.
<li>UTF8 strings are now correctly recognised.
<li>The Tiger implementation was producing results in reverse byte
order for each of the 3 words making up the digest. This has been fixed.
<li>asn1.x509.ExtendedKeyUsage used to through a null pointer exception
on construction. This has been fixed.
</ul>
<h3>2.25.3 Additional Functionality and Features</h3>
<ul>
<li>The BigInteger library now uses Montgomery numbers for modPow and is
substantially faster.
<li>SMIMECapabilities, and SMIMEEncryptionKeyPreference attributes added to S/MIME.
<li>Increased range of key sizes available in S/MIME.
<li>getInstance(ASN1TaggedObject, boolean) methods have been added to most ASN1 types.
These deal with implicit/explicit tagging ambiguities with constructed types.
<li>Added EncryptedPrivateKeyInfo object to the clean room JCE.
<li>A PEMReader has been added for handling some of the openSSL PEM files.
<li>The X.509 certificate factory supports a wider range of encodings and
object identifiers.
</ul>
<h3>2.26.1 Version</h3>
Release 1.13
<h3>2.26.2 Defects Fixed</h3>
<ul>
    <li>The TBSCertificate object in the ASN.1 library now properly implements
    the Time object, rather returning UTC time.
    <li>The DESedeKeyGenerator now supports 112 and 168 bit key generation.
    <li>Certificates with the keyId set to null in the AuthorityKeyIdentifier extensions would sometimes cause the PKCS12 store to throw a NullPointer exception. This has been fixed.
    <li>toByteArray in the big integer class was not always producing correct
    results for negative numbers. This has been Fixed.
</ul>

<h3>2.26.3 Additional Functionality and Features</h3>
<ul>
    <li>The key to keySpec handling of the secret key factories has been improved.
    <li>There is now a SMIME implementation and a more complete CMS
        implementation (see CONTRIBUTORS file for additonal details).
    <li>A CertPath implementation that runs under jdk1.1 and jdk1.4 has also
    being contributed. A work around to allow it to be used with jdk1.2 and
    jdk1.3 has also been added. Note: the implementation is not quite complete
    because policymapping, name and subtree contraints are not yet
    implemented.
    <li>The API now supports the generation of PKCS7 signed objects. Note: this
    is still beta code - one known issue is that it doesn't support single
    length certificate chains for signing keys.
</ul>

<h3>2.27.1 Version</h3>
Release 1.12
<h3>2.27.2 Defects Fixed</h3>
<ul>
    <li>The ASN.1 library was unable to read an empty set object. This has been fixed.
    <li>Returning sets of critical and non-critical extensions on X.509 certificates could result in a null pointer exception if the certificate had no extensions. This has been fixed.
    <li>The BC JKS implementation does not follow the conventional one - it has been renamed BKS, an attempt to create a JKS keystore using the BC provider will now result in an exception.
    <li>The PKCS 10 generator verify(provider) method was ignoring the provider when generating the public key. This has been fixed.
    <li>The PKCS12 store would throw an OutOfMemoryException if passed a non-PKCS12 file. This has been fixed.
    <li>In the case where there was no AuthorityKeyIdentifier the PKCS12 store
    would fail to find certificates further up the signing chain. The store now
    uses the IssuerDN if no AuthorityKeyIdentifier is specified and the IssuerDN
    is different from the SubjectDN,
    <li>PKCS10/CertificationRequestInfo objects with only a single attribute wer
    not being handled properly. This has been fixed.
    <li>getExtensionValue for X.509 CRLs was returning the value of the
    DER-Encoded octet string not the DER-Encoded octet string as required. This
    has been fixed.
    <li>the IV algorithm parameters class would improperly throw an exception
    on initialisation. This has been fixed.
</ul>
<h3>2.27.3 Additional Functionality and Features</h3>
<ul>
    <li>The AESWrap ciphers will now take IV's.
    <li>The DES-EDEWrap algorithm described in http://www.ietf.org/internet-drafts/draft-ietf-smime-key-wrap-01.txt is now supported.
    <li>Support for the ExtendedKeyUsageExtension and the KeyPurposeId has been added.
    <li>The OID based alias for DSA has been added to the JCE provider.
    <li>BC key stores now implement the BCKeyStore interface so you can provide your own source of randomness to a key store.
    <li>The ASN.1 library now supports GeneralizedTime.
    <li>HMACSHA256, HMACSHA384, and HMACSHA512 are now added.
    <li>PSS has been added to the JCE, PSS and ISO9796 signers in the lightweight api have been rewritten so they can be used incrementally. SHA256withRSA, SHA384withRSA, and SHA512withRSA have been added.
    <li>Base support for CMS (RFC 2630) is now provided (see CONTRIBUTORS file
    for details).
</ul>
<h3>2.28.1 Version</h3>
Release 1.11
<h3>2.28.2 Defects Fixed</h3>
<ul>
<li>X9.23 padding of MACs now works correctly with block size aligned data.
<li>Loading a corrupted "UBER" key store would occassionally cause the
appearance of hanging. This has been fixed.
<li>Loading a PKCS12 store where not all certificates had PKCS9 attributes
assigned to them would cause a NullPointerException. This has been fixed.
<li>The PKCS12 store wasn't correctly recovering certificate chains of
length less than 2 on calling the getCertificateChain method. This has been
fixed.
<li>Lone certificates were not been stored in the PKCS12 store. This has been fixed.
<li>CFB and OFB modes weren't padding iv's more than 1 byte less than the 
block size of the cipher if the mode was reused with a shorter IV. This has
been fixed.
<li>IV handling and block size return values for CFB and OFB modes wasn't being handled in the same way as the Sun reference implementation. This has been fixed.
<li>CertificateInfoRequests were not handling null attributes correctly. This
has been fixed.
<li>Tags for the X.509 GeneralName structure were wrongly encoded. This has been
fixed.
<li>getExtensionValue for X.509 certificates was returning the value of the
DER-Encoded octet string not the DER-Encoded octet string as required. This has
been fixed.
<li>reset on the version 3 X.509 certificate generator was not flushing the
extensions. This has been fixed.
<li>The NetscapeCert type bits were reversed! This has been fixed.
</ul>
<h3>2.28.3 Additional Functionality and Features</h3>
<ul>
<li>The lightweight API and the JCE provider now support ElGamal.
<li>X509Principal, and X509Name now supports the "DC" attribute and the
creation of directory names from vectors.
<li>RSA-PSS signature padding has been added to the lightweight API.
<li>EC Public/Private keys are now encoded in accordance with SEC 1. The library
will still read older keys as well.
<li>Added PKCS12-DEF a pkcs12 based key store which works around a bug in
the Sun keytool - it always uses the default provider for creating certificates.
<li>A cut down version of the Rijndael has been added that provides the functionality required to conform the the AES. It is designed to fully support FIPS-197. A fips AES wrapper (AESWrap in the JCE, AESWrapEngine in the lightweight library has also been added).
<li>Elliptic curve routines now handle uncompressed points as well as the
compressed ones.
</ul>
<h3>2.28.4 Other changes</h3>
<ul>
<li>As the range of public key types supported has expanded the getPublicKey
method on the SubjectPublicKeyInfo class is not always going to work. The
more generic method getPublicKeyData has been added and getPublicKey now
throws an IOException if there is a problem.
</ul>
<h3>2.29.1 Version</h3>
Release 1.10
<h3>2.29.2 Defects Fixed</h3>
<ul>
<li>The PKCS12 Key Store now interoperates with the JDK key tool. <b>Note:</b> this does mean the the key name passed to the setKeyEntry calls has become
significant.
<li>The "int" constructor for DERInteger only supported ints up to 128. This
has been fixed.
<li>The ASN.1 input streams now handle zero-tagged zero length objects correctly.
</ul>
<h3>2.29.3 Additional Functionality and Features</h3>
<ul>
<li>The JCE Provider and the lightweight API now support Serpent, CAST5, and CAST6.
<li>The JCE provider and the lightweight API now has an implementation of ECIES.
<b>Note:</b> this is based on a draft, don't use it for anything that needs to
be kept long term as it may be adjusted.