releasenotes.html

kjlj oipipi poipoipo ipo [pipoi

<ul>
<li>PGP V3 keys and V3 signature generation is now supported.
<li>Collection classes have been added for representing files of PGP public and secret keys.
<li>PEMReader now supports "RSA PUBLIC KEY".
<li>RipeMD256 and RipeMD320 have been added.
<li>Heuristic decoder stream has been added to OpenPGP which "guesses" how the input is
constructed.
<li>ArmoredInputStream now recognises clear text signed files.
<li>ArmoredOutputStream now provides support for generating clear text signed files.
<li>Support has been added to CMS for RipeMD128, RipeMD160, and RipeMD256.
<li>Support for generating certification directly and editing PGP public key
certifications has been added.
<li>Support has been added for modification detection codes to the PGP library.
<li>Examples have been rewritten to take advantage of the above.
<li>SMIMESigned can now covert data straight into a mime message.
<li>DERGeneralizedTime getTime() method now handles a broader range of input strings.
</ul>

<h3>2.21.1 Version</h3>
Release 1.22
<h3>2.21.2 Defects Fixed</h3>
<ul>
<li>Generating DSA signatures with PGP would cause a class cast exception, this has been fixed.
<li>PGP Data in the 192 to 8383 byte length would sometimes be written with the wrong length header. This has been fixed.
<li>The certificate factory would only parse the first certificate in a PKCS7 object. This has been fixed.
<li>getRevocationReason() in RevokedStatus in OCSP would throw an exception for
a non-null reason, rather than a null one. This has been fixed.
<li>PSS signature verification would fail approximately 0.5 % of the time on correct signatures. This has been fixed.
<li>Encoding of CRL Distribution Points now always works.
</ul>
<h3>2.21.3 Additional Features and Functionality</h3>
<ul>
<li>Additional methods for getting public key information have been added to the PGP package.
<li>Some support for user attributes and the image attribute tag has been added.
<li>Support for the AuthorityInformationAccess extension has been added.
<li>Support for ElGamal encryption/decryption has been added to the PGP package.
</ul>

<h3>2.22.1 Version</h3>
Release 1.21
<h3>2.22.2 Defects Fixed</h3>
<ul>
<li>The CertPath validator would fail for some valid CRLs. This has been  fixed.
<li>AES OIDS for S/MIME were still incorrect, this has been fixed.
<li>The CertPathBuilder would sometimes throw a NullPointerException looking for an issuer. This has been fixed.
<li>The J2ME BigInteger class would sometimes go into an infinite loop generating prime numbers. This has been fixed.
<li>DERBMPString.equals() would throw a class cast exception. This has been fixed.
</ul>
<h3>2.22.3 Additional Features and Functionality</h3>
<ul>
<li>PEMReader now handles public keys.
<li>OpenPGP/BCPG should now handle partial input streams. Additional methods for reading subpackets off signatures.
<li>The ASN.1 library now supports policy qualifiers and policy info objects.
</ul>

<h3>2.23.1 Version</h3>
Release 1.20
<h3>2.23.2 Defects Fixed</h3>
<ul>
<li>BigInteger toString() in J2ME/JDK1.0 now produces same output as the Sun one.
<li>RSA would throw a NullPointer exception with doFinal without arguments. This has been fixed.
<li>OCSP CertificateID would calculate wrong issuer hash if issuer cert was not self signed. This has been fixed.
<li>Most of response generation in OCSP was broken. This has been fixed.
<li>The CertPath builder would sometimes go into an infinite loop on some chains if the trust anchor was missing. This has been fixed.
<li>AES OIDS were incorrect, this has been fixed.
<li>In some cases BC generated private keys would not work with the JSSE. This has been fixed.
</ul>
<h3>2.23.3 Additional Features and Functionality</h3>
<ul>
<li>Support for reading/writing OpenPGP public/private keys and OpenPGP signatures has been added.
<li>Support for generating OpenPGP PBE messages and public key encrypted messages has been added.
<li>Support for decrypting OpenPGP messages has been added.
<li>Addition of a Null block cipher to the light weight API.
</ul>

<h3>2.24.1 Version</h3>
Release 1.19
<h3>2.24.2 Defects Fixed</h3>
<ul>
<li>The PKCS12 store would throw an exception reading PFX files that had attributes with no values. This has been fixed.
<li>RSA Private Keys would not serialise if they had PKCS12 bag attributes attached to them, this has been fixed.
<li>GeneralName was encoding OtherName as explicitly tagged, rather than implicitly tagged. This has been fixed.
<li>ASN1 parser would sometimes mistake an implicit null for an implicit empty
sequence. This has been fixed.
</ul>
<h3>2.24.3 Additional Features and Functionality</h3>
<ul>
<li>S/MIME and CMS now support the draft standard for AES encryption.
<li>S/MIME and CMS now support setable key sizes for the standard algorithms.
<li>S/MIME and CMS now handle ARC4/RC4 encrypted messages.
<li>The CertPath validator now passes the NIST test suite.
<li>A basic OCSP implementation has been added which includes request generation
and the processing of responses. Response generation is also provided, but should be treated as alpha quality code.
<li>CMS now attempts to use JCA naming conventions in addition to the OID name
in order to find algorithms.
</ul>

<h3>2.25.1 Version</h3>
Release 1.18
<h3>2.25.2 Defects Fixed</h3>
<ul>
<li>DESKeySpec.isParityAdjusted in the clean room JCE could go into an
infinite loop. This has been fixed.
<li>The SMIME API would end up throwing a class cast exception if a
MimeBodyPart was passed in containing a MimeMultipart. This is now fixed.
<li>ASN1InputStream could go into an infinite loop reading a truncated
input stream. This has been fixed.
<li>Seeding with longs in the SecureRandom for the J2ME and JDK 1.0,
only used 4 bytes of the seed value. This has been fixed.
</ul>
<h3>2.25.3 Additional Features and Functionality</h3>
<ul>
<li>The X.509 OID for RSA is now recognised by the provider as is the OID for RSA/OAEP.
<li>Default iv's for DES are now handled correctly in CMS.
<li>The ASN.1 classes have been updated to use the generic ASN1* classes where
possible.
<li>A constructor has been added to SMIMESigned to simplify the processing
of "application/pkcs7-mime; smime-type=signed-data;" signatures.
<li>Diffie-Hellman key generation is now faster in environments using the
Sun BigInteger library.
</ul>
<h3>2.26.1 Version</h3>
Release 1.17
<h3>2.26.2 Defects Fixed</h3>
<ul>
<li>Reuse of an CMSSignedObject could occasionally result in a class
cast exception. This has been fixed.
<li>The X.509 DistributionPointName occasionally encoded incorrectly. This has
been fixed.
<li>BasicConstraints construction would break if an ASN.1 sequence was used
with only the required parameter. This has been fixed.
<li>The DERObject constructor in OriginatorIdentifierOrKey was leaving 
the id field as null. This has been fixed.
</ul>
<h3>2.26.2 Additional Functionality and Features</h3>
<ul>
<li>RC2 now supports the full range of parameter versions and effective
key sizes.
<li>CompressedData handling has been added to CMS/SMIME.
<li>The 1.4 version now allows X500Principles to be generated directly
from CRLs.
<li>SMIME objects now support binary encoding. The number of signature
types recognised has been increased. 
<li>CMS can create signed objects with encapsulated data. Note: while
this was been done we realised we could simplify things, we did and
for the most part people won't notice, other than the occasional
reference to CMSSignable will need to be replaced with CMSProcessable.
<li>X509Name and X509Principal now support forward and reverse X509Name
to string conversion, with changeable lookup tables for converting OIDs
into strings. Both classes also now allow the direction of encoding to
be set when a string is converted as well as changeable lookup tables for
string to OID conversion.
</ul>

<h3>2.27.1 Version</h3>
Release 1.16
<h3>2.27.2 Defects Fixed</h3>
<ul>
<li>CRLS were only working for UTC time constructed Time objects, this has
been fixed.
<li>KeyUsage and ReasonFlags sometimes encoded longer than necessary. This
has been fixed.
<li>BER encoded sets are now recognised and dealt with.
<li>Encoding issues in CMS which were causing problems with backwards
compatibility with older CMS/SMIME clients have been fixed.
<li>KeyFactory now allows for creation of RSAKey*Spec classes.
<li>The X509CertSelector in the clean room CertPath API is now less likely
to throw a NullPointerException at the wrong time.
<li>Macs now clone correctly in the clean room JCE.
</ul>
<h3>2.27.3 Additional Functionality and Features</h3>
<ul>
<li>PGPCFB support has been added to the provider and the lightweight API.
<li>There are now three versions of the AESEngine, all faster than before,
with the largest footprint one being the fastest. The JCE AES now refers
to the fastest.
<li>The 1.4 version of the library now allows for X500Principals to be
generated directly from certificates.
<li>X509Name has been extended to parse numeric oids, "oid." oids, and to
recognise the LDAP UID.
<li>Immutable sequences and sets have been introduced to the ASN.1 package.
<li>The SMIME/CMS ASN.1 base classes have been rewritten to reduce the
size of the package for use with the lightweight API.
<li>The SMIME/CMS api's have been rewritten to allow them to take advantage
of the Cert Path API, remove code suited to inclusion in the provider,
and to support multiple recipients/signers.
</ul>
<h3>2.28.1 Version</h3>
Release 1.15
<h3>2.28.2 Defects Fixed</h3>
<ul>
<li>The base string for the oids in asn1.x509.KeyPurposeId was incorrect. This
has been fixed.
<li>MimeBodyParts in the SMIME Generator did not have their Content-Type
properly set up after decryption. This has been fixed.
<li>If a X.509 certificate did not have all the keyUsage extension bits set,
the provider wasn't padding the return value of the key usage extension to
8 booleans in length. This has been fixed.
<li>In some cases the simple BC keystore allowed overwriting of an alias with
one of the same name. This has been fixed.
<li>The key schedule for RC5-64 was not always being calculated correctly. This
has been fixed.
<li>On reset buffered blockcipher was only partially erasing the previous buffer. This has been fixed.
<li>All lightweight mac classes now do a reset on doFinal.
<li>ASN.1 object identifiers wouldn't encode the first byte correctly if the