harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Harley <george.c.har...@googlemail.com>
Subject Re: verifying signed jars
Date Fri, 10 Feb 2006 10:47:53 GMT
Hi Tim,

In order to verify the signature of those signed provider jars I believe 
that you would also need trusted implementations of :

* SHA-1 and MD5 digest algorithms
* DSA and RSA signature algorithms


Best regards,
George
IBM UK


Tim Ellison wrote:
> Stepan Mishura wrote:
> <snip>
>   
>> Returning back to the 'missing post'. I agreed with suggestion but currently
>> we don't have Harmony provider so we should define how we locate 'trusted
>> provides' to be secure.
>>     
>
> We just need a trusted SHA1PRNG, right? then we can open signed
> providers' jars and get any others.
>
> Regards,
> Tim
>
>   


Mime
View raw message