harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Harley <george.c.har...@googlemail.com>
Subject Re: verifying signed jars
Date Fri, 10 Feb 2006 11:36:35 GMT
Hi Stepan,

In the short term, yes, SHA-1 and DSA should suffice for verifying the 
BouncyCastle provider jar. Long term though, Harmony will also need to 
support the MD5 and RSA algorithms for other providers that may have 
been signed with those algorithms. While the Jar file specification does 
not mandate a set of digest and signature algorithms that may be used 
for signing, it should be noted that the reference jarsigner tool 
supports both DSA+SHA-1 and RSA+MD5.

Best regards,
George
IBM UK

PS, Keeping my fingers crossed this ends up on the dev-list :-)


Stepan Mishura wrote:
>
> We should have at least to verify BC provider:
> 1) Message digest algorithm: SHA-1
> 2) Signature algorithm: SHA1withDSA
>
> Other jars may require additional algorithms, for example, 
> SHA1withRSA. We can verify BC provider first and use it for further 
> jar verifications.
>
>  
> Thanks,
> Stepan Mishura
> Intel Middleware Products Division
>
>
>  
> On 2/10/06, *George Harley* <george.c.harley@googlemail.com 
> <mailto:george.c.harley@googlemail.com>> wrote:
>
>     Hi Tim,
>
>     In order to verify the signature of those signed provider jars I
>     believe
>     that you would also need trusted implementations of :
>
>     * SHA-1 and MD5 digest algorithms
>     * DSA and RSA signature algorithms
>
>
>     Best regards,
>     George
>     IBM UK
>
>
>     Tim Ellison wrote:
>     > Stepan Mishura wrote:
>     > <snip>
>     >
>     >> Returning back to the 'missing post'. I agreed with suggestion
>     but currently
>     >> we don't have Harmony provider so we should define how we
>     locate 'trusted
>     >> provides' to be secure.
>     >>
>     >
>     > We just need a trusted SHA1PRNG, right? then we can open signed
>     > providers' jars and get any others.
>     >
>     > Regards,
>     > Tim
>     >
>     >
>
>
>
>
> -- 


Mime
View raw message