harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <g...@pobox.com>
Subject Re: verifying signed jars
Date Fri, 10 Feb 2006 14:10:54 GMT
Heh.  Everything we will do is legal :)

The point is - would taking some source from BC be the smart thing to do 
- would it be complete, and what kind of maintenance burden would this 
be going forward?  Would some kind of re-packaged artifact from the BC 
project itself be better?

Do we need source?  Could we have a step where we re-package BC code in 
a form more suited for our purposes?

geir

Mikhail Loenko wrote:
> We can if it is legal
> 
> Thanks,
> Mikhail
> 
> On 2/10/06, Geir Magnusson Jr <geir@pobox.com> wrote:
>> So I'll ask the obvious - can we borrow some of this from BC?
>>
>> Stepan Mishura wrote:
>>> We should have at least to verify BC provider:
>>> 1) Message digest algorithm: SHA-1
>>> 2) Signature algorithm: SHA1withDSA
>>>
>>> Other jars may require additional algorithms, for example, SHA1withRSA. We
>>> can verify BC provider first and use it for further jar verifications.
>>>
>>> Thanks,
>>> Stepan Mishura
>>> Intel Middleware Products Division
>>>
>>>
>>>
>>> On 2/10/06, George Harley <george.c.harley@googlemail.com> wrote:
>>>> Hi Tim,
>>>>
>>>> In order to verify the signature of those signed provider jars I believe
>>>> that you would also need trusted implementations of :
>>>>
>>>> * SHA-1 and MD5 digest algorithms
>>>> * DSA and RSA signature algorithms
>>>>
>>>>
>>>> Best regards,
>>>> George
>>>> IBM UK
>>>>
>>>>
>>>> Tim Ellison wrote:
>>>>> Stepan Mishura wrote:
>>>>> <snip>
>>>>>
>>>>>> Returning back to the 'missing post'. I agreed with suggestion but
>>>> currently
>>>>>> we don't have Harmony provider so we should define how we locate
>>>> 'trusted
>>>>>> provides' to be secure.
>>>>>>
>>>>> We just need a trusted SHA1PRNG, right? then we can open signed
>>>>> providers' jars and get any others.
>>>>>
>>>>> Regards,
>>>>> Tim
>>>>>
>>>>>
>>>
>>> --
>>>
> 
> 

Mime
View raw message