harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikhail Loenko <mloe...@gmail.com>
Subject Re: verifying signed jars
Date Fri, 10 Feb 2006 12:48:13 GMT
We can if it is legal

Thanks,
Mikhail

On 2/10/06, Geir Magnusson Jr <geir@pobox.com> wrote:
> So I'll ask the obvious - can we borrow some of this from BC?
>
> Stepan Mishura wrote:
> > We should have at least to verify BC provider:
> > 1) Message digest algorithm: SHA-1
> > 2) Signature algorithm: SHA1withDSA
> >
> > Other jars may require additional algorithms, for example, SHA1withRSA. We
> > can verify BC provider first and use it for further jar verifications.
> >
> > Thanks,
> > Stepan Mishura
> > Intel Middleware Products Division
> >
> >
> >
> > On 2/10/06, George Harley <george.c.harley@googlemail.com> wrote:
> >> Hi Tim,
> >>
> >> In order to verify the signature of those signed provider jars I believe
> >> that you would also need trusted implementations of :
> >>
> >> * SHA-1 and MD5 digest algorithms
> >> * DSA and RSA signature algorithms
> >>
> >>
> >> Best regards,
> >> George
> >> IBM UK
> >>
> >>
> >> Tim Ellison wrote:
> >>> Stepan Mishura wrote:
> >>> <snip>
> >>>
> >>>> Returning back to the 'missing post'. I agreed with suggestion but
> >> currently
> >>>> we don't have Harmony provider so we should define how we locate
> >> 'trusted
> >>>> provides' to be secure.
> >>>>
> >>> We just need a trusted SHA1PRNG, right? then we can open signed
> >>> providers' jars and get any others.
> >>>
> >>> Regards,
> >>> Tim
> >>>
> >>>
> >>
> >
> >
> > --
> >
>

Mime
View raw message