harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail Loenko" <mloe...@gmail.com>
Subject Re: [security] Which KeyStore to choose?
Date Thu, 17 Jan 2008 15:19:14 GMT
2008/1/17, Zakharov, Vasily M <vasily.m.zakharov@intel.com>:
>
> I'm going to specify a default to use by Geronimo when it's running on
> Harmony.
>
> PKCS12 [1] is RSA Labs keystore format. It has the advantage that it is
> supported
> by both RI and BouncyCastle, but it's not Java-specific, and is
> supported also by
> Internet Explorer and other applications.

You said you are chosing between BKS and PKCS12. Is it hypotetical
choice or you have an implementation of PKCS12? My question was about
the implementation


>
> Do I understand you correctly that as Harmony uses BC that has BKS as
> default keystore,

I'd pu tit this way:
1) Harmony uses BC
2) BC contains implementation of BKS (which is BC Key Store)
3) Harmony config specifies BKS as default

> so the BKS is the best default choice, right?

I don't know what your requirements are. Is there other (non JKS) key
store formats (PKCS12?) available on RI? Can we make it available in
Harmony?

>
> Vasily
>
> [1] http://en.wikipedia.org/wiki/PKCS12
>
>
> -----Original Message-----
> From: Mikhail Loenko [mailto:mloenko@gmail.com]
> Sent: Wednesday, January 16, 2008 9:43 PM
> To: dev@harmony.apache.org
> Subject: Re: [security] Which KeyStore to choose?
>
> are you talking about ability to specify for Harmony or for Geronimo?
>
> Default for any JRE is specified in the .java.security configuration
> file. BKS is something from BC provider by definition. What is PKCS12?
>
> 2008/1/17, Zakharov, Vasily M <vasily.m.zakharov@intel.com>:
> >
> > I fully agree with that, but besides, we should propose some choice to
> > use by default.
> > That's what I'm asking for.
> >
> > Vasily
> >
> >
> > -----Original Message-----
> > From: Alexey Petrenko [mailto:alexey.a.petrenko@gmail.com]
> > Sent: Wednesday, January 16, 2008 9:14 PM
> > To: dev@harmony.apache.org
> > Subject: Re: [security] Which KeyStore to choose?
> >
> > I think that the best options is possibility to choose :)
> >
> > SY, Alexey
> >
> > 2008/1/16, Zakharov, Vasily M <vasily.m.zakharov@intel.com>:
> > > Hi, security gurus, what would be you suggestion on which would be
> the
> > > best default keystore type to use in applications like Geronimo?
> > >
> > > I'm now trying to enable Geronimo 2.0.2 on Harmony, and it requires
> a
> > > proper keystore to operate. By default, it uses JKS which Harmony
> > > doesn't support, and I'm going to propose changing that to something
> > > else. Previously there were talks on using PKCS12, but for now
> default
> > > keystore type for Harmony is BKS, so I wonder, which would make the
> > best
> > > default.
> > >
> > > Thank you!
> > >
> > > Vasily Zakharov
> > > Intel ESSD
> > >
> > >
> > >
> > > ---
> > >
> >
> >
> --------------------------------------------------------------------
> Closed Joint Stock Company Intel A/O
> Registered legal address: 125252, Moscow, Russian Federation,
> Chapayevsky Per, 14.
>
> This e-mail and any attachments may contain confidential material for
> the sole use of the intended recipient(s). Any review or distribution
> by others is strictly prohibited. If you are not the intended
> recipient, please contact the sender and delete all copies.
>
>

Mime
View raw message