harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail Loenko" <mloe...@gmail.com>
Subject Re: [security] Which KeyStore to choose?
Date Fri, 18 Jan 2008 03:30:01 GMT
2008/1/17, Zakharov, Vasily M <vasily.m.zakharov@intel.com>:
>
> > You said you are chosing between BKS and PKCS12. Is it hypotetical
> > choice or you have an implementation of PKCS12? My question was about
> > the implementation
>
> Yes, BouncyCastle has implementation for both BKS and PKCS12.
>
> > Is there other (non JKS) keystore formats (PKCS12?) available on RI?
>
> Yes, RI supports JKS and PKCS12 (see [1]).

Then i think PKCS12 is more reasonable for default

Thanks,
Mikhail

>
> Vasily
>
> [1]
> http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#AppA
>
>
> -----Original Message-----
> From: Mikhail Loenko [mailto:mloenko@gmail.com]
> Sent: Thursday, January 17, 2008 6:19 PM
> To: dev@harmony.apache.org
> Subject: Re: [security] Which KeyStore to choose?
>
> 2008/1/17, Zakharov, Vasily M <vasily.m.zakharov@intel.com>:
> >
> > I'm going to specify a default to use by Geronimo when it's running on
> > Harmony.
> >
> > PKCS12 [1] is RSA Labs keystore format. It has the advantage that it
> is
> > supported
> > by both RI and BouncyCastle, but it's not Java-specific, and is
> > supported also by
> > Internet Explorer and other applications.
>
> You said you are chosing between BKS and PKCS12. Is it hypotetical
> choice or you have an implementation of PKCS12? My question was about
> the implementation
>
>
> >
> > Do I understand you correctly that as Harmony uses BC that has BKS as
> > default keystore,
>
> I'd pu tit this way:
> 1) Harmony uses BC
> 2) BC contains implementation of BKS (which is BC Key Store)
> 3) Harmony config specifies BKS as default
>
> > so the BKS is the best default choice, right?
>
> I don't know what your requirements are. Is there other (non JKS) key
> store formats (PKCS12?) available on RI? Can we make it available in
> Harmony?
>
> >
> > Vasily
> >
> > [1] http://en.wikipedia.org/wiki/PKCS12
> >
> >
> > -----Original Message-----
> > From: Mikhail Loenko [mailto:mloenko@gmail.com]
> > Sent: Wednesday, January 16, 2008 9:43 PM
> > To: dev@harmony.apache.org
> > Subject: Re: [security] Which KeyStore to choose?
> >
> > are you talking about ability to specify for Harmony or for Geronimo?
> >
> > Default for any JRE is specified in the .java.security configuration
> > file. BKS is something from BC provider by definition. What is PKCS12?
> >
> > 2008/1/17, Zakharov, Vasily M <vasily.m.zakharov@intel.com>:
> > >
> > > I fully agree with that, but besides, we should propose some choice
> to
> > > use by default.
> > > That's what I'm asking for.
> > >
> > > Vasily
> > >
> > >
> > > -----Original Message-----
> > > From: Alexey Petrenko [mailto:alexey.a.petrenko@gmail.com]
> > > Sent: Wednesday, January 16, 2008 9:14 PM
> > > To: dev@harmony.apache.org
> > > Subject: Re: [security] Which KeyStore to choose?
> > >
> > > I think that the best options is possibility to choose :)
> > >
> > > SY, Alexey
> > >
> > > 2008/1/16, Zakharov, Vasily M <vasily.m.zakharov@intel.com>:
> > > > Hi, security gurus, what would be you suggestion on which would be
> > the
> > > > best default keystore type to use in applications like Geronimo?
> > > >
> > > > I'm now trying to enable Geronimo 2.0.2 on Harmony, and it
> requires
> > a
> > > > proper keystore to operate. By default, it uses JKS which Harmony
> > > > doesn't support, and I'm going to propose changing that to
> something
> > > > else. Previously there were talks on using PKCS12, but for now
> > default
> > > > keystore type for Harmony is BKS, so I wonder, which would make
> the
> > > best
> > > > default.
> > > >
> > > > Thank you!
> > > >
> > > > Vasily Zakharov
> > > > Intel ESSD
> > > >
> > > >
> > > >
> > > > ---
> > > >
> > >
> > >
> > --------------------------------------------------------------------
> > Closed Joint Stock Company Intel A/O
> > Registered legal address: 125252, Moscow, Russian Federation,
> > Chapayevsky Per, 14.
> >
> > This e-mail and any attachments may contain confidential material for
> > the sole use of the intended recipient(s). Any review or distribution
> > by others is strictly prohibited. If you are not the intended
> > recipient, please contact the sender and delete all copies.
> >
> >
>

Mime
View raw message