santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent Putman <>
Subject Re: AES GCM and Java 8
Date Thu, 22 May 2014 14:49:44 GMT

On 5/22/14 4:34 AM, Colm O hEigeartaigh wrote:
> Hi Brent,
> > Aside from this BC issue, it seems to me that use of
> GCMParameterSpec is the new "official" provider-independent way this is
> > supposed to work in Java 7+, and that XMLCipher should support its use.
> Yes, that sounds reasonable to me. I guess we are going to need some
> reflection code here to detect whether GCMParameterSpec is available
> or not?

Yes, when I realized that Santuario is still targeting Java 1.6, I
switched the patch to reflectively create the GCMParameterSpec.  If it's
not created successfully, then it falls back to just using an
IvParameterSpec.  That should allow it to continue working on Java 1.6
with BC (<= 1.50) as it does today.

> > Before I spend more time delving into this, I just wanted to see if
> this was on anyone's radar.  I don't see anything in Jira about it
> currently.
> No, feel free to submit a patch :-)

Ok, I will do that soon.  I'll make a note in the Jira issue that it's
probably not prudent to apply until the BC 1.51 version comes out, and
it's confirmed that it actually works as advertised.

Also, this would probably mean that for Java 1.7 and higher, if BC is
being used it would have to be at least 1.51.  Otherwise it will fail
with either a) the GCMParameterSpec not being supported at all (BC <
1.50), or b) it will trip the Cipher getIV() bug (BC = 1.50).


View raw message