Re: JCE Export and FIPS 140 Complience

Jan Luehe (Jan.Luehe@Eng)
Tue, 11 Nov 1997 14:37:57 -0800 (PST)

Date: Tue, 11 Nov 1997 14:37:57 -0800 (PST)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: JCE Export and FIPS 140 Complience
To: java-security@web2.javasoft.com, mikep@netscape.com

Mike:

> 1. Has the Cryptography Package Provider interface been approved for export?

No, the reason being that JCE currently does not provide any
hooks for key recovery.

> I.E.: Can you export a Java application with an export approved provider? Do
> any such providers exist?

No (because of 1.).

> 2. Are there any providers which have received FIPS-140 Certification? Are
> there any which are currently going through the process?

I do not have information about this.

Note that NIST is planning to specify JCE as the cryptographic interface for
submissions to the Advanced Encryption Standard selection process

Jan