Date: Mon, 13 Jul 1998 09:51:54 -0400 (EDT)
From: Robert Watson <rwatson@tis.com>
To: java-security@java.sun.com
Subject: Two questions: 1.2b3 -new and alternate URL types; keytool and symmetric keys
Java Security Folk,
We have two questions concerning the security features found in Java 1.2
(beta3).
1) To use the .java.policy file in an ActiveNet security project here, we
created a new URL type to describe our key retrieval mechanism (call it
'keyident://'). However, we found that when the -new argument is used,
this no longer works correctly. There is an open 'Bug Parade' report on
this, along with demo code. The Bug Id is 4145399. The state is "In
progress, bug" and has been since early June. However, there is no
confirmation on the bug report page that this is actually a real bug :).
We may have been doing something wrong. However, if this is a bug, it is
fairly serious, as the ability to use alternate URLs is useful in a
network development environment.
2) Our project currently uses DSA keys and signatures to protect data
transmitted between nodes. However, due to significant performance issues
involved with used repeated DSA signatures, we would like to make use of
symmetric keys and MD5 to reduce the load. At this point, we discovered
that the keytool provided with 1.2b3 does not allow for the management of
symmetric keys. Similarly, the same key naming and management classes
cannot be applied to both symmetric and asymmetric keys. We believe that
being able to manage both types of keys is important -- do you have any
plans to add key management code for symmetric keys? Reference is made to
a password (pbe) database of some sort, but this is not the same mechanism
so would not allow abstraction between the two types of keys. Aslo, we
have been making use of the JCE.
Thanks,
Robert Watson
TISLabs at Network Associates, Inc.