JCE, encryption, etc.

John Shott shott at snf.stanford.edu
Wed Jun 13 15:01:28 PDT 2001


Bill and Mike:

I've been doing some snooping to try to figure out why our existing encryption
doesn't work under JDK 1.4.  I think that I've got a couple of things of
interest to report:

1. A possible short term fixe (actually, I found this in learning about how to
try to get option 2 to work without a signed jar file).  That is, I think that
we can "disable" the JCE stuff by doing two things: a. Remove
/usr/j2se/jre/lib/jce.jar (actually I renamed it as
/usr/j2se/jre/lib/jce.jar.ignore). and b. Remove (well, rename)
/usr/j2se/jre/lib/ext/sunjce_provider.jar.

To test this, while Bill is dealing with the medical/dental world, I'm going
to do a "make prod-install" from ~shott/labnet1.4/labnet ... which will undo
what you were working on, Bill, but I think you should be able to reset by
re-doing your most recent "make prod-install".

I just re-started all of the servers with the non-JCE j2se 1.4 ... and
blackbox is initialized, the client fired up, etc!!! If I am not mistaken, I
believe this now means that we can convert to j2se 1.4 for further development
if we wish.  I'll let you make that determination, Bill ...

If you want to do that, I think that I have made it easy to checkin the
changes that I made to the labnet tree ...

I've left the rosen monitor (in CIS 220) locked as root.  If you login there,
there is only one window opened ... I sshed to guilden as root, "su - shott",
and then moved to the directory that has all of the appropriate 1.4 stuff. 
That is ~shott/labnet1.4/labnet ... in that directory, you will see a file
named update.log which is the result of "cvs diff".  If you will look at that,
you will see that I've made changes to about 25 files:
	1. All of the *.idl files have been "bracketed" by the module labnet {
module idl{   stuff goes here }; // end of idl }; // end of labnet.
	2. All of the this/server/ThisServer.java and
this/server/ThisManagerImpl.java (where this = auth, admin, equipment,
hardware, reservation, staff, and resource plue a handful of client things
...)
have had the _ManagerTie converted to Manager_Tie and _ManagerOperations
changed to ManagerOperations.
	4. Finally, I made a change to etc/Makefile to allow better selection
of JAVA_VERSION = 1.2.2, or 1.3, or 1.4 (with the checked in default as 1.4).

So, Bill, in that window, I think that all you need to do is say "cvs commit"
and it should do the check-in if you determine that this is appropriate.

Good luck,

John

p.s. Oh yes, the other thing that I wanted to report ... there is a place
called Bouncy Castle (www.bouncycastle.org) that seems to be actively working
on public-domain encryption stuff and that seem to be further up the learning
curve in terms of supporting JCE ... in fact, it was this site where their
mailing list told me how to disable jce in JDK 1.4 that allowed me to get the
ABA stuff that we are using working again ...

While it appears that we may not have any immediate need for their stuff, it
looks as if they are more active that either ABA or Cryptix ...

In any event, Bill, if you want to begin to work under 1.4, I would suggest
that you do the commit up in the machine room of my changes and then do a
re-build in your directory to get back the things that you are working on.
REMINDER: The servers running currently on Guilden are the 1.4 servers ...
not whatever you had been running most recently, Bill.



More information about the coral mailing list