Launching remote coral (fwd)

John Shott shott at snf.stanford.edu
Thu May 30 09:00:21 PDT 2002


Todd:

I understand that you are having a problem launching remote Coral.  This is
due to a difference in how Sun deals with the JCE (Java Cryptography
Extension) in JDK 1.3 vs. JDK 1.4.  In JDK and earlier, JCE was an optional
download ... at that time, we downloaded another JCE (from an Australian group
called ABA) with Remote Coral since most folks didn't have Sun's JCE installed
anyhow.

As of JDK 1.4, the base version of J2SE comes with JCE installed ... and it
requires that any other Cryptography provider have a signed certificate (which
the ABA stuff does not).

What is the short term fix to your problem?  I would suggest that you move
/usr/j2se/jre/lib/jce.jar to /usr/j2se/jre/lib/jce.jar.ignore.  This will
"turn off" the JDK 1.4 JCE stuff that sun delivers and the JCE from ABA that
is downloaded with Remote Coral will work properly.  This, of course, has the
downside that anyone writing an application that counts on Sun's JCE will be
out of luck.

In the longer term what is our approach?  There is another provider named
BouncyCastle (www.bouncycastle.org) that does public domain cryptography stuff
that has a signed provider that works with the Sun JCE but provides a public
domain version of RSA encryption.  This should then work with JDK 1.4 out of
the box (that is, with the Sun JCE installed ...).  The only thing that I
don't know yet is how to take care of what to do if someone is running a
remote coral client with JDK 1.3 ... which doesn't come with JCE
pre-installed.  BouncyCastle also has a cleanroom JCE implementation that
includes thier provider, but I don't know how to tell JavaWebStart to download
different things depending on whether JDK 1.3 vs JDK 1.4 is installed on the
client machine.

But, in the short term, if you move jce.jar to jce.jar.ignore in
/usr/j2se/jre/lib, I believe that remote coral will work as expected.

Good luck,

John



More information about the coral mailing list