JDK-5083253 : JCE enhancements required for Kerberos
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 5.0
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: sparc
  • Submitted: 2004-08-05
  • Updated: 2005-04-15
  • Resolved: 2005-04-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6
5.0u7Fixed 6 betaFixed
Related Reports
Relates :  
JDK-6252726 - Update Kerberos AES to use JCE
Description
AES support in Kerberos requires:

1) PBKDF2 function from PKCS #5 v2.0
2) AES in CBC-CTS mode.

Currently JCE does not support these algorithms.

I have added support for these algorithms in the Kerberos provider.
However, we should look into adding support for these algorithms
in JCE (for mustang).

Looking at PKCS #5 v2.0, some of the algorithms were added to
JCE in JDK1.4.0, as part of JSR 74 requirements. We should look
into all the other algorithms defined in PKCS #5 v2.0, and consider
adding complete support for PKCS #5 v2.0 in JCE.

Looking at mustang planning docs, JUXTA has also requested
support for PKCS #5 (v2.0 ?). We should find out the algorithms
they are interested in.

CTS mode is defined in RC5. But currently we do not support RC5 cipher.
Is this a popular algorithm used by other applications? Should we consider
to add support for RC5 cipher in JCE ?
Comments
EVALUATION ###@###.### 2004-08-06 Should take a close look in Mustang. [ Seema Malkani ] I have already implemented the required JCE algorithms in Kerberos. W We now need to move the implementation to JCE. ###@###.### 2004-12-03 20:46:01 GMT Will add the support via "CTS" mode enhancement and "PBKDF2WithHmacSHA1" secret key factory. ###@###.### 2005-03-28 23:05:06 GMT
03-12-2004