Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470391847
Jumping from ASP to ASP.NET
Cover image for product 0470286652
ASP.NET AJAX Control Development with Visual Studio 2008 and .NET 3.5 Framework
Attention User Groups: Post your next LUG event here
  Return to Index  

security_java thread: Re: PBE Example Fails in Ch4 of "Prof Java Sec"

Message #1 by "Nikolas Sakic" <beelzabeb@c...> on Thu, 6 Jun 2002 07:27:47
Hello,
   As of JDK1.4, they made several modification to JCE package, since they 
included it in the JDK1.4, they also changed some of the packages, for 
information go here:

 http://java.sun.com/j2se/1.4/docs/guide/security/jce/JCERefGuide.html#AppA


Scroll down and you should see what I mean. And also, its a good idea to 
read this documentation. In any case, when requesting an instance of 
secretKeyFactory, it does not accept 'TwoFish' encryption, if you're using 
Bouncy castle JCE, then, I beleive you have to use JDK1.3. 

I have not used Bouncy JCE, so, I am not sure, but if it has its own .jar 
file, and if you use JDK1.4, then you have a conflict and JDK1.4 will have 
the precedence- since JCE already included in JDK1.4. TO use, your own JCE 
jar file, you have to use JDK1.3. Anyone else agree/disagree?.


with regards,
Nik



> I have a similar problem using jdk 1.4.  I went to the bouncy castle
site and got the latest code for 1.4 (provider only) and everything
worked fine.  I previous had a full version of BC with the JCE and API
code.

-----Original Message-----
From: Wilson Figueroa [mailto:flip@s...] 
Sent: Thursday, June 06, 2002 9:54 AM
To: Java Security
Subject: [security_java] Re: PBE Example Fails in Ch4 of "Prof Java Sec"


Nikolas,

thank you for the input.  True that there is no twofish in the "sun"
jce, but I am using the Bouncy Castle jce which does include support for
this.

I am using what the book suggests so I should be able to run all of the
examples in the book and the sun jce does not include all of the
algorithms because of export restrictions.

But, thank you for this response anyway.  Somehow, I believe that I am
not pointing to the correct JCE, but have done all I know to do to
resolve it.

Wilson

--- "Nikolas Sakic" <beelzabeb@c...> wrote:
>Hello,
>  I quite frankly think there is a typo, because the comment above 
>suggest
>that its a PBEWithMD5AndDES  and in the arguement its, 
>PBEWithSHAAndTwofish-CBC. So, All i did was, changed all instances of  
>PBEWithSHAAndTwofish-CBC with  PBEWithMD5AndDES
>
>and then:
>
>java PBE  -e hello   byebye
>uzGEK6sDINw=U647PYtq9F4=
>
>-----------------------------------------
>
>java PBE  -d hello uzGEK6sDINw=U647PYtq9F4=   
>byebye
>
>I looked in the JCE documentation and there is no such thing as 
>'TwoFish'
>encryption.Available algorithm for secret key factory is:
>
>
>AES
>
>DES
>
>DESede
>
>PBEWith<digest>And<encryption> or PBEWith<prf>And<encryption>: 
>Secret-key
>factory for use with PKCS #5 password-based encryption, where <digest>
is 
>a message digest, <prf> is a pseudo-random function, and <encryption>
is 
>an encryption algorithm. Examples: PBEWithMD5AndDES (PKCS #5, v 1.5)
and 
>PBEWithHmacSHA1AndDESede (PKCS #5, v 2.0). Note: These both use only
the 
>low order 8 bits of each password character.
>
>
>with regards,
>
>
>> Hello All,
>
>I am running the PBE example from Chapter 4 of the book and it fails 
>with
>the following:
>
>$ java PBE -e hello "hello"
>Exception in thread "main" java.security.NoSuchAlgorithmException:
>Algorithm PBEWithSHAAndTwofish-CBC not available
>        at javax.crypto.SunJCE_b.a(DashoA6275)
>        at javax.crypto.SecretKeyFactory.getInstance(DashoA6275)
>        at PBE.encrypt(PBE.java:67)
>
>I was able to run the SimpleExample without incident.
>
>Does this mean that my install of Bouncy Castle failed even though
>the "JCEInstallTest.java" passed as it may be using Sun's default
security 
>provider?
>
>This makes life really difficult for someone trying to learn Java and
>Security at the same time.  I thought things were going pretty
smoothly.
>
>Anyway, can anyone please provide guidance here?
>
>Thank you, Flip
>
>
>
>_____________________________________________________________
>Visit our web directory and reference library at http://safebunch.com. 
>Get
>FREE email for life at ---> http://safebunch.com
>
>_____________________________________________________________
>Promote your group and strengthen ties to your members with
>email@y... by Everyone.net  http://www.everyone.net/?btn=tag
>---
>Change your mail options at http://p2p.wrox.com/manager.asp or 
>to unsubscribe send a blank email to 

_____________________________________________________________
Visit our web directory and reference library at http://safebunch.com.
Get FREE email for life at ---> http://safebunch.com

_____________________________________________________________
Promote your group and strengthen ties to your members with
email@y... by Everyone.net  http://www.everyone.net/?btn=tag

---
Change your mail options at http://p2p.wrox.com/manager.asp or 
to unsubscribe send a blank email to

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy