[security-dev 00335]: Re: JCE/JSSE Plans for JDK 7?
Mike Duigou
Mike.Duigou at Sun.COM
Tue Sep 30 19:13:10 UTC 2008
Vincent Ryan wrote:
> Hello Mike,
>
> This functionality is being planned for the JDK7 release. The existing
> java.security.cert.CertificateFactory class can easily be enhanced with
> several new methods:
>
> o to create a certificate signing request
> o to parse a certificate signing request
> o to issue a new certificate
>
> The features will be limited. There are no plans to define an API to
> support a full CA.
I believe that the minimum required PKI extensions are for the API to
match the functionality offered by the command line 'keytool'. There are
too many projects which must currently include BouncyCastle (which is
nonetheless great and useful) only for the purposes of replicating
keytool functionality.
Are the proposed API changes for JDK7 published anywhere?
Mike
>
> Mike Duigou wrote:
>> Hello!
>>
>> Where can I find a published description of the enhancements and
>> extensions planned for JCE/JSSE in JDK 7?
>>
>> To jump right to the point of my question: I'll be specifically looking
>> for extensions to allow all of the keytool functionality to be accessed
>> through public APIs. This is specifically PKCS#1 certificate generation
>> and PKCS#10 certificate signing requests. Neither of these are currently
>> available in the JDK 6 API but are available through keytool.
>>
>> Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mike_duigou.vcf
Type: text/x-vcard
Size: 359 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20080930/c7543e67/mike_duigou.vcf>
More information about the security-dev
mailing list