<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Calibri Light";
panose-1:2 15 3 2 2 2 4 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:13.5pt;
font-family:"Times New Roman",serif;
color:black;
font-weight:bold;}
h4
{mso-style-priority:9;
mso-style-link:"Heading 4 Char";
margin-top:2.0pt;
margin-right:0in;
margin-bottom:0in;
margin-left:0in;
margin-bottom:.0001pt;
page-break-after:avoid;
font-size:11.0pt;
font-family:"Calibri Light",sans-serif;
color:#2E74B5;
font-weight:normal;
font-style:italic;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
code
{mso-style-priority:99;
font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Times New Roman",serif;
color:black;
font-weight:bold;}
span.Heading4Char
{mso-style-name:"Heading 4 Char";
mso-style-priority:9;
mso-style-link:"Heading 4";
font-family:"Calibri Light",sans-serif;
color:#2E74B5;
font-style:italic;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:2113041566;
mso-list-template-ids:708234640;}
@list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We have a couple questions regarding Jar verification in Java 9 (and later)<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">We produce a Java based toolkit that contains a Security Provider. Because of this, we follow the guidance on the following page:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><a href="https://docs.oracle.com/javase/9/security/howtoimplaprovider.htm#JSSEC-GUID-C6054169-FE6E-4837-B2BD-382DFEB955C0">https://docs.oracle.com/javase/9/security/howtoimplaprovider.htm#JSSEC-GUID-C6054169-FE6E-4837-B2BD-382DFEB955C0</a><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">However, we have recently noticed a change between JDK 9 and JDK 8<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">In JDK 8: (<a href="https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html">https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html</a>)<o:p></o:p></p>
<h3><a name="Step1a">Step 1.1: Additional JCA Provider Requirements and Recommendations for Encryption Implementations</a><o:p></o:p></h3>
<p>When instantiating a provider's implementation (class) of a <code><span style="font-size:10.0pt">Cipher, KeyAgreement, KeyGenerator, MAC</span></code> or
<code><span style="font-size:10.0pt">SecretKey</span></code> factory, the framework will determine the provider's codebase (JAR file) and verify its signature. In this way, JCA authenticates the provider and ensures that only providers signed by a trusted entity
can be plugged into JCA. Thus, one requirement for encryption providers is that they must be signed, as described in later steps.<o:p></o:p></p>
<p><span style="background:yellow;mso-highlight:yellow">In addition, each provider should perform self-integrity checking to ensure that the JAR file containing its code has not been manipulated in an attempt to invoke provider methods directly rather than
through JCA. For further information, see <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html#integritycheck">
How a Provider Can Do Self-Integrity Checking</a>.</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">In JDK 9: (<a href="https://docs.oracle.com/javase/9/security/howtoimplaprovider.htm">https://docs.oracle.com/javase/9/security/howtoimplaprovider.htm</a> )<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<h4><b><span style="font-style:normal">Step 1.1: Consider Additional JCA Provider Requirements and Recommendations for Encryption Implementations</span></b><o:p></o:p></h4>
<p><span style="color:#222222">When instantiating a provider's implementation (class) of a
</span><code><span style="font-size:10.0pt">Cipher</span></code><span style="color:#222222">,
</span><code><span style="font-size:10.0pt">KeyAgreement</span></code><span style="color:#222222">,
</span><code><span style="font-size:10.0pt">KeyGenerator</span></code><span style="color:#222222">,
</span><code><span style="font-size:10.0pt">MAC</span></code><span style="color:#222222">, or
</span><code><span style="font-size:10.0pt">SecretKey</span></code><span style="color:#222222"> factory, the framework will determine the provider's codebase (JAR file) and verify its signature. In this way, JCA authenticates the provider and ensures that only
providers signed by a trusted entity can be plugged into the JCA. Thus, one requirement for encryption providers is that they must be signed, as described in later steps.</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">There is no mention of the self-integrity checking in this section? There doesn’t seem to be an explanation as to why it was removed?<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">In Section 8.2, it briefly mentions self-integrity checking:<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Step 8.2: Set Provider Permissions<o:p></o:p></p>
<p class="MsoNormal"><a href="https://docs.oracle.com/javase/9/security/java-security-overview1.htm#GUID-7A49C00B-BEA6-4050-9E32-6168211585F7" title="A permission represents access to a system
resource. In order for a resource access to be allowed for
an applet (or an application running with a security
manager), the corresponding permission must be explicit">Permissions</a>
must be granted for when applications are run while a security manager is installed. A security manager may be installed for an application either through code in the application itself or through a command-line argument.<o:p></o:p></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoNormal" style="mso-list:l0 level1 lfo1">Your provider may need the following permissions granted to it in the client environment:
<o:p></o:p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo1">java.lang.RuntimePermission to get class protection domains.
<span style="background:yellow;mso-highlight:yellow">The provider may need to get its own protection domain in the process of doing self-integrity checking.</span><o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level2 lfo1">java.security.SecurityPermission to set provider properties.<o:p></o:p></li></ul>
</li></ol>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">So we are just wondering if something has changed in JDK 9 (and later) that makes the self-integrity check by a security provider unnecessary. If it has been changed, could we get information as to what has changed and why it changed?<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Thanks so much<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">John Gray<o:p></o:p></p>
<p class="MsoNormal">Entrust Datacard<o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
</div>
</body>
</html>