Browse Prior Art Database

Bootstrap provider for Java Security

IP.com Disclosure Number: IPCOM000016207D
Original Publication Date: 2002-Sep-16
Included in the Prior Art Database: 2003-Jun-21
Document File: 2 page(s) / 38K

Publishing Venue

IBM

Abstract

A program is disclosed allowing the bootstrapping of digitally signed security algorithms to be shipped with a Java* Virtual Machine (JVM). Allowing such algorithms to be packaged as extensions without the need for some or all of the algorithms to be integrated into the core of the JVM.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Bootstrap provider for Java Security

  A program is disclosed allowing the bootstrapping of digitally signed security algorithms to be shipped with a Java* Virtual Machine (JVM). Allowing such algorithms to be packaged as extensions without the need for some or all of the algorithms to be integrated into the core of the JVM.

    The Java 2 architecture allows for extension jar files to the used, by the JVM, to extend the JVM's functionality by adding, for example, additional security algorithms. Such algorithms would be treated, in most respects, as being part of the core of the JVM. And for this reason the extension JAR files need to be digitally signed to allow the JVM to very of the origin and integrity of the code held in such extension JAR files. This can lead to a problem if all security algorithms, including those needed to verify digital signatures, are held in such extension jar files. One would need to use a digital signature algorithm to verify the algorithm being used had not been tampered with, not a very secure arrangement.

    The Java Cryptography Architecture (JCA) specifies that all security algorithms are listed in and accessed via providers. A provider maps a set of algorithm names to the implementing class names and are used by the JVM to decouple user code from the implementing classes. Code needing to use a security algorithm need not know the name of the implementing class. Providers are specified in a JVM configuration file, normally called java.security, and are read during the initialisation of the JVM. The providers are implemented as Java classes and are loaded as new algorithms are req...