Details
-
Enhancement
-
Resolution: Fixed
-
P3
-
6
-
beta
-
generic
-
generic
Description
The dominant (native) API for cryptographic operations on Windows is the Microsoft CryptoAPI (MS CAPI). Java applications currently have no way of accessing CAPI short of writing their own JNI wrappers.
This means Java applications can currently not:
(1) access private keys and certificates stored in CAPI software providers.
(2) access private keys and certificates stored in CAPI registered Smartcards. [Note that crypto Smartcard support is available in Tiger via PKCS#11, but this is not always available and may cause behavior somewhat different than other Windows applications]
(3) utilize the Windows CAPI crypto algorithm implementations, which may be more heavily optimized than our own.
This feature will change that by implementing a new Java cryptography provider. It will implement the standard JCA/JCE APIs via corresponding CAPI calls. Because this provider plugs into the existing Java security framework, existing applications will benefit automatically and do not need to be changed.
This means Java applications can currently not:
(1) access private keys and certificates stored in CAPI software providers.
(2) access private keys and certificates stored in CAPI registered Smartcards. [Note that crypto Smartcard support is available in Tiger via PKCS#11, but this is not always available and may cause behavior somewhat different than other Windows applications]
(3) utilize the Windows CAPI crypto algorithm implementations, which may be more heavily optimized than our own.
This feature will change that by implementing a new Java cryptography provider. It will implement the standard JCA/JCE APIs via corresponding CAPI calls. Because this provider plugs into the existing Java security framework, existing applications will benefit automatically and do not need to be changed.