"Aaron M. Renn" <[EMAIL PROTECTED]> writes:
> The Java security classes contain explicit references to RSA keys.
Yes. It's just interfaces and some classes to hold data (a few
BigIntegers here and there) -- the RSA algo is never used. Sun's JDK
is exportable.
> My understanding is that all the RSA stuff is under patent in the
> US. Anybody know anything differently?
The RSA algorithm is under patent, yes.
> Also, is anyone aware of anything in the standard Java security
> setup that is not exportable from the US?
Everything is exportable in the JDK -- the NSA makes sure of this.
JCE adds encryption and key exchange to the JDK. JCE is not
exportable, and must be downloaded separately from the JDK.
> My understanding is that all of that stuff is supposed to be in Java
> Cryptography Extension
The JDK only includes JCA which is fully exportable (includes secure
hashing algos and stuff needed by encryption algos to work).
--
(member of AFASRT (acronyms for all software related things))
Paul Fisher * [EMAIL PROTECTED]
