We can if it is legal Thanks, Mikhail
On 2/10/06, Geir Magnusson Jr <[EMAIL PROTECTED]> wrote: > So I'll ask the obvious - can we borrow some of this from BC? > > Stepan Mishura wrote: > > We should have at least to verify BC provider: > > 1) Message digest algorithm: SHA-1 > > 2) Signature algorithm: SHA1withDSA > > > > Other jars may require additional algorithms, for example, SHA1withRSA. We > > can verify BC provider first and use it for further jar verifications. > > > > Thanks, > > Stepan Mishura > > Intel Middleware Products Division > > > > > > > > On 2/10/06, George Harley <[EMAIL PROTECTED]> wrote: > >> Hi Tim, > >> > >> In order to verify the signature of those signed provider jars I believe > >> that you would also need trusted implementations of : > >> > >> * SHA-1 and MD5 digest algorithms > >> * DSA and RSA signature algorithms > >> > >> > >> Best regards, > >> George > >> IBM UK > >> > >> > >> Tim Ellison wrote: > >>> Stepan Mishura wrote: > >>> <snip> > >>> > >>>> Returning back to the 'missing post'. I agreed with suggestion but > >> currently > >>>> we don't have Harmony provider so we should define how we locate > >> 'trusted > >>>> provides' to be secure. > >>>> > >>> We just need a trusted SHA1PRNG, right? then we can open signed > >>> providers' jars and get any others. > >>> > >>> Regards, > >>> Tim > >>> > >>> > >> > > > > > > -- > > >
