Hi Nick, We plan to add document encryption/decryption, and digital signature(optional) in next release. Follow the newest ODF specification[1], most of the function can be realized by JDK, no need other crypto product. For document encryption/decryption, JDK5 is enough. For digital signature, we need JDK6's XML security API.
We also write a private PBKDF2Key[2] method realization to support byte array as password parameter(JDK5's API supply a string password as parameter). All in all, except JDK API and our own code, there is no any other third party binary jar or source code relate to crypto in ODF Toolkit. So, how can we draft the notification? Thanks! [1] http://docs.oasis-open.org/office/v1.2/os/OpenDocument-v1.2-os-part3.html#__RefHeading__752815_826425813 [2] http://www.ietf.org/rfc/rfc2898.txt 2012/1/17 Nick Burch <[email protected]> > On Tue, 17 Jan 2012, Devin Han wrote: > >> Yes, but we can't do it parallel, as before complete (1) we can't commit >> the code to the master repository. >> see: >> http://www.apache.org/dev/**crypto.html<http://www.apache.org/dev/crypto.html> >> > > If some pulls together the info needed for the notification, and confirms > that it's going to be covered by ECCN 5D002 (mostly confirming that we're > using someone else's crypto, rather than writing our own, but check!), then > I'll do the notification and listing for this. > > Nick > -- -Devin
