Guillome, there was a discussion on the BC mailing list some time ago where this issue was discussed (I saw it in the archives, I'm not subscribed to that list). Maybe you crosscheck if they can deliver you a signed jar without IDEA.
AFAIK the standard provider (SUN) does not support all encryptions and other things we may need, in particular becauls the xml-sec guys require some ISO padding that ist not included in sun provider (AFAIK). And no, you can't sign the jar with your personal key, the JCE implementation of sun requires a cert that was signed by sun. There is a workaround though by constructing an own BC jar, include the clean room implememtation of the JCE into it. To use such a thing you have to move the Sun JCE implementation out of its location (I do that because I'm just testing/implementing a binding to the openSSL crypto lib - thus I digged into the BC somewhat). Regards, Werner Guillaume Sauthier wrote: > Hi folks > > I wanted to know what's the opinion here about BouncyCastle provider > that includes a patented (IDEA?) algorithm ? > > I know that's an issue for geronimo, and it's one for JOnAS too. > > I have some questions : > > Does the bc guys started to distribute a bcprov-*.jar without the faulty > algo ? > Can we use all features of WSS4j (Encrypt in particular) without BC jar > file ? > If I manually remove the faulty classes, the jar signature will be > broken. If I sign the result jar file with my personnal key, can I still > use WSS4J ? > > > Regards > Guillaume > > > > ------------------------------------------------------------------------ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
