* What is JuiCE? * JuiCE is a Java Crypro Extension (JCE) provider that uses the OpenSSL crypto functions as its crypto, digest, signature, and key generation engines. Because OpenSSL is highly optimized the JuiCE provider is much faster than Java-only implementations. JuiCE provides the standard JCE interfaces. As a regular JCE provider implementation you can register and use it as described in the relevant documentation and javadocs. Refer to http://java.sun.com/products/jce/reference/docs/index.html for a full description of the JCE. * Implmented algorithms * Ciphers - AES (all key sizes), DES, DESEDE in ECB, CBC, OFB and CFB mode, available paddings are: none, PKCS5/PKCS7, ISO10126, ZEROBYTE - RSA RAW, RSA PKCS1padding, RSA OAEP padding - RC2 with key sizes up to 128, ECB and CBC mode - RC4 stream cipher with key sizes up to 128 Password based (PBE) ciphers - PBEwithSHAand128bitAES-CBC-BC, PBEwithSHAand192bitAES-CBC-BC, PBEwithSHAand256bitAES-CBC-BC - PBEwithMD5and128bitAES-CBC-OPENSSL, PBEwithMD5and192bitAES-CBC-OPENSSL, PBEwithMD5and256bitAES-CBC-OPENSSL - PBEwithMD5andDES, PBEwithSHA1andDES, PBEwithSHAand3-KeyTripleDES-CBC - PBEwithMD5andRC2, PBEwithSHA1andRC2 - these use RC2 with 64bit key PBEwithSHAand128bitRC2, PBEwithSHAand40bitRC2-CBC - PBEwithSHAand128bitRC4, PBEwithSHAand40bitRC4 NOTE: all the PBE ciphers require that you use the associated secret key factories. This also requires that the BouncyCastle library is on your classpath (see note below). These PBE cipher algorithms are compatible with the implementations available in the BouncyCastle library. Please refer to the test cases to see how these are used. Digests - MD2, MD4, MD5, SHA1, SHA256, SHA512 (the latter two only if the installed OpenSSL library supports them), RIPEMD160 Signatures - MD5WithRSAEncryption, SHA1WithRSAEncryption (also with SHA256 and SHA512 if supported by openSSL, see remark for digests) - standard DSA with SHA1 MACs - HMAC (Hashed MACs) with MD{2,4,5}, SHA1 (also SHA256 and SHA512 if supported by openSSL, see remark for digests), RIPEMD160 - Cipher based MAC for DES (64-bit key) and DESEDE (192-bit Key) Secret Key Factories - DES, DESede - PBEwithSHAand128bitAES-CBC-BC, PBEwithSHAand192bitAES-CBC-BC, PBEwithSHAand256bitAES-CBC-BC - PBEwithMD5and128bitAES-CBC-OPENSSL, PBEwithMD5and192bitAES-CBC-OPENSSL, PBEwithMD5and256bitAES-CBC-OPENSSL - PBEwithMD5andDES, PBEwithSHA1andDES, PBEwithSHAand3-KeyTripleDES-CBC - PBEwithMD5andRC2, PBEwithSHA1andRC2 - these use RC2 with 64bit key PBEwithSHAand128bitRC2, PBEwithSHAand40bitRC2-CBC - PBEwithSHAand128bitRC4, PBEwithSHAand40bitRC4 NOTE: if you use the Secret Key Factories you must have the BouncyCastle library on your classpath. While the key generation and the actual ciphers use OpenSSL functions to get more speed the BC library is responsible to handle all the ASN.1/PKCS format related stuff. Key Pair Generators - RSA - DSA NOTE: Refer to the note on secret key factories - the same applies to the key pair generators. Unit tests for all implemented algorithms are available. * The native code to bridge Java to openSSL crypto library * The native code is standard C, prepared to compile/run also X86_64 and 32bit architectures. The native code also implements the necessary thread lock callbacks. * Installation * NOTE: Do not modify the "juice.jar" - it's a signed jar as per requirement for JCE provider implementations. Therefore don't rebuild juice.jar if you perform a SVN checkout. The "dist" directory contains a zip file which holds a binary distrubution. The binary distribution consists of - the "juice.jar" file. Install this file into some directory that is referenced in the CLASSPATH. Do not modify the "juice.jar" - it's a signed jar as per requirement for JCE provider implementations. Therefore don't rebuild juice.jar if you perform a SVN checkout. - The unit test classes with sources - The file "juice-0.0.5.tar.gz" contains the native source code. To install this code, unpack the tar file in a directory and run ./configure. After that run make and make install (do the install step as superuser). The install procedure installs the shared library in /usr/local/lib by default. You may change this location using appropriate arguments when running ./configure. The configure script needs the environment variable JAVA_HOME. This env variable should point to the base directory of your JDK. Configure uses this variable to check the java executable and to determine if you are using a 32 or a 64 bit Java implementation. Configure then crosschecks with your actual system and exits if there is a mismatch. Don't forget to run "ldconfig" after installation to update the shared library cache. * Prerequisits * JuiCE needs the following additional jar libraries: commons-logging-1.0.4.jar The master link for the commons project: http://jakarta.apache.org/commons/index.html log4j-1.2.9.jar The logging library. Required to control the logging, error reporting and so on. See: http://logging.apache.org/ To enable your Java programs to use JuiCE make sure that the Java runtime can load the native shared library. Therefore either the "java.library.path" system property must contain the installation directory of the shared library or you set the LD_LIBRARY_PATH enviironment variable to contain the installation directory. * Miscellaneous * In the unlikely event :-) that you run into problems or find a bug please use the JuiCE mailing list: juice-dev@xml.apache.org. * Acknowledgments * The JuiCE software took many ideas and sources from "The Legion Of The Bouncy Castle" Crypto library implementation. See http://www.bouncycastle.org/ JuiCE uses the OpenSSL crypto library as its main crypto engine. See http://www.openssl.org/