Professional Documents
Culture Documents
RSASecurityIrelandLimited
www.rsasecurity.ie
Trademarks ACE/Agent,ACE/Server,BecauseKnowledgeisSecurity,BSAFE,ClearTrust,ConfidenceInspired, eTitlement,IntelliAccess,Keon,RC2,RC4,RC5,RSA,theRSAlogo,RSASecured,theRSASecuredlogo, RSASecurity,SecurCare,SecurID,SecurWorld,SmartRules,TheMostTrustedNameineSecurity, TransactionAuthority,andVirtualBusinessUnitsareeitherregisteredtrademarksortrademarksofRSA SecurityInc.intheUnitedStatesand/orothercountries.Allothergoodsand/orservicesmentionedare trademarksoftheirrespectivecompanies. License Agreement ThissoftwareandtheassociateddocumentationareproprietaryandconfidentialtoRSASecurity,are furnishedunderlicenseandmaybeusedandcopiedonlyinaccordancewiththetermsofsuchlicense andwiththeinclusionofthecopyrightbelow.Thissoftwareandanycopiesthereofmaynotbeprovided orotherwisemadeavailabletoanyotherperson. Neitherthissoftwarenoranycopiesthereofmaybeprovidedtoorotherwisemadeavailabletoanythird party.Notitletoorownershipofthesoftwareoranyintellectualpropertyrightstheretoishereby transferred.Anyunauthorizeduseorreproductionofthissoftwaremaybesubjecttociviland/orcriminal liability. ThissoftwareissubjecttochangewithoutnoticeandshouldnotbeconstruedasacommitmentbyRSA Security. Note on Encryption Technologies Thisproductmaycontainencryptiontechnology.Manycountriesprohibitorrestricttheuse,importor exportofencryptiontechnologiesandcurrentuse,importandexportregulationsshouldbefollowed whenexportingthisproduct. Distribution Limitdistributionofthisdocumenttotrustedpersonnel. RSA Security Notice TheRC5BlockEncryptionAlgorithmWithDataDependentRotationsisprotectedbyU.S.Patent #5,724,428and#5,835,600.
2005 RSA Security Inc. All rights reserved. Published March 16, 2005
038-001003-3500-001-000
Overview
ThisdocumentsummarizesthefeaturesofRSABSAFECryptoJ3.5.Itoutlinesthenewfeatures,testing environment,andresolvedandknownissues
New Features
ThisreleaseofCryptoJ3.5includesthefollowingnewfeatures: CryptoJ3.5isintendedasaFIPS1402validatedrelease 1 forboththeJSAFEandJCEprovider modules. ThisreleaseincludesallfixesandenhancementsfromCryptoJ3.4.3.3including o ImprovedperformanceofAES. TheCryptoJJCEProvidernowsupportsPBEWithHmacSHA1AndDESedeintheCipher andSecretKeyFactorygetInstancemethods.SincethisfeaturerequiresusingPBEKeySpecto specifythepassword,salt,iterationcountandnumberofDESkeys,aJREof1.4orlatermust beused.FormoreinformationseethePBEWithHmacSHA1AndDESede.javasampleinthe cryptoj35/sample/jce/source/14folderofthebinarydistribution. ThisreleaseincludesRSAX9.31KeyGenerationandSign/VerifyfunctionalitythroughtheJCE providerinterface.X9.31KeyPairGenerationisnowthedefaultifthetoolkitisinFIPSmode orwhenthekeysizeis1024bitsorhigher. TheCryptoJpublicAPInowincludessupportforrawRSAencryptionwithprivatekeyand decryptionwithpublickey. ThisreleaseincludesadditionalsupportforXMLencryptionthroughtheJCEinterfacesothat CryptoJcanbeusedastheJCEprovider.RSAOAEPtransportand3DESsupporthasalso beenaddedtoboththeJCEandJCEFIPSprovider. Newsamplesareincludedfor: o RSAOAEPforkeytransport o 3DES,AES128,AES256forkeywrapping o SHA224,256,384and512withRSAsignaturesforJCE o PBEWithSHA1And3DES o X9.31KeyGenerationandSign/VerifyfunctionalitythroughtheJCEprovider interface o RawRSAencryptionanddecryption
PendingEvaluation.
Supported Environment
ThefollowingtableliststheplatformsandoperatingsystemssupportedbyCryptoJatthetimeofrelease, anddetailscompilerinformation. NOTE:AllJDKsare32bitunlessotherwisespecified.
Table 1. Platform Information
Number of Bits CPU Architecture
Platform
Operating System
Supported JDK/JRE
Windows
32
Intel x86
Sun JDK 1.1.8/1.3.1/1.4.2/1.5 IBM JDK 1.4.2 Sun JDK 1.1.8/1.3.1/1.4.2/1.5 IBM JDK 1.4.2 Sun JDK 1.1.8/1.3.1/1.4.2/1.5 IBM JDK 1.4.2 Sun JDK 1.1.8/1.3.1/1.4.2/1.5 IBM JDK 1.4.2 Sun JDK 1.1.8/1.3.1/1.4.2/1.5 IBM JDK 1.4.2 Sun JDK 1.3.1/1.4.2/1.5 Sun JDK 1.5 (64 bit) IBM JDK 1.4.2 Sun JDK 1.3.1/1.4.2/1.5 Sun JDK 1.5 (64 bit) IBM JDK 1.4.2 Sun JDK 1.3.1/1.4.2/1.5 Sun JDK 1.5 (64 bit) Sun JDK 1.3.1/1.4.2/1.5 Sun JDK 1.3.1/1.4.2/1.5 Sun JDK 1.3.1/1.4.2/1.5 HP JDK 1.4.2 HP JDK 1.4.2 HP JDK 1.4.2 HP JDK 1.4.2 IBM JDK 1.4.2
XP Professional SP1
32
Intel x86
XP Professional SP2
32
Intel x86
2003 Server
32
Intel x86
32 32
Intel x86 32 bit extension for USparc V9 32 bit extension for USparc V9 32 bit extension for Usparc V9 2.10 for x86 Intel x86 Intel x86 PA-RISC 1.1 PA-RISC 2.0 Itanium2 Itanium2 PowerPC
2.9
32
2.10
32
2.10 Red Hat Linux HP 7.2 Advanced Server 3.0 11.0 11.0 11.22 11.23 AIX 5L 53
32 32 32 32 32 32 32 32
Interoperability
CryptoJsupportsandinteroperateswiththefollowingvendorproducts.
Table 2. PKI
Token OS Functions Limitations
RSA key pair generation RSA signing DSA key pair generation DSA signing and verification RSA key pair generation RSA signing DSA key pair generation DSA signing and verification RSA key pair generation RSA signing and private key decryption
Due to an architectural mismatch between the BSAFE Crypto-C library and the Luna CA3, RSA signature verification cannot be performed on the Luna CA3, and must be performed in the BSAFE Crypto-C software. Due to an architectural mismatch between the BSAFE Crypto-C library and the Luna SA, RSA signature verification cannot be performed on the Luna CA3, and must be performed in the BSAFE Crypto-C software. The device can only perform private key operations. It only operates on keys it generates*. It cannot create a signature using a private key generated in software. It cannot release the private key. It remains on the token and the key data is never revealed. It can only perform PKCS #1 v1.0 RSA operations. It does not support DSA The device cannot perform operations with a public key generated outside the token, although it can perform operations with a private key generated outside the token. The device cannot release the private key. It remains on the token and the key data is never revealed.
GemSAFE Smart Card (Firmware version 4.00) Interface: GemPlus GemPC410 Reader (serial port)
nCipher nForce Accelerator Interface: SCSI Rainbow iKey 2000 Interface: USB
RSA key pair generation RSA signing and verification DSA key pair generation DSA signing and verification RSA key pair generation RSA signing and verification RSA public key encryption and private key decryption RSA key pair generation RSA signing and verification RSA public key encryption and private key decryption
Due to an architectural mismatch between the BSAFE Crypto libraries and the CryptoSwift, RSA signature verification cannot be performed on the CryptoSwift, and must be done in the BSAFE Crypto libraries. * - When generating the key pair, set private key attributes with JSAFE_KeyAttributes.TF_PRIVATE specified. RSA Security used the GemPlus SDK (including the PKCS #11 library pk2priv.dll) and reader drivers downloaded from the GemPlus Web site (http://www.gemsafe.com/). The SDK and reader drivers on the SDK CD that are supplied with the reader/card package were not used. There were difficulties using the card under Windows NT Service Pack 4.
RSA
256-4096 bits (2 primes) 1024-4096 bits (3 primes) Details Padding: Public Key Cryptography Standard (PKCS) #1 v1.5 Optimal Asymmetric Encryption Padding (OAEP) No Padding (Raw RSA) Digital Signatures: RSA-SHA1 RSA-SHA224 RSA-SHA256 RSA-SHA384 RSA-SHA512 Key pair Generation: RSA X9.31 RSA MultiPrime (2 or 3 primes)
512-4096 (non FIPS) 1024-4096 (FIPS) 256-2048 bits for digital signatures and parameter generation 1-1024 8-2048 0-2040 128, 192, 256 In the following modes: OFB CBC CFB ECB 56 In the following modes: ECB CBC CFB CFB64 OFB 120 168 HMAC 0-4096 for: SHA-1 SHA-224 SHA-256
DES
Algorithm
Key Sizes
SHA-384 SHA-512 Message Digests MD2 MD5 SHA-1 SHA-224 SHA-256 SHA-384 SHA-512 RIPEMD160 MD5 based PRNG SHA-1 based PRNG FIPS 186 based PRNG X9.31 based PRNG PKCS5PBE-i-k PKCS5V2PBE-i-k PKCS12PBE-i-k PKCS12V1PBE-i-k Where i is the iteration count and k refers to the keysize.
Documentation
ThissectionincludesinformationonthedocumentationsuiteprovidedwithCryptoJ.
Related Documentation
Thefollowingdocumentationisprovided: CryptoJ3.5DevelopersGuide CryptoJ3.5InstallationGuide CryptoJ3.5ReleaseNotes CryptoJ3.2.2BytecodeObfuscationUsersGuide CryptoJ3.0PBEConverterGuide.
Implementation Information
TheCryptoJjsafe.jarandjsafeWithNative.jarrunsonJDK1.1.8andhigherenvironments.The jsafeFIPS.jar, and the provider jsafeJCE.jar, and jsafeJCEFIPS.jar will work with JDK 1.4 and JDK 1.5 where the JCE is built in, and with JDK 1.3 with JCE 1.2 or 1.2.2, but does not work with JDK 1.1.8. Java ImplementationIssues
JDK 1.1.8
JDK1.1.8onWin32platformscanhangduetomemoryleaks.However,thisdoesnotoccurwhen runningsingleprogramsorapplets.Sunhasstatedthatthesememoryleakswerefixedinsubsequent releasesofJava.RSASecurityhasbeenunabletoreproducethisproblemonJava2,orotherJDK1.1.x implementationssuchasSolaris,Mac,orLinux.
JCE 1.2.1
InJCE1.2.1,whenanapplicationaddstwoproviders,thesecondproviderfailstoauthenticatetheJCE framework.TheproblemisduetoabuginJarURLConnection.ThebughasbeenfixedinJDK1.4.0and inrecentupdatestoJDK1.2.2andJDK1.3.1.
JsafeJCE Provider
WhentheJsafeJCEproviderisregisteredasthefirstprovider,theJCEframeworkoverflowsthestack whileverifyingthesignedjsafeJCE.jarfile.Theframeworkfallsintoaninfiniterecursion,repeatedly processingthesameentryuntilitoverflowsthestack. Aprovidermaybeaddeddynamically,orstaticallyviathejava.securityfile.RSASecuritytestedboth methodswithdifferingresults.InthedynamiccasetheproblemdoesnotoccurinJDK1.3iftheSunRSA providerisnotregistered.InJDK1.4thestackoverflowdoesnotoccuriftheSunRSAproviderandthe SunJSSEproviderarenotregisteredbutitmayresultinaNullPointerException. WhentheJsafeJCEproviderisregisteredfirststatically,theoverflowdoesnotoccurbuttheframework failstoauthenticatetheprovider.TheproblemhasbeenreportedtoSunandisunderinvestigation.Asa result,donotrelyonthepositionoftheproviderandinsteadexplicitlynametheproviderinthe correspondingcallstogetInstance.Ifitisnecessarytorelyonthedefaultprovider,registertheSUNand SunRSASignprovidersaheadoftheJsafeJCEprovider,(orregistertheIBMJCEprovideraheadofthe JsafeJCEproviderifusinganIBMJDK). ThisproblemhasbeenpartiallyfixedinJDK1.3.1_04andJDK1.4.1RC1.TheJsafeJCE providercannowberegisteredasthesecondmostpreferredprovideraftertheSUN provider.
JRE 1.4.0
TheJRE1.4.0failstoloadtheproviderincertaincircumstancesduetoabugontheJDKHotSpotJVM(see Issue#28707).Toavoidthisproblem,splitthecallsasfollows:
Provider provider = new com.rsa.jsafe.provider.JsafeJCE(); Security.addProvider (provider); or to use reflection
Native Libraries
Thenativelibrariesincludedinthisreleasearenotproductionreadylibraries.Theselibrariesarefrom ourdevelopmentenvironment.Howeverthetestsforthenativesharedlibrariesallpass.Production readylibrarieswillbeincludedintheGMrelease. NOTE:WhencompilingnativelibrariesontheHPUXPARISC1.1platform,duetoavendorcompiler bugHP9245301B.11.11.04HPC,itisnecessarytocompilethesharedlibraryonHPUX10.20usingthe HP9245301A.10.32.20HPCcompiler,andthentestbackontheHPUXPA1.1platform.
ThereisnoCryptoCsourcecodeincludedinthisreleaseoftheCryptoJsource,itwillhoweverbe includedinthefinalGMrelease.Thereisonlytheinclusionofthenativesharedlibraries.
10
Resolved Issues
ThefollowingtableliststheresolvedissuesinCryptoJ3.5.
Table 4. Resolved Issues
Id Description
JsafeJCE must implement PBE with TripleDES in 3.5. 3DES Cipher with 2 DES keys returned incorrect results. "InvalidKeyException when initializing a DES_ede Cipher" Call to getBlockSize() in the JCE provider returns the wrong value. "CFB/OFB can't handle certain text and feedback bit sizes" Error in PKCS#5v2 transformations when memory obfuscation is turned on. SecretKey implementation successfully translate an invalid key.
Known Issues
ThefollowingtableliststheknownissuesinCryptoJ3.5.
Table 5. Known Issues
Id Description
23127 23131 26975 27676 28612 38155 38156 39557 42729 43013 43081 43058 43304
Requirement to either support WRAP_MODE/UNWRAP_MODE or throw appropriate exception for Cipher implementation The SecretKey from the JsafeJCE SecretKeyFactory cannot be used with SunJCE Cipher for PBEWithMD5AndDES and vice versa. The use of SHA 384 and SHA 512 results in a NullPointerException due to a bug in the JIT for JDK 1.2. RSA Security has reported this bug Sun but has not yet received a bug number. Similar bugs have been closed without being fixed. "PSS use triggers non-fatal JDK 1.1.8 internal errors" Crypto-J: Native code is slower on Linux than pure Java SHA 384 and SHA 512 operations produce incorrect results on AIX 5L52 and IBM SDK (32bit) 1.3.1 and 1.4.0 due to a bug in the JIT. 3DES_EDE/CBC/PKCS5Padding is not available under IBM SDK (32 bit) 1.3.1 on IBM AIX 5L52 when using the native device. JCE provider is failing on Sun JDK 1.4.2_04 when running the RSAEncrypt test. JsafeJCE implementation of javax.crypto.SecretKey::getEncoded not behaving as documented. Unable to parse the entire OID information for a PKCS#5v2 PBE algorithm OID using PBES2. There are some known issues that cause a JDK 1.1.8 JIT warning. NullPointerException in JA_RSAPrivateKey when calling signInit() after clone(). Sample build files have incorrect Crypto-J version number.
11
Feedback
WewelcomeyourfeedbackonRSASecuritydocumentation.Pleaseemail bsafeuserdocs@rsasecurity.com.
12