David.Turing's blog

這個JCE API算法支持下面的基本操作

• Add, remove, list and access X.509 certificates.
• Add, remove, access and export RSA private keys.
• Create signatures with RSA private keys using the following algorithms:
  • SHA1withRSA
  • MD5withRSA
  • MD2withRSA
• Verify signatures with RSA public keys.
• Encrypt/decrypt data with RSA public/private keys using the following algorithm, mode and padding:
  • RSA/ECB/PKCS1Padding
• Wrap and unwrap symmetric- and asymmetric keys with RSA key pairs through MS CAPI and PKCS#11.
• Built-in support for tested PKCS#11 CSP manufacturers that is compliant with the functions required by JCAPI.
• Dynamically adding/removing of PKCS#11 CSPs into JCAPI.
• Private key call-back interface for PKCS#11 providers. You can provide your own preferred Java call-back implementation to be called whenever a private key is accessed through PKCS#11.
• List and configure MS CAPI system (certificate) stores.
• Use a MS CAPI system (certificate) store as an un-trusted store.
• Set and get MS CAPI friendly names for certificates.
• Get MS CAPI friendly names for system (certificate) stores.
• Get detailed information about your PKCS#11 hardware token through the JCAPI PKCS#11 information class.
• Use JCAPI supported plug-ins. A JCAPI plug-in is a signed JAR file that extends or enhances the functionality of JCAPI without the need of recompiling JCAPI.
• JCAPI SSL plugin. Use this plug-in to simplify the work of integrating the JCAPI key store for SSL enabled applications. The plug-in transparently supports both the old JSSE version for Java 1.3, and the newer versions included in Java 1.4 and higher. This plug-in transparently supports the PKCS#11 implementation as defined in Java 5. Your JCAPI supported hardware keys can be plugged in and used immediately for SSL. JCAPI will automatically configure the token for you by setting the correct slot identity to use etc.
• JCAPI X.509 Factory plug-in. Use this plug-in to transparently replace any other X.509 certificate factories used by your Java system.
• JCAPI is signed with a qualified code signing certificate that is trusted by all modern web browsers which makes it suitable in trusted applets.

JCE API支持一下的系統(tǒng)，我只是在Windows2000上測試通過，其他平臺我不能保證破解能正常使用。

• Windows 98
• Windows 98 SE
• Windows ME
• Windows 2000
• Windows XP

JCE 支持JDK1.4以上，JDK1.3稍微為麻煩，要自己配制JCE和JSSE

• Java 1.3.1 with JCE 1.2.2 and JSSE 1.0.3
• Java 1.4
• Java 1.5

我已經在吉大正元的eSafe鑰匙上通過測試，其他鑰匙提供商可以發(fā)郵件給我，或者給Usb鑰匙我去測試。

JCAPI的時間限制比較容易去除，但由于JNI層以上的代碼做了大量混淆，我不得不重寫這個JCE Provider，最起碼要實現(xiàn)KeyStoreSpi，SignatureSpi和CipherSpi。

JCAPI的JCE Provider我將會在下個月提供