[security-dev 00335]: Re: JCE/JSSE Plans for JDK 7?
Mike.Duigou at Sun.COM
Tue Sep 30 12:13:10 PDT 2008
Vincent Ryan wrote:
> Hello Mike,
> This functionality is being planned for the JDK7 release. The existing
> java.security.cert.CertificateFactory class can easily be enhanced with
> several new methods:
> o to create a certificate signing request
> o to parse a certificate signing request
> o to issue a new certificate
> The features will be limited. There are no plans to define an API to
> support a full CA.
I believe that the minimum required PKI extensions are for the API to
match the functionality offered by the command line 'keytool'. There are
too many projects which must currently include BouncyCastle (which is
nonetheless great and useful) only for the purposes of replicating
Are the proposed API changes for JDK7 published anywhere?
> Mike Duigou wrote:
>> Where can I find a published description of the enhancements and
>> extensions planned for JCE/JSSE in JDK 7?
>> To jump right to the point of my question: I'll be specifically looking
>> for extensions to allow all of the keytool functionality to be accessed
>> through public APIs. This is specifically PKCS#1 certificate generation
>> and PKCS#10 certificate signing requests. Neither of these are currently
>> available in the JDK 6 API but are available through keytool.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 359 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/security-dev/attachments/20080930/c7543e67/mike_duigou.vcf
More information about the security-dev