JCE Provider

Overview:

This project provides a native JCE provider for Windows (MSCAPI) and OS X (Keychains). It allows the developer to leverage some of the crypto services and certificate/key stores in Windows and OS X via the standard Java JCE API.

Service Algorithm/Type notes
MessageDigest MD5
SHA-1
SHA-256
SHA-384
SHA-512
Provides access to some of the operating system’s hashing functions.
KeyStore cryptofreek-user This KeyStore implementation provides access to the current user’s certificates and corresponding private keys stored by the operating system.  On Windows, these are the items in the MSCAPI MY store.  On OS X, these are the identities in default Keychains.Current, only the “identities” (or certificates with corresponding private keys) are available.  Future support will be added for other certs (third party certs, roots, and intermediates).This KeyStore implementation is now, and forever will be READ ONLY.
Signature MD5withRSA
SHA1withRSA
SHA256withRSA*
SHA384withRSA*
SHA512withRSA*
Provides digital signature capabilities.Signing operations will only work with PrivateKey objects obtained from a “cryptofreek-user” KeyStore (see above).Verify operations will work with certificates and/or PublicKey objects obtained from any source.* Depending on your PrivateKey object’s Windows CSP, these algorithms may not work for you for signing operations.  The default PROV_RSA_FULL provider does not support SHA2 algorithms; therefore, if your PrivateKeys are handled by this provider, these algorithms will not be available to you.  All of the algorithms listed are available for signing on OS X and verification on OS X and Windows.

Support Operating Systems:

Windows 7+ (including Server 2008) – Full 32 and 64 bit support.

OS X 10.7+ – Universal Binaries

What’s New:

version description
0.1 Initial release.

Download:

Version 0.1 (beta): cryptofreek_0.1.zip
MD5: F868C48CCA6ECBCCC0480A022A9F76E9

Code Examples:

import java.security.MessageDigest;
import java.security.Security;
import java.security.Signature;
import java.security.PrivateKey;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

public class test
{
  public static void doDigest(String strAlg) throws Exception
  {
    byte[] baData = "hello world".getBytes();

    MessageDigest digest = MessageDigest.getInstance(strAlg, "cryptofreek-provider");
    digest.update(baData);

    byte[] baDigest = digest.digest();
    System.out.println( strAlg + " digest length:  " + baDigest.length );
    System.out.println();
  }

  public static void doSignature() throws Exception
  {
    KeyStore ks = KeyStore.getInstance("cryptofreek-user", "cryptofreek-provider");
    ks.load(null, null);

    Enumeration enumAliases = ks.aliases();
    while (enumAliases.hasMoreElements())
    {
      String strAlias = enumAliases.nextElement();

      X509Certificate cert = (X509Certificate) ks.getCertificate(strAlias);
      System.out.println("Certificate:  " + cert.getSubjectDN());

      PrivateKey privateKey = (PrivateKey) ks.getKey(strAlias, null);

      byte[] baData = "I love lamp.".getBytes();

      Signature sig = Signature.getInstance("SHA1withRSA", "cryptofreek-provider");
      sig.initSign(privateKey);
      sig.update(baData);
      byte[] baSignature = sig.sign();

      System.out.println("Signature Length:  " + baSignature.length + " bytes");

      sig.initVerify(cert);
      sig.update(baData);
      boolean bVerified = sig.verify(baSignature);

      System.out.println("Signature Verified:  " + bVerified);

      baData[0]++;
      sig.initVerify(cert);
      sig.update(baData);
      bVerified = sig.verify(baSignature);

      System.out.println("Signature Verified:  " + bVerified);
      System.out.println();

      //break;
    }
  }

  public static void main(String[] args)
  {
    try
    {
      Security.addProvider( new org.cryptofreek.crypto.jce.CNativeProvider() );

      doDigest("MD5");
      doDigest("SHA-1");
      doDigest("SHA-256");
      doDigest("SHA-384");
      doDigest("SHA-512");

      doSignature();
    }
    catch( Exception e )
    {
      e.printStackTrace();
    }
  }
}

Leave a Reply