RSA BSAFE

Crypto-J Release Notes

Version 3.5 March 16, 2005

Cryptographic components for Java

Contact Information SeeourWebsitesforregionalCustomerSupporttelephoneandfaxnumbers. RSASecurityInc.

www.rsasecurity.com

RSASecurityIrelandLimited
www.rsasecurity.ie

Trademarks ACE/Agent,ACE/Server,BecauseKnowledgeisSecurity,BSAFE,ClearTrust,ConfidenceInspired, eTitlement,IntelliAccess,Keon,RC2,RC4,RC5,RSA,theRSAlogo,RSASecured,theRSASecuredlogo, RSASecurity,SecurCare,SecurID,SecurWorld,SmartRules,TheMostTrustedNameineSecurity, TransactionAuthority,andVirtualBusinessUnitsareeitherregisteredtrademarksortrademarksofRSA SecurityInc.intheUnitedStatesand/orothercountries.Allothergoodsand/orservicesmentionedare trademarksoftheirrespectivecompanies. License Agreement ThissoftwareandtheassociateddocumentationareproprietaryandconfidentialtoRSASecurity,are furnishedunderlicenseandmaybeusedandcopiedonlyinaccordancewiththetermsofsuchlicense andwiththeinclusionofthecopyrightbelow.Thissoftwareandanycopiesthereofmaynotbeprovided orotherwisemadeavailabletoanyotherperson. Neitherthissoftwarenoranycopiesthereofmaybeprovidedtoorotherwisemadeavailabletoanythird party.Notitletoorownershipofthesoftwareoranyintellectualpropertyrightstheretoishereby transferred.Anyunauthorizeduseorreproductionofthissoftwaremaybesubjecttociviland/orcriminal liability. ThissoftwareissubjecttochangewithoutnoticeandshouldnotbeconstruedasacommitmentbyRSA Security. Note on Encryption Technologies Thisproductmaycontainencryptiontechnology.Manycountriesprohibitorrestricttheuse,importor exportofencryptiontechnologiesandcurrentuse,importandexportregulationsshouldbefollowed whenexportingthisproduct. Distribution Limitdistributionofthisdocumenttotrustedpersonnel. RSA Security Notice TheRC5BlockEncryptionAlgorithmWithDataDependentRotationsisprotectedbyU.S.Patent #5,724,428and#5,835,600.

2005 RSA Security Inc. All rights reserved. Published March 16, 2005

038-001003-3500-001-000

RSA BSAFE Crypto-J 3.5 Release Notes

Overview
ThisdocumentsummarizesthefeaturesofRSABSAFECryptoJ3.5.Itoutlinesthenewfeatures,testing environment,andresolvedandknownissues

New Features
ThisreleaseofCryptoJ3.5includesthefollowingnewfeatures: CryptoJ3.5isintendedasaFIPS1402validatedrelease 1 forboththeJSAFEandJCEprovider modules. ThisreleaseincludesallfixesandenhancementsfromCryptoJ3.4.3.3including o ImprovedperformanceofAES. TheCryptoJJCEProvidernowsupportsPBEWithHmacSHA1AndDESedeintheCipher andSecretKeyFactorygetInstancemethods.SincethisfeaturerequiresusingPBEKeySpecto specifythepassword,salt,iterationcountandnumberofDESkeys,aJREof1.4orlatermust beused.FormoreinformationseethePBEWithHmacSHA1AndDESede.javasampleinthe cryptoj35/sample/jce/source/14folderofthebinarydistribution. ThisreleaseincludesRSAX9.31KeyGenerationandSign/VerifyfunctionalitythroughtheJCE providerinterface.X9.31KeyPairGenerationisnowthedefaultifthetoolkitisinFIPSmode orwhenthekeysizeis1024bitsorhigher. TheCryptoJpublicAPInowincludessupportforrawRSAencryptionwithprivatekeyand decryptionwithpublickey. ThisreleaseincludesadditionalsupportforXMLencryptionthroughtheJCEinterfacesothat CryptoJcanbeusedastheJCEprovider.RSAOAEPtransportand3DESsupporthasalso beenaddedtoboththeJCEandJCEFIPSprovider. Newsamplesareincludedfor: o RSAOAEPforkeytransport o 3DES,AES128,AES256forkeywrapping o SHA224,256,384and512withRSAsignaturesforJCE o PBEWithSHA1And3DES o X9.31KeyGenerationandSign/VerifyfunctionalitythroughtheJCEprovider interface o RawRSAencryptionanddecryption

PendingEvaluation.

RSA BSAFE Crypto-J 3.5 Release Notes

Supported Environment
ThefollowingtableliststheplatformsandoperatingsystemssupportedbyCryptoJatthetimeofrelease, anddetailscompilerinformation. NOTE:AllJDKsare32bitunlessotherwisespecified.
Table 1. Platform Information
Number of Bits CPU Architecture

Platform

Operating System

Supported JDK/JRE

Windows

2000 Professional SP4

32

Intel x86

Sun JDK 1.1.8/1.3.1/1.4.2/1.5 IBM JDK 1.4.2 Sun JDK 1.1.8/1.3.1/1.4.2/1.5 IBM JDK 1.4.2 Sun JDK 1.1.8/1.3.1/1.4.2/1.5 IBM JDK 1.4.2 Sun JDK 1.1.8/1.3.1/1.4.2/1.5 IBM JDK 1.4.2 Sun JDK 1.1.8/1.3.1/1.4.2/1.5 IBM JDK 1.4.2 Sun JDK 1.3.1/1.4.2/1.5 Sun JDK 1.5 (64 bit) IBM JDK 1.4.2 Sun JDK 1.3.1/1.4.2/1.5 Sun JDK 1.5 (64 bit) IBM JDK 1.4.2 Sun JDK 1.3.1/1.4.2/1.5 Sun JDK 1.5 (64 bit) Sun JDK 1.3.1/1.4.2/1.5 Sun JDK 1.3.1/1.4.2/1.5 Sun JDK 1.3.1/1.4.2/1.5 HP JDK 1.4.2 HP JDK 1.4.2 HP JDK 1.4.2 HP JDK 1.4.2 IBM JDK 1.4.2

XP Professional SP1

32

Intel x86

XP Professional SP2

32

Intel x86

2003 Server

32

Intel x86

NT 4.0 SP6 Solaris 2.8

32 32

Intel x86 32 bit extension for USparc V9 32 bit extension for USparc V9 32 bit extension for Usparc V9 2.10 for x86 Intel x86 Intel x86 PA-RISC 1.1 PA-RISC 2.0 Itanium2 Itanium2 PowerPC

2.9

32

2.10

32

2.10 Red Hat Linux HP 7.2 Advanced Server 3.0 11.0 11.0 11.22 11.23 AIX 5L 53

32 32 32 32 32 32 32 32

PortsoftheCryptoJtoadditionalplatformsandoperatingsystemsareusuallyavailableshortlyafterthe releasedate.ContactyourRSASecuritysalesorsupportrepresentativeforinformationontheadditional platformsavailable.

RSA BSAFE Crypto-J 3.5 Release Notes

RSA BSAFE Crypto-J 3.5 Release Notes

YourRSASecuritysoftwarecontractmaynotgrantyoutherighttodevelopapplications onalloftheplatformslistedabove.ContactyourRSASecuritysalesrepresentativefor informationonthedevelopmentplatformscoveredbyyourcontract.

Interoperability
CryptoJsupportsandinteroperateswiththefollowingvendorproducts.
Table 2. PKI
Token OS Functions Limitations

Chysalis Luna CA3 Interface: SCSI

Microsoft Windows (32 bit) Sun Solaris 8

RSA key pair generation RSA signing DSA key pair generation DSA signing and verification RSA key pair generation RSA signing DSA key pair generation DSA signing and verification RSA key pair generation RSA signing and private key decryption

Due to an architectural mismatch between the BSAFE Crypto-C library and the Luna CA3, RSA signature verification cannot be performed on the Luna CA3, and must be performed in the BSAFE Crypto-C software. Due to an architectural mismatch between the BSAFE Crypto-C library and the Luna SA, RSA signature verification cannot be performed on the Luna CA3, and must be performed in the BSAFE Crypto-C software. The device can only perform private key operations. It only operates on keys it generates*. It cannot create a signature using a private key generated in software. It cannot release the private key. It remains on the token and the key data is never revealed. It can only perform PKCS #1 v1.0 RSA operations. It does not support DSA The device cannot perform operations with a public key generated outside the token, although it can perform operations with a private key generated outside the token. The device cannot release the private key. It remains on the token and the key data is never revealed.

Chrysalis Luna CA Interface: Ethernet

Microsoft Windows (32 bit) Sun Solaris 8

GemSAFE Smart Card (Firmware version 4.00) Interface: GemPlus GemPC410 Reader (serial port)

Microsoft Windows (32 bit)

nCipher nForce Accelerator Interface: SCSI Rainbow iKey 2000 Interface: USB

Microsoft Windows (32 bit) Sun Solaris 8

RSA key pair generation RSA signing and verification DSA key pair generation DSA signing and verification RSA key pair generation RSA signing and verification RSA public key encryption and private key decryption RSA key pair generation RSA signing and verification RSA public key encryption and private key decryption

Microsoft Windows (32 bit)

Due to an architectural mismatch between the BSAFE Crypto libraries and the CryptoSwift, RSA signature verification cannot be performed on the CryptoSwift, and must be done in the BSAFE Crypto libraries. * - When generating the key pair, set private key attributes with JSAFE_KeyAttributes.TF_PRIVATE specified. RSA Security used the GemPlus SDK (including the PKCS #11 library pk2priv.dll) and reader drivers downloaded from the GemPlus Web site (http://www.gemsafe.com/). The SDK and reader drivers on the SDK CD that are supplied with the reader/card package were not used. There were difficulties using the card under Windows NT Service Pack 4.

Rainbow CryptoSwift Interface: PCI

Microsoft Windows (32 bit)

Algorithms and Key Sizes

ThefollowingtableoutlinesthesupportedalgorithmsandkeysizesinCryptoJ.
5

RSA BSAFE Crypto-J 3.5 Release Notes

Table 3. Supported Algorithms

Algorithm Key Sizes

RSA

256-4096 bits (2 primes) 1024-4096 bits (3 primes) Details Padding: Public Key Cryptography Standard (PKCS) #1 v1.5 Optimal Asymmetric Encryption Padding (OAEP) No Padding (Raw RSA) Digital Signatures: RSA-SHA1 RSA-SHA224 RSA-SHA256 RSA-SHA384 RSA-SHA512 Key pair Generation: RSA X9.31 RSA MultiPrime (2 or 3 primes)

DSA Diffie-Hellman RC2 RC4 RC5 AES

512-4096 (non FIPS) 1024-4096 (FIPS) 256-2048 bits for digital signatures and parameter generation 1-1024 8-2048 0-2040 128, 192, 256 In the following modes: OFB CBC CFB ECB 56 In the following modes: ECB CBC CFB CFB64 OFB 120 168 HMAC 0-4096 for: SHA-1 SHA-224 SHA-256

DES

DESX Triple DES Hash-based Message Authentication (HMAC)

RSA BSAFE Crypto-J 3.5 Release Notes

RSA BSAFE Crypto-J 3.5 Release Notes

Algorithm

Key Sizes

SHA-384 SHA-512 Message Digests MD2 MD5 SHA-1 SHA-224 SHA-256 SHA-384 SHA-512 RIPEMD160 MD5 based PRNG SHA-1 based PRNG FIPS 186 based PRNG X9.31 based PRNG PKCS5PBE-i-k PKCS5V2PBE-i-k PKCS12PBE-i-k PKCS12V1PBE-i-k Where i is the iteration count and k refers to the keysize.

Random Number Generation

Password based Encryption

JCEprovidersmustnotethatduetoimportcontrolrestrictions,thejurisdictionpolicyfilesshipped withJDK1.4andaboveimposerestrictionsonthekeysizes.Formoreinformationpleasesee: http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#AppE

RSA BSAFE Crypto-J 3.5 Release Notes

Documentation
ThissectionincludesinformationonthedocumentationsuiteprovidedwithCryptoJ.

Related Documentation
Thefollowingdocumentationisprovided: CryptoJ3.5DevelopersGuide CryptoJ3.5InstallationGuide CryptoJ3.5ReleaseNotes CryptoJ3.2.2BytecodeObfuscationUsersGuide CryptoJ3.0PBEConverterGuide.

Known Documentation Issues

TheDevelopersGuidecannotbeviewedinOpera7. ThedynamicTableofContentsandSearcharenotavailableifviewedinabrowserthat doesnotsupportframesorJavascript.

Implementation Information
TheCryptoJjsafe.jarandjsafeWithNative.jarrunsonJDK1.1.8andhigherenvironments.The jsafeFIPS.jar, and the provider jsafeJCE.jar, and jsafeJCEFIPS.jar will work with JDK 1.4 and JDK 1.5 where the JCE is built in, and with JDK 1.3 with JCE 1.2 or 1.2.2, but does not work with JDK 1.1.8. Java ImplementationIssues

JDK 1.1.8
JDK1.1.8onWin32platformscanhangduetomemoryleaks.However,thisdoesnotoccurwhen runningsingleprogramsorapplets.Sunhasstatedthatthesememoryleakswerefixedinsubsequent releasesofJava.RSASecurityhasbeenunabletoreproducethisproblemonJava2,orotherJDK1.1.x implementationssuchasSolaris,Mac,orLinux.

JDK 1.1.8 JIT

BoththeIBMandSunJDK1.1.8JIThaveknownissuesandoftendonotwork.RSASecurityrecommends usinganotherJITorrunningtheJDK1.1.8virtualmachinewiththenojitoption.

JCE 1.2.1
InJCE1.2.1,whenanapplicationaddstwoproviders,thesecondproviderfailstoauthenticatetheJCE framework.TheproblemisduetoabuginJarURLConnection.ThebughasbeenfixedinJDK1.4.0and inrecentupdatestoJDK1.2.2andJDK1.3.1.

RSA BSAFE Crypto-J 3.5 Release Notes

RSA BSAFE Crypto-J 3.5 Release Notes

JsafeJCE Provider
WhentheJsafeJCEproviderisregisteredasthefirstprovider,theJCEframeworkoverflowsthestack whileverifyingthesignedjsafeJCE.jarfile.Theframeworkfallsintoaninfiniterecursion,repeatedly processingthesameentryuntilitoverflowsthestack. Aprovidermaybeaddeddynamically,orstaticallyviathejava.securityfile.RSASecuritytestedboth methodswithdifferingresults.InthedynamiccasetheproblemdoesnotoccurinJDK1.3iftheSunRSA providerisnotregistered.InJDK1.4thestackoverflowdoesnotoccuriftheSunRSAproviderandthe SunJSSEproviderarenotregisteredbutitmayresultinaNullPointerException. WhentheJsafeJCEproviderisregisteredfirststatically,theoverflowdoesnotoccurbuttheframework failstoauthenticatetheprovider.TheproblemhasbeenreportedtoSunandisunderinvestigation.Asa result,donotrelyonthepositionoftheproviderandinsteadexplicitlynametheproviderinthe correspondingcallstogetInstance.Ifitisnecessarytorelyonthedefaultprovider,registertheSUNand SunRSASignprovidersaheadoftheJsafeJCEprovider,(orregistertheIBMJCEprovideraheadofthe JsafeJCEproviderifusinganIBMJDK). ThisproblemhasbeenpartiallyfixedinJDK1.3.1_04andJDK1.4.1RC1.TheJsafeJCE providercannowberegisteredasthesecondmostpreferredprovideraftertheSUN provider.

Required Change to JCE Samples

IftheJsafeJCEproviderisloadedstatically,thefollowingchangesmustbemadetothesamplecodein sample/jce/source: inAppApplet.javaremovetheaddJsafeJCE()method intheJCEsamplesremoveanycalltotheaddJsafeJCE()method

JRE 1.4.0
TheJRE1.4.0failstoloadtheproviderincertaincircumstancesduetoabugontheJDKHotSpotJVM(see Issue#28707).Toavoidthisproblem,splitthecallsasfollows:
Provider provider = new com.rsa.jsafe.provider.JsafeJCE(); Security.addProvider (provider); or to use reflection

Native Libraries
Thenativelibrariesincludedinthisreleasearenotproductionreadylibraries.Theselibrariesarefrom ourdevelopmentenvironment.Howeverthetestsforthenativesharedlibrariesallpass.Production readylibrarieswillbeincludedintheGMrelease. NOTE:WhencompilingnativelibrariesontheHPUXPARISC1.1platform,duetoavendorcompiler bugHP9245301B.11.11.04HPC,itisnecessarytocompilethesharedlibraryonHPUX10.20usingthe HP9245301A.10.32.20HPCcompiler,andthentestbackontheHPUXPA1.1platform.

RSA BSAFE Crypto-J 3.5 Release Notes

ThereisnoCryptoCsourcecodeincludedinthisreleaseoftheCryptoJsource,itwillhoweverbe includedinthefinalGMrelease.Thereisonlytheinclusionofthenativesharedlibraries.

10

RSA BSAFE Crypto-J 3.5 Release Notes

RSA BSAFE Crypto-J 3.5 Release Notes

Resolved Issues
ThefollowingtableliststheresolvedissuesinCryptoJ3.5.
Table 4. Resolved Issues
Id Description

34629 36179 39083 40656 41721 41737 41980

JsafeJCE must implement PBE with TripleDES in 3.5. 3DES Cipher with 2 DES keys returned incorrect results. "InvalidKeyException when initializing a DES_ede Cipher" Call to getBlockSize() in the JCE provider returns the wrong value. "CFB/OFB can't handle certain text and feedback bit sizes" Error in PKCS#5v2 transformations when memory obfuscation is turned on. SecretKey implementation successfully translate an invalid key.

Known Issues
ThefollowingtableliststheknownissuesinCryptoJ3.5.
Table 5. Known Issues
Id Description

23127 23131 26975 27676 28612 38155 38156 39557 42729 43013 43081 43058 43304

Requirement to either support WRAP_MODE/UNWRAP_MODE or throw appropriate exception for Cipher implementation The SecretKey from the JsafeJCE SecretKeyFactory cannot be used with SunJCE Cipher for PBEWithMD5AndDES and vice versa. The use of SHA 384 and SHA 512 results in a NullPointerException due to a bug in the JIT for JDK 1.2. RSA Security has reported this bug Sun but has not yet received a bug number. Similar bugs have been closed without being fixed. "PSS use triggers non-fatal JDK 1.1.8 internal errors" Crypto-J: Native code is slower on Linux than pure Java SHA 384 and SHA 512 operations produce incorrect results on AIX 5L52 and IBM SDK (32bit) 1.3.1 and 1.4.0 due to a bug in the JIT. 3DES_EDE/CBC/PKCS5Padding is not available under IBM SDK (32 bit) 1.3.1 on IBM AIX 5L52 when using the native device. JCE provider is failing on Sun JDK 1.4.2_04 when running the RSAEncrypt test. JsafeJCE implementation of javax.crypto.SecretKey::getEncoded not behaving as documented. Unable to parse the entire OID information for a PKCS#5v2 PBE algorithm OID using PBES2. There are some known issues that cause a JDK 1.1.8 JIT warning. NullPointerException in JA_RSAPrivateKey when calling signInit() after clone(). Sample build files have incorrect Crypto-J version number.

11

RSA BSAFE Crypto-J 3.5 Release Notes

Contacting RSA Security

TheRSASecurityWebsitecontainsthelatestnews,securitybulletinsandinformationaboutcoming events. TheRSABSAFEWebsitecontainsproductinformation. TheRSALaboratoriesWebsitecontainsfrequentlyaskedquestions.

Support and Service

Ifyouhaveanyquestionsorrequireadditionalinformation,seeRSASupportorRSASecurCareOnline.

Purchasing Printed Product Documentation

AlldocumentationforyourRSASecurityproductisincludedinelectronicformatontheCDorinthe downloadyouhavereceived.Youcanprintproductdocumentationdirectlyfromthesefilesifyou requireahardcopy. RSASecurityalsoofferscustomerstheoptiontopurchaseprintedandboundcopiesofkeydocumentsfor someproducts.MoreinformationisavailableatDocumentation.

Feedback
WewelcomeyourfeedbackonRSASecuritydocumentation.Pleaseemail bsafeuserdocs@rsasecurity.com.

12

RSA BSAFE Crypto-J 3.5 Release Notes