Java 6: Native Platform Security

The Java Platform, Standard Edition (Java SE) provides application developers with a large set of security APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. A new article article titled "Leveraging Security in the Native Platform Using Java SE 6 Technology" discusses important enhancements on the native security integration using JDK 6, to enable the Java developer use the enhancements to native platforms such as, cryptographic accelerators, secure key management etc. The enhancements to provided in Java 6 include:

• Access Microsoft CryptoAPI and Its Cryptographic Services: On the Microsoft (MS) Windows operating system, the MS CryptoAPI (CAPI) defines a standard interface for performing cryptographic operations as well as accessing the user keys and certificates that Windows manages. The SunMSCAPI provider is layered on top of CAPI and helps Java platform applications access CAPI cryptographic services to Access private keys and certificates stored in CAPI and Use CAPI's cryptographic algorithm implementations
• Access PKCS#11 Cryptographic Services: PKCS#11, the Cryptographic Token Interface Standard, defines native programming interfaces to cryptographic tokens such as hardware cryptographic accelerators and smart cards. This means that Java platform applications (from JDK 5) can use existing security and cryptography APIs in the Java platform to access
  • Cryptographic smart cards for added security
  • Hardware cryptographic accelerators for better performance
  • Software implementations for more algorithms or for meeting certification requirements
• Access Native GSS-API: The Generic Security Services API (GSS-API) defines a generic security API atop a variety of underlying cryptographic mechanisms including Kerberos version 5. With GSS-API, applications can authenticate a principal, delegate its rights to a peer, and apply security services such as confidentiality and integrity on a per-message basis.
• Import and Export PKCS#12 Keystores: PKCS#12, the Personal Information Exchange Syntax Standard, defines a portable format for storing or transporting personal identity information, including private keys, certificates, and so on. This enables users to share their personal identity information among applications that support this standard. In particular, user credentials that browsers generate can be exported in PKCS#12 format and accessed and used by Java platform applications.

References:

• Leveraging Security in the Native Platform Using Java SE 6 Technology
• Java Security Overview
• Java Cryptography Architecture API Specification and Reference Guide
• Java Secure Socket Extension (JSSE) Reference Guide
• Java PKCS#11 Reference Guide
• Default Policy Implementation and Policy File Syntax
• Java GSS API (RFC 2853)
• Introduction to JAAS and Java GSS-API Tutorials
• Single Sign-on Using Kerberos in Java
• Java SASL API Programming and Deployment Guide