Is Sun PKCS#11 provider supported on Android? Or can it be moved to Android somehow?
Thank you.
No. Sun==Oracle => copying bad :)
Seriously though, it is not available in Android and there is not standard PKCS#11 support either (although JB does use a proprietary PKCS#11 provider for some things). Not sure if the code is in OpenJDK, but if it is, you can try to port it. However, since it is unlikely that you actually need to use the full PKCS#11 API, it will be much easier to write JNI wrappers only for the functions you need (sighing, verifying, hashing, etc.).
Related
As you all know, OFED's Socket Direct protocol is deprecated and OFED's 3.x releases do not come with SDP at all. Hence, Java's SDP also fails to work. I was wondering what is the proper method to program infiniband in Java? Is there any portable solution other than just writing JNI code?
My requirement is achieve RDMA among collection of infiniband powered machines.
jVerbs might be what you're looking for. Here's a little bit of documentation.
jVerbs looks interesting otherwise you might like to try rsockets with LD_PRELOAD.
Use Fast-MPJ or any other mpi in java which gives infinband device layer support. open-mpi was expected to release openMPI for java recently.
If you are looking for SDP replacement try IBM's JSOR API - it uses the same idea of providing RDMA behind good old Java sockets. It is faster than SDP and still supported. Works fine with OFED 3.1.
I am digitally signing a file by using Smart card on java platform.
Syntactically, I am getting the flow of code and other things too.
But my problem is how native PKCS11 implementation is communicating with smart card or vice versa(That thing I don't know).
I want to know internal flow. I have googled it alot but did not get internal communication flow (I am getting code only).
Can anyone give me some link or reference or some class diagram.
PKCS#11 is an API definition in C to use cryptographic tokens. It explicitly does not specify any implementation details of these cryptographic tokens. In principle any security and software module may be represented by a PKCS#11 interface. So it depends completely on the PKCS#11 middleware on how the smart card is accessed. The same goes for things as logging by the PKCS#11 module - PKCS#11 does not specify how logging is performed.
Now most smart cards that are used for signature generation are compatible with at least ISO 7816-4 (which defines which APDU's may be used to read/write to the card and how some cryptographic APDU's may be used). Futhermore, they may implement ISO 7816-15 (a slightly different version of PKCS#15), which is a quite complex standard to find files and objects (such as keys) on the card. Normally these cards are accessed through PCSC, so it is best to try and get a log of the PCSC or smart card reader driver API calls.
With Java you can also directly use the card through javax.smartcardio which implements ISO 7816-4 compatible transport over PCSC. In that case you will have to implement the entire application level interface to the smart card though.
This is unfortunately a long text to say that this all depends on the implementation of the PKCS#11 library and the smart card.
I got some brief idea by going through this PDF
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-30/TUT-M51_Griffin_PKCS11.pdf
But still i did not get the whole flow .For this, I think i need to go deeper and deeper in the sea of PKCS#11 ;)
"DMA" here means: Direct memory access, and "RDMA" is: remote direct memory access.
I used Java to created an application to transfer stock data, but I found the latency is bigger than I expected. I heard someone developed same type application used "DMA/RDMA", which has good performance, so I wonder if I can use "DMA/RDMA" in Java?
If not, what language should I use, and if there are any good libraries to use?
This article from IBM developers work give a great overview of how DMA access can be achieved using java
You have two options (that I know of):
Java SDP -- has been deprecated
JXIO [1], a high-performance messaging library built on RDMA and supported by Mellanox
[1] https://github.com/accelio/JXIO
There is DiSNI, a new library to program RDMA in Java. DiSNI is the open source variant of IBM's jVerbs. There are some performance numbers here that illustrate how RDMA with Java compares to sockets in C and Java, and also to RDMA in C.
RDMA as I know it is a property of the networking infrastructure (along with the relevant kernel modules etc), not of the application-level programming language.
In other words, you'd have to get specialized kit to make use of RDMA to reduce network latency. Here is an example of a 10GbE network card that supports RDMA: link.
Java applications are capable of mmaping files via nio packages. Those mmaped files can be accesses by multiple programs - I affraid this is closes thing to DMA available in java
Java 7 supports SDP protocol on Solaris and Linux (with OpenFabrics.org drivers). Unfortunately SDP protocol has been deprecated in the 2.x version of OFED. People resort to JNI wrappers like jVerbs.
Why do people use bouncycastle instead of Java Cryptography Extension? What is the difference?
BouncyCastle has many more cipher suites and algorithms than the default JCE provided by Sun.
In addition to that, BouncyCastle has lots of utilities for reading arcane formats like PEM and ASN.1 that no sane person would want to rewrite themselves.
Bouncy Castle is Australian in origin, and therefore is not subject to the Export of cryptography from the United States.
It is useful if you are outside the United States and you need to manage key sizes grater than permitted by such that restriction. In that case you are not permitted to use software from United States for that.
On server or desktop, I don't see any reason to use BC unless you have to deal with some legacy ciphers or formats not supported by Sun JCE.
However, many JREs don't come with a JCE provider, like on mobile or embedded environments. BC comes handy in such cases.
I am looking for open source JCE libraries that implement some of the more esoteric encryption algorithms so that I can study their implementation. I would be especially interested in ones that implement Identity Based Encryption (IBE) as published by Stanford.
Cryptix (not sure what state its in at the moment but it was high quality when I used it last):
http://www.cryptix.org
http://sourceforge.net/projects/cryptix
GNU Classpath also has their own JCE implementation, however, whether they support IBE is another story.