|
|
See these links for an overview of the security components provided with the IBM SDK.
For an overview of z/OS security information, see
this web site (for 31-bit)
and this web site (for 64-bit).
|
|
|
|
|
|
The Java Certification Path defines a set of classes and interfaces to create, build, and validate digital certification
paths. A digital certificate is a data structure of the binding between a subject and a public key signed by a Certification Authority (CA).
|
|
|
JAAS Active Logon is not supported on 64-bit Vista at this time.
JAAS allows you to enforce access controls based on the user who runs an application. This function is missing
from standard implementations of Java 2. In addition to the guides linked above, the following
JAAS Javadoc HTML documentation and zip files contain code samples specific to each platform:
|
|
|
The JCE provides a framework and implementations
for encryption, key generation, and key agreement, as well as Message Authentication Code (MAC) algorithms. Support for
encryption includes symmetric, asymmetric, block, and stream ciphers. The software also supports secure streams and
sealed objects. JCE supplements the Java platform, which already includes interfaces and implementations of message
digests and digital signatures.
|
|
|
The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) version 1.2 for Multi-platforms is a scalable,
multi-purpose cryptographic module that supports FIPS approved cryptographic operations by means of the Java Application
Programming Interfaces (APIs). The IBM Java JCE FIPS provider is certified at Federal Information Processing Standards
(FIPS) 140-2 [Level 1].
|
|
|
IBM's SDKs ship with strong but limited jurisdiction policy files. Unlimited jurisdiction
policy files can be obtained from the link above. The ZIP
file should be unpacked and the two JAR files placed in the JRE's jre/lib/security/ directory.
These policy files are for use with IBM developed SDKs.
The same files are used for the Version 1.4 and Version 5 SDKs.
Details of downloads of unlimited jurisdiction policy files for the Solaris
and HP platforms can be found in the IBM Security Guide for those platforms.
|
|
|
JGSS is used to exchange messages securely between communicating
applications. The Java GSS-API contains the Java bindings for the Generic Security Services Application Program
Interface (GSS-API) defined in RFC 2853. GSS-API offers application programmers uniform access to security services
built on a variety of underlying security mechanisms, including Kerberos.
|
|
|
The IBMJSSE2 is a Java package enabling
secure internet communications. The extension implements a Java version of Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols and includes function for data encryption, server authentication, message integrity, and client
authentication. The new JSSE provider has improved serviceability, can be configured to use hardware cryptographic cards,
and uses IBM's JCE providers for its cryptography.
|
|
|
This PDF file is version 8 of the IKeyman user guide. It tells you how to use IKeyman.
IKeyman is a GUI tool for managing Java keystores. It is provided to aid in the management of JSSE keystores.
|
|
|
The IBMPKCS11Impl Provider uses the Java Cryptography Extension (JCE)
and Java Cryptography Architecture (JCA) frameworks to add the ability to use hardware cryptography using
the Public Key Cryptographic Standards #11 (PKCS#11) standard. This new provider takes advantage of hardware cryptography
within the existing JCE architecture and gives Java 2 programmers the significant security and possible performance
advantages of hardware cryptography with minimal changes to existing Java applications. Because the complexities of hardware
cryptography are taken care of in the normal JCE, advanced security and performance using hardware cryptographic devices is
made readily available.
|
|
|
IBMSASL is a Java package enabling secure internet
communications. Simple Authentication and Security Layer, or SASL, is an Internet
standard (RFC 2222) that
specifies a protocol for authentication and optional establishment of a security layer between client
and server applications. SASL defines how authentication data is to be exchanged but does not itself
specify the contents of that data.
|
|
|
The Key Certificate Management is a set of packages used to access keys and certificates stored in any format,
extract information from a KeyStore given a Subject Key Identifier (SKI), create a self-signed certificate,
generate a CertificateRequest to send manually or use Java PKI to send it to a CA and obtain the signed
certificate and revoke a certificate.
|
|
|
The KeyTool user guide introduces the key and certificate management utility. The KeyTool utility enables users to
administer their own public/private key pairs and associated certificates for use in self-authentication (where the user
authenticates himself/herself to other users/services) or data integrity and authentication services, using digital
signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers.
|
|
|
Java XML Digital Signature provides a standard set of APIs for XML digital signature services. XML Digital Signature can be used to to perform detached, enveloped, and enveloping signatures as well as to sign arbitrary binary data and include this within an XML document. The result of encrypting data is an XML Signature element which contains or references the signature data.
|
|
|
The Java XML Encryption provides a standard set of APIs for XML digital encryption serivces. XML Encryption can be used to perform fine-grained, element-based encryption of fragments within an XML Document as well as encrypt arbitrary binary data and include this within an XML document. The result of encrypting data is an XML Encryption element which contains or references the cipher data.
|
