Date: Tue, 14 Jul 1998 18:47:06 -0700 (PDT)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: Two questions: 1.2b3 -new and alternate URL types; keytool and symmetric keys
To: java-security@java.Sun.COM, rwatson@tis.com
Robert:
> We have two questions concerning the security features found in Java 1.2
> (beta3).
Here's an answer for (2).
> 2) Our project currently uses DSA keys and signatures to protect data
> transmitted between nodes. However, due to significant performance issues
> involved with used repeated DSA signatures, we would like to make use of
> symmetric keys and MD5 to reduce the load. At this point, we discovered
> that the keytool provided with 1.2b3 does not allow for the management of
> symmetric keys. Similarly, the same key naming and management classes
> cannot be applied to both symmetric and asymmetric keys. We believe that
> being able to manage both types of keys is important -- do you have any
> plans to add key management code for symmetric keys?
In the upcoming JDK 1.2 beta4 release, you will notice that in the
KeyStore APIs that handle key objects, we replaced
"java.security.PrivateKey" with "java.security.Key", so that
users will be able to store *any* type of key in a keystore.
Note that in JDK 1.2, the underlying KeyStore implementation supplied
by the "SUN" provider does not support symmetric (secret) keys, because
JDK 1.2 itself does not know anything about secret keys (if it did,
it would not be exportable). However, you could write your own provider that
supplies a KeyStore implementation capable of handling secret keys.
Jan