Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Using Native Platform Security in Java 6

Using Native Platform Security in Java 6


Java 6 will enhance the ability to leverage the native security features of the underlying deployment platform. Included in Java 6 is the ability to access the Microsoft CryptoAPI, PKCS#11 services, use the native GSS-API implementation, and import and export PKCS#12 Keystores.

Sun has released a new technical article describing how to make use of native platform security using Java 6. The motivation for access to native security is described as:

...native platforms undergo many security improvements, for example, cryptographic accelerators, secure key management, more built-in security services, and so on. Leveraging the security offered by the native platform provides several significant benefits to the Java platform: They include but are not limited to the performance boost that cryptographic accelerators provide, a consistent behavior that matches what native applications have when they use the same native library, and the seamless sharing of users' native credentials.

The ability to access the Microsoft CryptoAPI (CAPI) is provided by the SunMSCAPI provider (see the Java Cryptography Architecture document for more on providers and how they're accessed, and the Security Overview for more background). This provider will allow Java applications to access private keys and certificates stored in CAPI as well as using CAPI's cryptographic algorithm implementations.

Support for PKCS#11 (the Cryptographic Token Interface Standard) services will add new flexibility and performance for cryptographic processes. Using PKCS#11 Java applications can access cryptographic smart cards, hardware cryptographic accelerators, and software implementations for more algorithms or for certification requirements.

Access to native GSS-API implementations will make Java applications integrate smoothly into the native platform.

To help Java platform applications achieve seamless integration with native applications, JDK 6 enhances Java GSS-API to use native GSS-API instead of its own implementation of cryptographic mechanisms when configured to do so. When using the native GSS-API and its underlying native cryptographic mechanisms, the native credentials and settings in users' environment will be picked up automatically. This is different from the default case in which Java GSS-API uses its own implementation of cryptographic mechanisms.

The ability to import and export PKCS#12 keystores will allow users to share their personal identity information among applications. One example would be:

user credentials that browsers such as Microsoft IE or Mozilla Firefox generate can be exported in PKCS#12 format -- as files with the .pfx or .p12 suffix -- and then accessed and used by Java platform applications.

With these new features coming in Java 6, discussion is starting on what will be coming in Java 7. In a post on his blog, Andreas Sterbenz of Sun asks for suggestions on what the highest priority items for Java security should be. Specifically, he's requesting input on a variety of topics including PKI, SSL, Kerberos, JAAS, and XML security.

Rate this Article


Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p