[Cryptix-Users] Cryptix 3.1.2 on Java 2 v1.2/1.3

[Edwin Woudt]

> This is bizarre: I use cryptix on Solaris with jdk 1.2.2 just about every
> day, encrypting/decrypting traffic from Windows and Linux systems also
> created by cryptix.
> 
> What is the alleged problem with cryptix with solaris 1.2.2? I couldn't find
> the description on edwin's web page.

Ok, I just subscribed to the e-lang list, but it looks like you already
encountered the bug:

http://www.eros-os.org/%7Emajordomo/e-lang/1408.html

<quote>
> Prohibited package name: java.security 
> java.lang.SecurityException: Prohibited package name: java.security 
</quote>

The new JDK 1.3 classloader forbids classes in java.security, which
Cryptix has plenty (Cryptix 3.x.y is based on JCE 1.1, where all
crypto classes were supposed to go in java.security. In JCE 1.2, Sun
decided to go with javax.crypto instead). 

I do not have access to a Solaris machine myself, but it has been
reported by at least 4 people. The two that mentioned the exact
version reported jdk1.2.2-05. What version do you use? 

Some parts of Cryptix do not use these classes, like for example the
PGP parts. However, the TripleDES cipher extends from 
java.security.Cipher, so the classloader should definately barf at it.

My guess is that Sun accidentally included the newer 1.3 classloader 
in some version of 1.2.2 for Solaris. I could not find a bug in their 
bug database though.

Dirk Hillbrecht <dirk.hillbrecht@gmx.de> did some good suggestions
on the cryptix-users list on how to fix this problem. My current 
timeline for releasing Cryptix 3.2.0, which should work with jdk 
1.1.x, 1.2.x and 1.3.x on all platforms, is July or early August.
This schedule may change if the Cryptix JCE team decides to release
a production quality version earlier.


Edwin

-- 
Edwin Woudt  -  edwin@cryptix.org