Re: [Cryptix-Users] Cryptix 3.1.2 on Java 2 v1.2/1.3 Edwin Woudt (edwin@woudt.nl)
Wed, 07 Jun 2000 11:40:41 +0200

> This is bizarre: I use cryptix on Solaris with jdk 1.2.2 just about every
> day, encrypting/decrypting traffic from Windows and Linux systems also
> created by cryptix.
>
> What is the alleged problem with cryptix with solaris 1.2.2? I couldn't find
> the description on edwin's web page.

Ok, I just subscribed to the e-lang list, but it looks like you already encountered the bug:

http://www.eros-os.org/%7Emajordomo/e-lang/1408.html

<quote>
> Prohibited package name: java.security
> java.lang.SecurityException: Prohibited package name: java.security
</quote>

The new JDK 1.3 classloader forbids classes in java.security, which
Cryptix has plenty (Cryptix 3.x.y is based on JCE 1.1, where all
crypto classes were supposed to go in java.security. In JCE 1.2, Sun
decided to go with javax.crypto instead).

I do not have access to a Solaris machine myself, but it has been reported by at least 4 people. The two that mentioned the exact version reported jdk1.2.2-05. What version do you use?

Some parts of Cryptix do not use these classes, like for example the PGP parts. However, the TripleDES cipher extends from java.security.Cipher, so the classloader should definately barf at it.

My guess is that Sun accidentally included the newer 1.3 classloader in some version of 1.2.2 for Solaris. I could not find a bug in their bug database though.

Dirk Hillbrecht <dirk.hillbrecht@gmx.de> did some good suggestions on the cryptix-users list on how to fix this problem. My current timeline for releasing Cryptix 3.2.0, which should work with jdk 1.1.x, 1.2.x and 1.3.x on all platforms, is July or early August. This schedule may change if the Cryptix JCE team decides to release a production quality version earlier.

Edwin

-- 
Edwin Woudt  -  edwin@cryptix.org