Messages posted by: tommy

Hi,

You must add JCAPI as a security provider to the JCE framework in your program before using it i.e add the following line of code at the beginning of your program:
Security.addProvider(new JCAPIProvider());

For more information, please read the "JCAPI User's Guide" or any of the accompanied example programs.

Sincerely,
Tommy

Hi Andrew,

Sorry for the late reply, but we have vacation time here in Sweden, and paid support is prioritized.

Regarding your issue, JCAPI v1.x cannot export private keys to other account users. Unfortunately, this version has entered EOL so no new functionality will be incorporated into it.

I'll put this issue on our investigation list for JCAPI v2.x.

Regards,
Tommy

Hi Andrew,

Yes, you can make it exportable by supplying null as password parameter when you import your private key.
Just change your call:

msksKeyStore.setKeyEntry(alias, key, pwd, x509certs);

into:

msksKeyStore.setKeyEntry(alias, key, null, x509certs);

Regards,
Tommy

Hi Igor,

Yes, we've made two new independent releases; one for v1 (crash in w2k) and one for v2 (removed obfuscation).

Since we've just repackaged and not changed the code in the JCAPI DLL, we decided to not increment the version number in v2. It would also look strange if we had to increase the commercial version of JCAPI but not its evaluation counter part.
So, just visit our customer service download page and download JCAPI v2.1.1:
https://pheox.com/customer/download/products

Regards,
Tommy

This is a minor update containing:

Bugfix: The jcapi.dll file failed to be loaded into the JVM on Windows 2000 with IE 6 and JRE 6 Update 31.

For a complete list of enhancements and bug fixes made, please read the version history.
Our customers can download the commercial (unrestricted) version from the customers download page.

Hi Igor,

It was decided to remove the obfuscation tool for licensed versions of JCAPI. We've made a new release which you and all other customers can download from our customer service page:
https://pheox.com/customer/

Just let us know if you have any questions or issues.

Regards,
Tommy

Hi Igor,

That's bad. The problem is that we're using an obfuscation tool which is also available to other parties. Unfortunately some of them apparently uses it for concealing viruses and other nuisance which produces false positives in some AV tools.
This is not acceptable. Honestly, there's no reason for us to obfuscate already licensed versions of JCAPI, but we're using this tool throughout out our whole product line since it will protect our trial versions and at the same time work as a good DLL packer for our licensed versions.

We'll do it like this; I'll contact our manufacturer and ask them for tailor made version of their tool (to produce a unique signature) to use. If it's not possible, then we'll release a new version of JCAPI without obfuscation.

I would probably get some answers within the coming days. I'm sorry if it has caused you any serious problems. We'll fix this.
I'll keep you updated as well.

Regards,
Tommy

Hi again Igor,

Good that you found an alternative solution.
I think I might have been a little to hasty with my patch. I'll check it out and make a more stable fix to be released later on.

Thanks.

Regards,
Tommy

Hi Igor,

Nice to hear from you again.

Yes, JCAPI does not support your given 3DES alias. Actually it was not supported in version 1 either since support for natively executed symmetric ciphers was first introduced in version 2 of JCAPI. The reason it worked before for you was that you're using another JCE provider than JCAPI.

Anyway, I've implemented support for your 3DES + CBC alias. Now you can use any of the following aliases to create a your 3DES + CBC + PKCS#5 padding in one shot:
DESedewithCBC
TripleDESwithCBC
3DESwithCBC
1.2.840.113549.3.7

I've attached a release candidate of JCAPI below. Please try it out and check if it solves your problem.

Have a good day.

Regards,
Tommy

JCAPI version 2.1.1 has been released today.

This is a minor update containing:

Bugfix: JCAPI crashed the JVM inside Internet Explorer 8 on some x86 platforms when used in an applet.

For a complete list of enhancements and bug fixes made, please read the version history.

Our customers can download the commercial (unrestricted) version from the customers download page. Others are welcome to download the evaluation version from our public download page.

Hi Igor,

The bug has now been fixed and a new version of JCAPI containing this fix has been released. The new version of JCAPI is 2.1.1 and you can download it from our public download page.

Regards,
Tommy

Hi Igor,

Good news. We've been able to reproduce your crash in a deterministic way through a very small test program. We've also sent this test package to the manufacturer in order for them to find a solution to the problem.

Hopefully, they'll have some fix ready during the coming weeks.
I'll let you know when we have more info available about this.

Regards,
Tommy

Hi Igor,

I've tried to reproduce your crash on the following x86 configurations, but failed:
Windows Vista (Service Pack 2)
IE 8 (8.0.6001.19019)
Java 1.6.0_23

Windows XP (Service Pack 3)
IE 8 (8.0.6001.18702)
Java 1.5.0_22

Windows Server 2003 R2 (Service Pack 2)
IE 8 (8.0.6001.18702)
Java 1.5.0_22

Can you please provide us with more details regarding your configuration? We really need to replicate your problem if we're going to get it fixed.

Thanks.

Regards,
Tommy

Hi Igor,

I've sent you (via email) a new build of our JCAPI JAR file. It contains a non-obfuscated 32-bit DLL which should solve your problem.
Can you please test that one and get back to us with your comments?

Thanks.

Regards,
Tommy

Hi Igor,

Hmm, that sounds like yet another problem with the third party obfuscation tool used by JCAPI. I'll look into this.
Thank you for notifying us about this issue.

Regards,
Tommy