Java 2 version 1.3 can be obtained for Solaris, Linux, and Windows systems from http:java.sun.comj2se1.3. If you need Java for other platforms, check with your platform vendor or check http:java.sun.comcgi−binjava−ports.cgi. The Java 2 platform contains two flavors: the Software Development Kit SDK, also known historically as the JDK and the Java Runtime Environment JRE. Administration of the security model applies to both the JRE and SDK, but to use the security APIs that we discuss, youll need the SDK which includes the JRE. Throughout this book, well use the environment variable JDKHOME to refer to the directory in which the Java 2 SDK was installed and the JREHOME variable to refer to the directory in which the Java 2 JRE was installed. If you installed the SDK into C:\files\jdk1.3 then JDKHOME would be C:\files\jdk1.3 and JREHOME would be C:\files\jdk1.3\jre. Installed or Bundled Extensions? When you work with the extensions that we use in this book, you have the option of treating them as installed or bundled extensions. Installed extensions are much easier to work with: they require no special configuration once they are installed. However, they must be installed into special directories within JREHOME, and they may require files in JREHOME to be modified. Depending on your setup, this may require special operating system privileges. A bundled extension requires no special installation privileges, but it does require you to set up things within your environment: you must modify your classpath, and you must set up special policy files. In addition, some of this configuration must be done programatically, so this option will not work for third−party applications. We assume in our examples that youve set up the extensions as installed extensions.

1.2.2 The Java Cryptography Extension

JCE leverages the Java 2 core platforms security architecture to provide a variety of cryptographic operations: Encryption Ciphers • Secure Key Exchange • Secure Message Digests • An alternate key management system • JCE can be downloaded from http:java.sun.comproductsjce. Version 1.2.1 is an important version because it takes advantage of a change in the policy of the United States regarding export controls of cryptographic engines. Prior to early 2000, the United States government considered cryptographic engines to be a munition and severely restricted the export of such technology. After this policy was changed in early 2000, JCE 1.2.1 was modified to meet the new standards. As a result, although it performs strong encryption, JCE 1.2.1 can be exported from the United States. JCE consists of some documentation and a lib directory that contains four jar files: US_export_policy.jar, jce1_2_1.jar, local_policy.jar, and sunjce_provider.jar. Like most extensions, you can install JCE as a bundled or unbundled extension. To use JCE as an installed extension, you must: Copy the four jar files to JREHOMElibext • Add the following line to JREHOMElibsecurityjava.security: • 10 security.provider.3=com.sun.crypto.provider.SunJCE This line should immediately follow the line that reads: security.provider.2=com.sun.rsajca.Provider To use JCE as an unbundled extension, you must: Add the four jar files to your classpath. • Add some configuration information to HOME.java.policy. The information to be added depends on where you have placed the jar files; if youve put JCE into filesjce1.2.1 then the appropriate lines are: grant codebase file:filesjce1.2.1libUS_export_policy.jar { permission java.security.AllPermission; }; grant codebase file:filesjce1.2.1libjce1_2_1.jar { permission java.security.AllPermission; }; grant codebase file:filesjce1.2.1liblocal_policy.jar { permission java.security.AllPermission; }; grant codebase file:filesjce1.2.1libsunjce_provider.jar { permission java.security.AllPermission; }; You must substitute the appropriate path for filesjce1.2.1. Note that this is a URL; you use forward slashes no matter what your platform. On Microsoft Windows, the beginning of the appropriate URL is file:C:filesjce1.2.1. • In every program that you run, you must insert the following line: Security.addProvidernew com.sun.crypto.provider.SunJCE ; • More details about how this works can be found in later chapters. Chapter 8, discusses the addition to the java.security file and its programmatic alternative, and the .java.policy file is discussed in Chapter 2.

1.2.3 The Java Secure Sockets Extension