Introduction to Oracle Security Developer Tools 1-13 Tools for Public Key Cryptography PKI Applications The Oracle PKI package consists of tools for working with digital certificates within an LDAP repository, for developing timestamp services conforming to RFC 3161, for OCSP messaging compliant with RFC 2560, and tools for the certificate management protocol CMP specification. The Oracle PKI package also provides the foundation for Oracle XKMS, which enables you to develop XML transactions for digital signature processing. This graphic shows that Oracle’s XKMS tool is built on Oracle PKI tools, which consist of Oracle LDAP, Oracle TSP, Oracle OCSP, and Oracle CMP. Tools for E-mail Security Applications Oracle CMS provides tools for reading and writing CMS objects, as well as the foundation for the Oracle SMIME tools for e-mail security, including certificate parsing and verification, X.509 certificates, private key encryption, and related features. This graphic shows that Oracle’s SMIME tool is built on Oracle CMS. Tools for Low-level Cryptographic Applications Oracle Crypto provides a broad range of cryptographic algorithms, message digests, and MAC algorithms, as well as the basis for the Oracle Security Engine for X.509 certificates and CRL extensions. This graphic shows that Oracle’s Security Engine tool is built upon Oracle Crypto.

1.6.2 Supported Standards

The Oracle Security Developer Tools support the standards and protocols defined in 1-14 Oracle Fusion Middleware Reference for Oracle Security Developer Tools

1.6.3 Oracle Crypto

The Oracle Crypto toolkit provides the following features: ■ Public key cryptography algorithms such as RSA ■ Digital signature algorithms such as Digital Signature Algorithm DSA and RSA ■ Key exchange algorithms such as Diffie-Hellman ■ Symmetric cryptography algorithms such as Blowfish , AES , DES , 3DES , RC2 , and RC4 ■ Message digest algorithms such as MD2 , MD4 , MD5 , SHA -1, SHA -256, SHA -384, and SHA -512 ■ MAC algorithms such as HMAC -MD5 and HMAC -SHA-1 ■ Methods for building and parsing ASN.1 objects

1.6.4 Oracle Security Engine

The Oracle Security Engine toolkit provides the following features: Table 1–2 Supported Standards FeatureComponent Standard SAML ■ SAML 1.0 ■ SAML 1.1 ■ SAML 2.0 XML Security Transforms The following transforms are supported: ■ canonicalization 1.0 ■ canonicalization 1.1 ■ exclusive canonicalization ■ decrypt transform ■ xpath filter transform ■ xpath filter 2.0 transform ■ enveloped signature transform WS-Security WS-Security 1.1, including: ■ WS-Security Core Specification 1.1 ■ Username Token Profile 1.1 ■ X.509 Token Profile 1.1 ■ SAML Token profile 1.1 ■ Kerberos Token Profile 1.1 ■ SOAP with Attachments SWA Profile 1.1 XKMS SMIME Note: By way of clarification, note that SAML token profile 1.1 applies to SAML 2.0, while SAML token profile 1.0 applies to SAML 1.0 and SAML 1.1. Introduction to Oracle Security Developer Tools 1-15 ■ X.509 Version 3 Certificates, as defined in RFC 3280 ■ Full PKCS12 support ■ PKCS10 support for certificate requests ■ CRL s as defined in RFC 3280 ■ Implementation of Signed Public Key And Challenge SPKAC ■ Support for X.500 Relative Distinguished Name ■ PKCS7 support for wrapping X.509 certificates and CRLs ■ Implementation of standard X.509 certificates and CRL extensions

1.6.5 Oracle CMS

Oracle CMS provides an extensive set of tools for reading and writing CMS objects, and supporting tools for developing secure message envelopes. Oracle CMS implements the IETF Cryptographic Message Syntax specified in RFC-2630. Oracle CMS implements all the RFC-2630 content types.

1.6.6 Oracle SMIME