Java News from Tuesday, October 3, 2006

The Legion of the Bouncy Castle has released version 1.34 of the Bouncy Castle Java Cryptography API, an open source, clean-room implementation of the Java Cryptography Extension (JCE). It supports X.509 certificates, PKCS12, S/MIME, CMS, PKCS7, and lots of other juicy acronyms. It also includes its own light-weight crypto API that works in Java 1.0 and later, and does not depend on the JCE. According to Jon Eaves:

This release contains a very, very important security update against RSA. Please make sure you read the details on the website, and upgrade if it affects you.

If you are using RSA with a public exponent of three you must upgrade to this release if you want to avoid recent forgery attacks that have been described against specific implementations of the RSA signature algorithm.

In addition to the above fix, this release also adds use of the SHA2 family to ECDSA for signatures and certificate generation. The range of KDF functions has been increased and an endianess issue with KDF2 has been fixed. Uses of toUpperCase in the library are now locale independent and fixes have also been applied to the OpenPGP and SMIME libraries.

Download it while it's still legal.

Christopher Deckers has released SWTSwing 3.2.0004, "a port of the SWT graphical toolkit to Swing." It's published under the Eclipse Public License. It seems fairly rough right now, but it's an interesting idea. According to Deckers, "This release is an important milestone, because it allows to run most of the Eclipse 3.2 Java SDK." That "most" worries me. It's not uncommon that the first 80% of funcitonality takes 80% of the work, and the next 20% takes the other 80% of the work. :-)