Find JSRs
Submit this Search

Ad Banner

JSRs: Java Specification Requests
JSR 27: JavaTM Cryptography Extension 1.3

This JSR has been Withdrawn
Reason: Withdrawn before work began because the proposal describes a cryptographic system and/or a cryptographic framework whose implementation would be subject to U.S. Export Licensing requirements.

Original Java Specification Request (JSR)

Identification   |   Request  |   Contributions

Section 1: Identification

Submitted by:

Sharon Liu and Jan Luehe
Java Software, Sun Microsystems, Inc.

Phone: +1 408 343 1910

This JSR is endorsed by the following Java Community Process Participants:

  • Sun Microsystems
  • IBM

Section 2: Request

This JSR is to enhance Java Cryptography Extension 1.2 and make it exportable.

2.1 What is Java Cryptography Extension  1.2?

The Java Cryptography Extension (JCE) 1.2 is an officially released Standard Extension to the Java 2 Platform. JCE 1.2 provides a framework and implementation for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. JCE 1.2 supplements the Java 2 platform, which already includes interfaces and implementations of message digests and digital signatures.

2.2 Target Java Platform

Java 2 SDK, Standard Edition, v 1.2 and above.

2.3 Needs of Java Community This Specification Addresses

JCE 1.2 was officially released on March 15, 1999 after a long beta testing period. JCE 1.2 has been welcomed by the Java Community. Several companies have developed compatible service providers and clean room implementations; lots have used JCE in their products; and even more are considering using JCE.

But JCE 1.2 cannot be exported outside the U.S. or Canada. This has limited its usability and deployment. Making JCE exportable is very important to keep and attract JCE users, and ensure ubiquity.

Compared to more mature cryptography frameworks (such as CDSA), JCE lacks key wrapping and some key management functionality such as key usage control. Without key wrapping, exporting and importing keys is difficult. JCE 1.3 will support key wrapping  and key usage control.

JCE 1.2 has defined several types of cryptography services. But new types of cryptography services may emerge in the future. The JCE framework should be extensible so new types of cryptography services can be seamlessly integrated in. JCE 1.3 will add new APIs to make JCE extensible.

JCE 1.3 will also add APIs and SPIs to support exemption mechanism services. It will be possible for products to use exemption mechanisms to get stronger cryptography.

2.4 The APIs being defined

JCE 1.3 supports all of the APIs in JCE 1.2. In addition, JCE 1.3 will add APIs for the following:
  • Key wrapping
  • Key usage control
  • Framework extensibility
  • Exemption mechanism services

2.5 Underlying technologies

Java entension framework and J2SE code signing.

2.6 Proposed package names

No new packages will be added to JCE 1.2.

2.7 Possible platform dependencies


2.8 Security implications


2.9 Internationalization implications


2.10 Localization implications


2.11 Risk assessment

Backwards compatibility with JCE 1.2 will be maintained at the application level, i.e., applications written to JCE 1.2 will continue to work with JCE 1.3. However, JCE 1.2 compliant CSPs will need to be digitally signed in order to work with JCE 1.3.

2.12 Existing specifications rendered obsolete or deprecated


2.13 Existing specifications needing revision

Java Cryptography Extension.

Section 3: Contributions

Documents describing JCE 1.2 can be found at