Sun Microsystems Inc chose RSA Data Security Inc’s conference in San Francisco this week to announce what it calls the early access release of version 1.2 of Java Cryptography Extension software package. JCE 1.2 is meant for both developers and specialist cryptography vendors to write cryptography into their own Java products. However, it is restricted to use within the US and Canada by the current export laws, which forbid export of encryption technology that employs keys greater than 56-bits in length. JCE is an extension to the standard Java Development Kit (JDK) and is used to create application programming interfaces (APIs). It incorporates standard encryption technology, such as cipher technology, using DES and triple DES (which uses 56-bit keys) and key agreement technology, which uses the Diffie-Hellman key management system. JavaSoft’s security architect Li Gong acknowledges the triple DES engine does not have export approval, but it can plug into any cryptography engine, he claims. Vendors could work for export approval for the software, he suggests. Gong says the use of the early access moniker is intended to blur whether this is an alpha or beta release, but although he says it is of beta quality, the official beta will be released early next quarter, so alpha might be a more honest description. The full roll-out is due around the time of JDK 1.2, which is due at the end of next quarter. Sun, helped on JCE by vendors such as Cylink Corp and RSA and Ireland’s Baltimore Technologies, says it will incorporate JCE 1.2 into its future J/Crypto and J/SSL products.
