Description
Complete rework of the existing crypto API to provide an extensible cryptographic API using components to progressively support the large choice of cryptographic algorithms.
This new API is made to be independent of the JCA infrastructure, and does not require the registration of a security provider. It does not suffer of any limitation of key sizes under a security managed configuration, and it should be compatible with any JVM, even those having limited support of the JCA.
This new API does not expose any types of the underlying implementation and allow mixing implementation of different crypto libraries using the ASN.1 encoded representations as a common exchange format. Currently, the implementation is mainly based on the latest Bouncy Castle API, using 2.x technics, including some optimization between BC based components to avoid useless conversions.
It is a work in progress, that should be improved overtime, based on our needs. It aims to completely replace the existing crypto API, that is moving to a legacy package. However, to avoid this legacy API to trigger the registration of the Bouncy Castle security provider, this one has been reworked not to do so. This could cause some incompatibilities with existing installation that were expecting XWiki to register that provider.
Attachments
Issue Links
- blocks
-
XWIKI-9577 Improve Crypto API for full PKI support
-
- Closed
-
-
XWIKI-9599 Support multiple password hashing functions to store/verify user password
-
- Open
-
-
-
- Closed
-