|
Security Guide
The platform-specific Security Guide linked here is also provided in the download. It contains
an overview of the security components shipped with the IBM 1.4.2 SDK:
For an overview of z/OS security information, see
this web site.
Cross Component documentation:
How to use FIPS approved providers
tells how to use the IBM Java FIPS approved Providers IBMJSSEFIPSProvider and IBMJCEFIPS.
Java
Certification Path (CertPath) Guide
The IBM Java CertPath API Guide linked above is supplemented by the Javadoc
HTML documentation for the CertPath API and Java code samples in
certpathdocs_samples.zip. The Java Certification Path defines
a set of classes and interfaces to create, build, and validate digital certification paths. A digital certificate
is a data structure of the binding between a subject and a public key signed by a Certification Authority (CA).
Java Authentication and Authorization Service (JAAS):
JAAS API Guide
JAAS LoginModule Developer Guide
JAAS allows you to enforce access controls based on the user who runs an application. This function is missing
from standard implementations of Java 2. In addition to the guides linked above, the following
JAAS Javadoc HTML documentation and zip file contains code samples specific to the platform:
Java Cryptography Extension (JCE)
Cryptography Architecture Specification
Cryptography Extension Specification
How to implement a provider for the Java Cryptography Architecture
The IBM Java Cryptography Extension API Guides linked above are supplemented by the Javadoc HTML documentation for
the JCE API and code samples in
jceDocs_samples.zip. The JCE provides a framework and implementations
for encryption, key generation, and key agreement, as well as Message Authentication Code (MAC) algorithms. Support for
encryption includes symmetric, asymmetric, block, and stream ciphers. The software also supports secure streams and
sealed objects. JCE supplements the Java 2 platform, which already includes interfaces and implementations of message
digests and digital signatures.
Certified JCE FIPS Guide
The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) version 1.2 for Multi-platforms is a scalable,
multi-purpose cryptographic module that supports FIPS approved cryptographic operations by means of the Java 2 Application
Programming Interfaces (APIs). The IBM Java JCE FIPS provider is certified at Federal Information Processing Standards (FIPS) 140-2 [Level 1].
The Security Policy, linked above, is supplemented by Javadoc HTML documentation.
Certified JSSE FIPS Guide
The IBM Java Secure Sockets Extension (JSSE) FIPS 140-2 Cryptographic Module (IBMJSSEFIPS) for
Multi-platforms is a scalable, multi-purpose Secure Sockets provider that supports only FIPS approved TLS
cipher suites using the Java 2 Application Programming Interfaces (APIs). The module is designed to meet FIPS
140-2 compliance.
IBM SDK Policy files
IBM's SDKs ship with
strong but limited jurisdiction policy files. Unlimited jurisdiction policy files can be obtained from the link above. The ZIP
file should be unpacked and the two JAR files placed in the JRE's jre/lib/security/ directory.
Java Generic Security Services (JGSS)
JGSS User Guide
JGSS Developer Guide
The IBM Java Generic Security Services Guides linked above are supplemented by the Javadoc HTML documentation for the JGSS
and code samples in
jgssDocs.zip. JGSS is used to exchange messages securely between communicating
applications. The Java GSS-API contains the Java bindings for the Generic Security Services Application Program
Interface (GSS-API) defined in RFC 2853. GSS-API offers application programmers uniform access to security services
built on a variety of underlying security mechanisms, including Kerberos.
Java Secure Socket Extension (JSSE) Guide
The IBM Java Secure Socket Extension Guide linked above is supplemented by the Javadoc HTML documentation for the JSSE
and sample code in
jssedocs_samples.zip. The JSSE is a Java package enabling secure internet
communications. The extension implements a Java version of Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols and includes functions for data encryption, server authentication, message integrity, and client authentication.
IBMJSSE2 Guide
The IBM new Java Secure Socket Extension Guide linked above is supplemented by the Javadoc HTML documentation for
the IBMJSSE2 and sample code in
jsse2docs_samples.zip. The IBMJSSE2 is a Java package enabling
secure internet communications. The extension implements a Java version of Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols and includes function for data encryption, server authentication, message integrity, and client
authentication. The new JSSE provider has improved serviceability
and uses IBM's JCE providers for its cryptography.
From Java 1.4.2 service refresh 13, fixpack 11, IBM JSSE2 includes fixes for two security vulnerabilities;
BEAST and SSLSocketFactory. For more information, see:
Security vulnerability fixes: IBM Java Secure Socket Eextension (IBMJSSE2)
IKeyman
This PDF file is version 7c of the IKeyman user guide. It tells you how to use IKeyman.
IKeyman is a GUI tool for managing Java keystores. It is provided to aid in the management of JSSE keystores.
KeyTool user guide
The KeyTool user guide introduces the key and certificate management utility. The KeyTool utility enables users to
administer their own public/private key pairs and associated certificates for use in self-authentication (where the user
authenticates himself/herself to other users/services) or data integrity and authentication services, using digital
signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers.
|
