• 1 reply
  • Latest Post - ‏2011-04-15T06:46:17Z by SystemAdmin
1 Post

Pinned topic Licensing IBM's FIPS 140-2 JCE

‏2011-03-16T08:42:10Z |
I'd like to use IBM's FIPS 140-2 certified implementation of JCE. But I am struggling to find out a couple of things:

1) Is it part of (i.e. licensed as part of) IBM's JDK/JVM?
2) Do I have to use it as part of IBM's JDK/JVM or can I use with, say, OpenJVM or Oracle/Sun's versions of Java? Either from a licensing or from a FIPS 140-2 certification point of view.
3) What's the license for commerical use?

Just for information I'm planning on using it as part of a spring-hibernate-jasypt stack to encrypt specified data items in a database. Running on JBoss 5.5, RHEL 5.6 and MySQL 5.0.

Thanks is advance!

Updated on 2011-04-15T06:46:17Z at 2011-04-15T06:46:17Z by SystemAdmin
  • SystemAdmin
    2262 Posts

    Re: Licensing IBM's FIPS 140-2 JCE

    Yes, it's shipped along with the IBM JDK and the provider is called IBMJCEFIPS. If you look at jre/lib/, you will find all the security provider implementations that are loaded at startup. These are different for each JVM vendor.
    The IBM FIPS provider will only work with IBM JDK, running it with other JDKs is not supported. Oracle have their own FIPS provider, so you can use that if you're restricted to using the Oracle VM.

    Since the FIPS provider is not shipped separately, it would be covered by the same terms as the IBM JDK itself. For the record, you cannot obtain the IBM JDK as a separate download for non IBM platforms (read Windows and Linux on x86/AMD64) due to licensing restrictions with Oracle. (Other vendors are not allowed to offer their VMs on the same platforms that Oracle/Sun support). You can use it if you have it as part of a purchased IBM product (mostly everything under Websphere/Rational/Lotus/Tivoli product brands use the IBM JDK at their core).