RE: Can i5 encryption APIs be used so that they are compatible withencryption does with Java Security (JCE) classes -- particularly strongAES

This is what I do too. This is also portable across our multiple systems.
Very clean.

Kristen

-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx [mailto:java400-l-bounces@xxxxxxxxxxxx]
On Behalf Of David Gibbs
Sent: Friday, February 13, 2009 8:58 AM
To: Java Programming on and around the iSeries / AS400
Subject: Re: Can i5 encryption APIs be used so that they are compatible
withencryption does with Java Security (JCE) classes -- particularly
strongAES

Blalock, Bill wrote:

Does anyone know if i5 encryption APIs be used so that they are
compatible with encryption does with Java Security (JCE) classes? I am
especially interested in AES for PCI reasons.

I'm not 100% sure on this ... BUT ... I can say that (at least in my
experience) certificates generated with java are *NOT* compatible with the
DCM. I don't know why.

I was trying to setup SSL communication between a java server (running on i)
and another java server using SSL ... when I tried to use the native
encryption functionality I could not get the certificates to work with each
other.

What I had to do is bypass the native encryption functionality and tell java
to use a different ssl key & trust factory, as well as socket & server
socket factories. I updated the java.security file and pointed the JVM to
use that file. I set the 'javax.net.ssl.trustStore' and
'os400.security.properties' properties to point to my own trust store and
security properties file.

david