The cryptographic engines in Java that provide for digital signatures, message digests, and the like are provided as a set of abstract classes in the Java security package. Concrete implementations of these classes are provided by Sun in the SDK, and you have the option of obtaining third-party implementations of these engines. All of this is made possible through the security provider infrastructure. The provider infrastructure allows concrete implementations of various classes in the security package to be found at runtime, without any changes to the code. This provides a consistent API that can be used by all programs, regardless of who provides the actual implementation.

Java 2, version 1.3 comes with two security providers: one performs operations that implement DSA-based algorithms (plus some other default operations) and one performs operations that implement RSA-based algorithms. Sun supplies two additional security providers: one with JCE and one with JSSE. We’ll discuss how to install those additional providers in this chapter and then look at the Java classes that comprise the security provider architecture.

In terms of actual programming, the classes we’re going to examine in this chapter are rarely used -- hence, we will not delve much into programming. To meet the needs of most developers, end users, and administrators, this chapter focuses on the architecture of the security provider since that gives us the ability to substitute new ...