For various reasons, we should switch away from the JCE to the BouncyCastle API.
All symmetric encryption is now switched to the JCE. The following operations still use the JCE:
- Deriving a key from a password (used in the key-store to en/decrypt the master-key).
- Asymmetric encryption (used for sending keys from the client/key-server to the app-server).
...ups, I meant "switched from the JCE to the BouncyCastle API".
Since yesterday, asymmetric encryption is based on our own / BouncyCastle API.