Re: [Cryptix-users] Impending certificate expiration

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> I am using cryptix-jce and cryptix-openpgp in an application. The
> certificate that signed the cryptix-jce-provider jar expires on 28  
> Aug 2009.
>
> We will all either need:
>
> 1 - A new build, signed with a newer key.

The Cryptix Foundation ltd is the owner of the certificate, but that  
organisation was dissolved a few years ago. While the private key is  
still (somewhere) in my possession, the foundation cannot get that  
certificate renewed anymore.

So unless there is some other way for me to obtain a new certificate,  
there will be no new build.

> 2 - A new JCE implementation that doesn't require signed jars.
> 3 - A new package to use.

Switching to Bouncycastle may be an option, but as the API is  
different that requires some work.

Alternatively you or your organization could try to get your own code  
signing key and use it to create your own 'custom' version of the  
Cryptix JCE. Instructions are on the following page:

http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/HowToImplAProvider.html#Step61

I'm very interested in the results.

Edwin