Re: [JSch-users] AES ciphers on Jsch (was: JSch on Vmware ESX 3.0)
Status: Alpha
Brought to you by:
ymnk
From: <ym...@jc...> - 2007-08-01 06:56:12
|
Hi, +-From: "Oberhuber, Martin" <Mar...@wi...> -- |_Date: Tue, 31 Jul 2007 15:27:49 +0200 _______________________ | |Does this mean that in order to be most compatbile, any Jsch |application that knows it's running on an 1.4 or later JVM |should include code like this: | java.util.Hashtable config=new java.util.Hashtable(); | config.put("cipher.s2c", "aes128-cbc,3des-cbc,blowfish-cbc"); | config.put("cipher.c2s", "aes128-cbc,3des-cbc,blowfish-cbc"); | session.setConfig(config); |this is important for us as our Eclipse based application |is known to run on Java 1.4 or later, and we'd like to be |most compatible. The situation is little bit complicated. Since J2SE 1.4.0, Sun's JREs have included JCE(Java Cryptography Extension) and Sun's JCE provider, but AES has been only available since J2SE 1.4.2. And then..., AES supports three key length; 128-bit, 192-bit and 256-bit keys and SSH2's RFC has defined following three ciphers, aes128-cbc, aes192-cbc, aes256-cbc. Unfortunately, J2SE 1.4.2(and Java5) only supports 128-bit key by the default, due to import control restrictions of some countries. To enable the support for 192-bit and 256-bit key, users must install some programs by themselves[1]. |Can there be any negative side-effect of adding that config? |Would would happen if that code were in an application but |the JVM does not support AES? On such a case, the session will not be established. As a commiter of 'org.eclipse.jsch.core' plug-in included in Eclipse Platform I have been thinking of enabling aes*-cbc ciphers if the AES cipher is available on user's environment. If you file an entry at Eclipse.org's. bugzilla, I'll address it. [1] http://java.sun.com/products/jce/javase.html#UnlimitedDownload Sincerely, -- Atsuhiko Yamanaka JCraft,Inc. 1-14-20 HONCHO AOBA-KU, SENDAI, MIYAGI 980-0014 Japan. Tel +81-22-723-2150 +1-415-578-3454 Fax +81-22-224-8773 Skype callto://jcraft/ |