Third party cryptographic service providers

The default algorithims shiped whith J2SE 1.4.x and JCE 1.x is not sufficient to fully implement the XML Encryption recomendation. As a result, a third party cryptographic provider is needed to provide the appropriate cryptographic functionality. A high quality, free, open source implementation that supplies all the desired algorithms is available from The Legion of the Bouncy Castle. For more information see the Cryptographic Service Providers page. If you should decide to use the aforementioned cryptographic provider, you should alter the $JRE_HOME/lib/security/java.security file to have a 'list of providers' that looks as follows:

#

# List of providers and their preference orders (see above):

#

security.provider.1=sun.security.provider.Sun

security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider

security.provider.3=com.sun.net.ssl.internal.ssl.Provider

security.provider.4=com.sun.rsajca.Provider

security.provider.5=com.sun.crypto.provider.SunJCE

security.provider.6=sun.security.jgss.SunProvider

Note the inclusion of the Bouncy Castle provider on line 2. Please consult the appropriate documentation on how to configure the above mentioned configuration file if there are existing providers available that does supply the algorithms as specified by the XML Encryption Syntax and Processing recomendation.

Apache

One of the primary implementation goals of the XML Encryption Library was to minimize dependencies on third party libraries. This has been largely achieved, aside for a dependency on Xerces Java 2, Xalan Java 2 and Jakarta Log4J. The primary Java platform for which this library is intended is J2SE 1.3.x (J2sdk1.3.x). Because of this 'restriction' the library depends on the previously mentioned libraries. The Xerces Java 2 and Xalan Java 2 implementations provide functionality to parse URI's and it is also used to transform a DOM Node into a String. The Log4J implementation provides logging capabilities to the xml encryption library.

Non-curcial dependencies

JUnit are used for testing and Jakarta Ant for building the software. Althoug it is not crucial, it is very useful in the day to day development process.

Summary

The following table outlines the dependencies.

Dependency	Requirement
`org.apache.xml.serialize.OutputFormat, org.apache.xml.serialize.XMLSerializer`	http://xml.apache.org/dist/xerces-j/Xerces-J-bin.2.3.0.tar.gz
`org.apache.xml.utils.URI`	http://xml.apache.org/dist/xalan-j/xalan-j_2_4_1-bin.tar.gz
Cryptographic Service Provider	http://java.sun.com/products/jce/jce122_providers.html
Log4J	http://jakarta.apache.org/log4j/jakarta-log4j-1.2.7.tar.gz
JUnit	http://prdownloads.sourceforge.net/junit/junit3.8.1.zip?download