Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

java.security vs javax.security

I'm a little confused with how Java (6+) distributes its security framework. On one hand, you have the following packages (and their respective subpackages & types):

  • java.security.*
  • javax.security.*

And on the other hand you have java.lang.SecurityManager, and possibly other security-related types sprinkled in other non-security packages (like java.lang).

So, several questions:

  1. What is the difference between java.security and javax.security? When to use types in each?
  2. Besides java.lang, are there any other packages where security-centric types appear, and if so, what are they?
  3. Where do JCE and JCA fit in here? What packages do they comprise, or are they totally separate and in their own JARs?
like image 630
IAmYourFaja Avatar asked Nov 26 '13 15:11

IAmYourFaja


1 Answers

The split has mainly historical reasons. Once upon a time there were export restrictions on cryptographic software in the US.

As a rule of thumb: Stuff related to signatures is found in java.security, the rest (ciphers, ...) in javax.security.

The JRE nowadays comes with the standard security provider bundled in, so JCE is part of the platform.

like image 93
Henry Avatar answered Oct 12 '22 01:10

Henry