I initialized the key pair generator by specifying the modulus p and the generator g in my last post. There are a few other ways.
KeyPairGenerator class says in its preface,
There are two ways to generate a key pair: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object. It explains how SunJCE works in the case of the algorithm-independent manner, as follows.
If the algorithm is the DSA algorithm, and the keysize (modulus size) is 512, 768, or 1024, then the Sun provider uses a set of precomputed values for the p, q, and g parameters. If the modulus size is not one of the above values, the Sun provider creates a new set of parameters.
This is also applied to the Diffie-Hellman algorithm too.
Diffie-Hellman key pair generator provided by Sun’s JCE provider had been rejecting prime number modulus whose size is more than 1024 bits. In JDK 7 and earlier, the size must be a multiple of 64 that ranges from 512 and 1024 inclusive.
There are two approaches to make secure connections to LDAP servers. One is LDAP over SSL/TLS (LDAPS) and the other is StartTLS. I have quickly tried them by using Apache Directory LDAP API (version 1.0.0-M20) and UnboundID LDAP SDK for Java (version 2.3.5). The LDAP server in my environment is OpenLDAP (version 2.4.38) with SSL/TLS enabled by OpenSSL (version 1.0.1e).
What is your most favorite library to use when you want to write something to do with LDAP servers in Java language? LDAP Java library – Stack Overflow lists four choices: JNDI (Java Naming and Directory Interface), Spring LDAP, Apache Directory LDAP API, and UnboundID LDAP SDK. I have got interested in Apache and UnboundID.
This article briefly describes how I have set up OpenLDAP server on my Debian GNU/Linux machine. I hope it could be of any help to somebody interested in this topic.
Posted in LDAP
Tagged Debian, OpenLDAP