javassl-certificatejsse

What is SunX509 used for and can it work with parties using IbmX509?


When I manually create a KeyManager, one of the steps is this:

KeyManagerFactory.getInstance("SunX509")

This does not work on IBM jre where I need to specify "IbmX509".
My questions:

  1. I read that this is called the "certificate encoding algorithm". What does that mean? When is it used?
  2. What happens when the client is using the IBM algorithm and the server is using the Sun algorithm?

Thanks,
Doron


Solution

  • I read that this is called the "certificate encoding algorithm".

    No it isn't. It is a key manager algorithm that defines both a provider and a content type, in this case "Sun" or "IBM" and X.509.

    Anyway the best solution is not to use either. Just use

    KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    

    The KeyManager and KeyManagerFactory just deal with the local keystore/truststore. The peer doesn't care about that, only about the certificates that are in them, and that only indirectly.