I've been looking for the javax.crypto JDK source code and I could not find it. Either this is due to my abject searching inability or there must be a reason why the code is not available (the JDK is supposed to be open source, right?) . My guess is that the current jdk javax.crypto has a NSA-mandated backdoor, making open-source release awkward.
My questions are the following:
- Where is the jdk javax.crypto source code?
- If, as I believe, the jdk javax.crypto source code is not available, how can I check whether my fears that it contains a backdoor are justfied or not?
The sources are available over Mercurial. For example, the sources for jdk8-b132's javax.crypto are here.
Notice that if you are suspecting a backdoor, you have no (easy) way to verify that those sources are actually the sources of the binaries you are using. You should build the JDK yourself to be sure…
来源:https://stackoverflow.com/questions/18181023/javax-crypto-jdk-source-code-again