I'm trying to add BouncyCastle as a security provider on Windows XP Pro so I can use it to add some certs to an Android application per the instructions here. Unfortunately I can't get it to add the provider.
I've:
C:\Program Files\Java\jre6\lib\ext\
.C:\Program Files\Java\jre6\lib\ext\bcprov-jdk16-146.jar
to %CLASSPATH%
.security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider
to java.security (7 being the next int in the order).When I run:
keytool -import -v -trustcacerts -alias 0 -file mycert.crt -keystore mystore.bks -storetype BKS -providerName org.bouncycastle.jce.provider.BouncyCastleProvider -storepass mypassword
I get the following error message:
keytool error: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider
I've also tried adding it dynamically:
import java.security.Provider;
import java.security.Security;
import java.util.Enumeration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class BouncyCastleMain {
public static void main(String[] args) throws Exception {
Security.addProvider(new BouncyCastleProvider()); // add it
try { // list them out
Provider p[] = Security.getProviders();
for (int i = 0; i < p.length; i++) {
System.out.println(p[i]);
for (Enumeration<?> e = p[i].keys(); e.hasMoreElements();)
System.out.println("\t" + e.nextElement());
}
} catch (Exception e) {
System.out.println(e);
}
}
}
At first I got an access error when compiling the java class, but changed it to a warning per the suggestion here. Now when I run the code it shows BouncyCastle in the list of providers but it doesn't stick around after the program is done.
I'm sure it must be doable, but I'm stymied over how to get this guy installed long enough to run keytool using it. Is it possible to run keytool via a java API, or could there be some step I've missed that will make the provider stick around?
Thanks!
Installation of Bouncy Castle for use in TomEE itself is done in two steps: Add the Bouncy Castle provider jar to the $JAVA_HOME/jre/lib/ext directory. Create a Bouncy Castle provider entry in the $JAVA_HOME/jre/lib/security/java. security file.
To get the latest Bouncy Castle release, navigate to http://www.bouncycastle.org/latest_releases.html. Select the latest release, or the release that corresponds to your version of Java. Download the signed JAR file. Stop all the IBM processes and Lawson.
Bouncy Castle is a Java library that complements the default Java Cryptographic Extension (JCE), and it provides more cipher suites and algorithms than the default JCE provided by Sun. In addition to that, Bouncy Castle has lots of utilities for reading arcane formats like PEM and ASN.
The -providerName
option requires a provider name ("BC", in this case), not a class name. An alternative option, -providerClass
, does require a class name, and it is useful when the provider isn't registered in the java.security
file.
When you register a provider "programatically", it is only temporary. Your program must re-register its provider each time it runs. You won't be able to use this approach if your goal is to make BouncyCastle available to keytool
.
Since you've already installed the provider (by putting the archive in lib/ext
and listing it in java.security
), using the -providerName BC
option is probably the easiest solution. Alternatively, you can use the -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider
option.
By the way, you should not use the CLASSPATH
environment variable. Libraries in lib/ext
are on the class path already.
If, after correcting the options, you still get a NoSuchProviderException
(using -providerName
) or ClassNotFoundException
(using -providerClass
), verify that you are using the right copy of keytool
. That is, when executing, specify the full path of keytool
, rather than relying on your PATH
variable. Make sure that the path refers to the JRE into which BouncyCastle was installed. It isn't uncommon for a system to have multiple JREs and JDKs.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With