Configure Oracle JDK to use IBM JCE/JSSE providers for FIPS compliance

Question

I would like to configure the Oracle JDK to use IBM's FIPS-compliant JCE/JSSE security providers. What JAR files do I need and where should they be installed? What should the provider list in the java.security file look like?

Answer 1

I'm using IBMJCE on sun jdk5 and it works fine. It may be similar to fips, I guess

You need ibmjceprovider.jar, ibmpkcs.jar, ibmjcefips.jar

You can find them in ibm jre

The code like this

static{
    //install ibm's provider
    java.security.Security.addProvider(new IBMJCE());
}

public byte[] encrypt(byte[] input)throws SecurityException{
    KeyGenerator kg = KeyGenerator.getInstance("DES");
    //call ibm's provider
    SecureRandom sr = SecureRandom.getInstance("IBMSecureRandom", new IBMJCE());
    sr.setSeed(str.getBytes());
    kg.init(sr);
    Key key = kg.generateKey();
    Cipher cipher = Cipher.getInstance("DES");
    cipher.init(1, key);
    byte[] ret = cipher.doFinal(input);
    return ret;
}

Answer 2

This is an old post but anyway...
IBM JVM is FIPS compliant when configuring it to use IBMJCEFIPS provider.
This is applicable only to IBM Java though.
Not drop the jars in a SUN JDK.
For SUN you should use the NSS project which is also FIPS compliant