Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Configure Oracle JDK to use IBM JCE/JSSE providers for FIPS compliance

Tags:

java

jce

jsse

fips

I would like to configure the Oracle JDK to use IBM's FIPS-compliant JCE/JSSE security providers. What JAR files do I need and where should they be installed? What should the provider list in the java.security file look like?

like image 829
Rob H Avatar asked Feb 24 '23 12:02

Rob H


2 Answers

I'm using IBMJCE on sun jdk5 and it works fine. It may be similar to fips, I guess

You need ibmjceprovider.jar, ibmpkcs.jar, ibmjcefips.jar

You can find them in ibm jre

The code like this

static{
    //install ibm's provider
    java.security.Security.addProvider(new IBMJCE());
}

public byte[] encrypt(byte[] input)throws SecurityException{
    KeyGenerator kg = KeyGenerator.getInstance("DES");
    //call ibm's provider
    SecureRandom sr = SecureRandom.getInstance("IBMSecureRandom", new IBMJCE());
    sr.setSeed(str.getBytes());
    kg.init(sr);
    Key key = kg.generateKey();
    Cipher cipher = Cipher.getInstance("DES");
    cipher.init(1, key);
    byte[] ret = cipher.doFinal(input);
    return ret;
}
like image 182
kyon Avatar answered Apr 06 '23 19:04

kyon


This is an old post but anyway...
IBM JVM is FIPS compliant when configuring it to use IBMJCEFIPS provider.
This is applicable only to IBM Java though.
Not drop the jars in a SUN JDK.
For SUN you should use the NSS project which is also FIPS compliant

like image 22
Cratylus Avatar answered Apr 06 '23 20:04

Cratylus