Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I get Java to use my Security provider?

Tags:

java

security

I wrote a custom security provider for AES/CBC/PKCS5Padding. That works fine.

What settings do I need to add to the Provider in order for Java to recognize it as a valid provider for the above algorithm? I already have

public class FooBarProvider extends Provider {
  public FooBarProvider() {
    super("FooBar", 1.0, "Provider for AES.");
    put("Cipher.AES", "foo.bar.AESCipher");
  }
}

where the latter argument is the actual CipherSpi that does the work. Where do I register the fact that it supports CBC and PKCS5Padding? Currently asking for a relevant Cipher does not return an instance of my class:

Security.insertProviderAt(new FooBarProvider(), 1);
Cipher cip = Cipher.getInstance("AES/CBC/PKCS5Padding");
System.out.println(cip.getProvider()); //prints "SunJCE version 1.7"
like image 476
Christian Mann Avatar asked Apr 08 '12 03:04

Christian Mann


People also ask

What is a Java security provider?

Security providers are the glue that manages the mapping between the engines used by the rest of the security package (such as a message digest), the specific algorithms that are valid for those engines (such as an SHA digest), and the specific implementations of that algorithm/engine pair that might be available to ...

How do I change Java security?

In the Java Control Panel, click on the Security tab. Select the desired Security level. Click Apply. Click OK to save changes made to the Java Control Panel.


1 Answers

Writing the code is the very simplest part of the process. You have already declared that your classes provide a Cipher implementation for AES. This line:

put("Cipher.AES", "foo.bar.AESCipher");

is pretty much all you need to accomplish the task. Also note that your implementation will automatically be called for all combinations of mode and padding, since you have registered your cipher implementation at the algorithm level.

Having said that, writing the code was the easy part. You are creating a cipher, so you will need to sign your JAR before it can be installed and configured as a provider. Because the process is somewhat involved I will not copy it all here, rather I will refer you to the Oracle Guide on How to implement a Provider. It's an excellent source for this task.

If you follow the guide and still have issues, you may need to download and install the JCE Unlimited Strength Policy appropriate to your installed JDK.

like image 112
Perception Avatar answered Sep 22 '22 02:09

Perception