How to sign a custom JCE security provider

java security digital-signature jce
3dGrabber picture 3dGrabber · Nov 18, 2009 · Viewed 24.2k times · Source

Sun's PKCS11 JCE security provider is lacking some functionality we need.
So I wrote an enhanced version of it using the original sources.

Unfortunately the JCE infrastructure rejects the new provider
"JCE cannot authenticate the provider"
because it is not properly signed.

javax.crypto.JceSecurity.verifyProviderJar(...) throws.
(it calls javax.crypto.JarVerifier.verify())

Any suggestions how to sign the new provider to make it work with JCE?

Answer

erickson picture erickson · Nov 18, 2009

The process is described in the document, "How to Implement a Provider."

It involves emailing Sun Oracle some information (including the CSR you generated for your signing key), then faxing a confirmation document. Getting your signed certificate back can take a week or more, so plan ahead.

You only need to sign your provider if it provides services that are restricted by some (repressive) governments. For example, a Cipher implementation is a restricted "service," while MessageDigest is an unrestricted service. I assume with the message you're getting, that you are trying to provide a restricted services.

If you provide any of these services, there's no way around it: You need a code-signing certificate issued by Sun. (One from IBM might work too; if I recall correctly, their code-signing CA is supported, but I don't know anything about their issuing process.)

Related questions

Java Access Token PKCS11 Not found Provider

Hello I'm trying to access the keystore from my smartcard in Java. And I'm using the following code.. I'm using the Pkcs11 implementation of OpenSc http://www.opensc-project.org/opensc File windows.cnf = name=dnie library=C:\WINDOWS\system32\opensc-pkcs11.…

Read More
RSA Signing and verifying in java

I'm trying to sign a message in java and it doesn't seem to work. The verifying step gives me false. Can anyone tell me where is my mistake. I can't understand what I'm doing wrong. Thanks String messageString = "text"; try { …

Read More
Java Error: "Your security settings have blocked a local application from running"

I'm trying to run this simple HelloWorld code written in Java from my browser (Chrome): public class HelloWorld extends JApplet { public void init() { try { SwingUtilities.invokeAndWait(new Runnable() { public void run() { JLabel lbl = new JLabel("Hello World"); add(lbl); } }); } catch (…

Read More