Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / June 2005

Tip: Looking for answers? Try searching our database.

KeyGenerator or Jar Signing issue

Thread view: 
Enable EMail AlertsStart New Thread
mattvenn - 08 Jun 2005 14:50 GMT
I have a function add a JCE provider for an AES algorithm, but the JCE
fails every time I attempt to launch it.

Provider jceProvider = new com.x.jce.provider.JCEProvider;
Security.addProvider (jceProvider);
Provider [] currentProviders = Security.getProviders();
// ... code to print the array removed
SecureRandom rand = SecureRandom.getInstance("SHA1PRNG",
"JceProvider");
//psuedo random number generator
KeyGenerator aesKeyGen = KeyGenerator.getInstance("AES","JceProvider");

The SecureRandom getInstance function works fine, but the KeyGenerator
getInstance function fails with the following error:

[java] java.security.NoSuchProviderException: JCE cannot authenticate
the provider JceProvider
[java] at javax.crypto.SunJCE_b.a(DashoA6275)
[java] at javax.crypto.SunJCE_b.a(DashoA6275)
[java] at javax.crypto.KeyGenerator.getInstance(DashoA6275)
[java] at com.x.jce.AES.go(Unknown Source)
[java] at com.x.jce.AES.main(Unknown Source)
[java] Caused by: java.util.jar.JarException: file:/jceProvider.jar is
not signed by a trusted signer.
[java] at javax.crypto.SunJCE_d.b(DashoA6275)
[java] at javax.crypto.SunJCE_d.a(DashoA6275)
[java] at javax.crypto.SunJCE_d.a(DashoA6275)
[java] at javax.crypto.SunJCE_b.b(DashoA6275)
[java] ... 5 more

Any ideas why the KeyGenerator would fail but the SecureRandom (which
looks for the same exact provider) fails? I've attempted to sign the
jars with self-signed certificates. Verifying the signatures always
returns true. I am completely stumped.

Thanks in advance for any help.
-Matt
Reply to this Message
dala - 15 Jun 2005 10:35 GMT
Hi,

You must sign your JCE provider JAR file using a code signing
certificate issued by Sun Microsystems, see step 5a in
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/HowToImplAJCEProvider.html

You cannot use a self-signed certificate when you implement (extends)
the abstract SPI classes that resides in the javax.crypto.* package.
For example you'll get same error when extending the class
javax.crypto.CipherSpi.

Regards,
Tommy Grandefors

> I have a function add a JCE provider for an AES algorithm, but the JCE
> fails every time I attempt to launch it.
[quoted text clipped - 33 lines]
> Thanks in advance for any help.
> -Matt
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.