I would like to configure the Oracle JDK to use IBM's FIPS-compliant JCE/JSSE security providers. What JAR files do I need and where should they be installed? What should the provider list in the java.security
file look like?
问题:
回答1:
I'm using IBMJCE on sun jdk5 and it works fine. It may be similar to fips, I guess
You need ibmjceprovider.jar, ibmpkcs.jar, ibmjcefips.jar
You can find them in ibm jre
The code like this
static{
//install ibm's provider
java.security.Security.addProvider(new IBMJCE());
}
public byte[] encrypt(byte[] input)throws SecurityException{
KeyGenerator kg = KeyGenerator.getInstance("DES");
//call ibm's provider
SecureRandom sr = SecureRandom.getInstance("IBMSecureRandom", new IBMJCE());
sr.setSeed(str.getBytes());
kg.init(sr);
Key key = kg.generateKey();
Cipher cipher = Cipher.getInstance("DES");
cipher.init(1, key);
byte[] ret = cipher.doFinal(input);
return ret;
}
回答2:
This is an old post but anyway...
IBM JVM is FIPS compliant when configuring it to use IBMJCEFIPS provider.
This is applicable only to IBM Java though.
Not drop the jars in a SUN JDK.
For SUN you should use the NSS project which is also FIPS compliant
回答3:
According this IBM document, FIPS-approved providers are only available with IBM SDK.
Another clue (because I first thought WebSphere on Solaris runs on Oracle JVM): in WebSphere MQ requirements on Solaris a note clearly states that
FIPS compliance is only supported on IBM SDK
In fact, on Solaris platform, the IBM SDK is built on Sun/Oracle JVM but with many changes (ORB and security...).