How do I get Java to use my Security provider?

2019-03-15 05:13发布

问题:

I wrote a custom security provider for AES/CBC/PKCS5Padding. That works fine.

What settings do I need to add to the Provider in order for Java to recognize it as a valid provider for the above algorithm? I already have

public class FooBarProvider extends Provider {
  public FooBarProvider() {
    super("FooBar", 1.0, "Provider for AES.");
    put("Cipher.AES", "foo.bar.AESCipher");
  }
}

where the latter argument is the actual CipherSpi that does the work. Where do I register the fact that it supports CBC and PKCS5Padding? Currently asking for a relevant Cipher does not return an instance of my class:

Security.insertProviderAt(new FooBarProvider(), 1);
Cipher cip = Cipher.getInstance("AES/CBC/PKCS5Padding");
System.out.println(cip.getProvider()); //prints "SunJCE version 1.7"

回答1:

Writing the code is the very simplest part of the process. You have already declared that your classes provide a Cipher implementation for AES. This line:

put("Cipher.AES", "foo.bar.AESCipher");

is pretty much all you need to accomplish the task. Also note that your implementation will automatically be called for all combinations of mode and padding, since you have registered your cipher implementation at the algorithm level.

Having said that, writing the code was the easy part. You are creating a cipher, so you will need to sign your JAR before it can be installed and configured as a provider. Because the process is somewhat involved I will not copy it all here, rather I will refer you to the Oracle Guide on How to implement a Provider. It's an excellent source for this task.

If you follow the guide and still have issues, you may need to download and install the JCE Unlimited Strength Policy appropriate to your installed JDK.



回答2:

The Java Crypto documentation describes the mechanisms for registering a Provider class:

  • http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#Provider

The short version is:

  1. Put the provider JAR on the classpath or in the Java installation's extensions directory.
  2. Register the provider:
    • edit the java.security config file (in the Java installation), or
    • at runtime, call Security.addProvider or Security.insertProviderAt.


标签: java security