Location>code7788 >text

【Problem solving】: JCE cannot authenticate the provider BC

Popularity:986 ℃/2024-11-06 16:49:46

recurrence of problems

History project upgraded JDK (from 1.7 to 8) and reported an error when encrypting/decrypting.: JCE cannot authenticate the provider BC

Cause of the problem

Wikipa looks up the description of JCE as follows:

Java Cryptography Extension (JCE) is an officially released Standard Extension to the Java Platform and part of Java Cryptography Architecture (JCA).
JCE provides a framework and implementation for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms.

That is, JCE is the standard implementation of the cryptographic extensions officially provided by Java , which can be used for encryption , key generation , and the use of MAC algorithms.

BC full name BouncyCastleProvider, full class name, is an extension plug-in for JCE.

You have to register the BC plugin with the JVM to use it, otherwise it will throw theJCE cannot authenticate the provider BCAnomaly information.

cure

All of the following methods can be realized, please choose according to the actual situation.
Note: All of the following methods need to ensure that they can be found in the classpath.

  1. Modify the code to register the singleton BouncyCastleProvider with the JVM. (Note: non-singleton and new BouncyCastleProvider() for every operation will lead to memory leak)
//Single instance BouncyCastleProvider object
private final static BouncyCastleProvider bouncyCastleProvider= new ();
// Add the singleton BouncyCastleProvider object to the JVM before use
(bouncyCastleProvider); //Add the singleton BouncyCastleProvider object to the JVM before use.
// Cryptographic operations, not listed here.

Advantages: The program package carries jar packages starting with bcprov-jdk, no need to modify the JDK, migration environment is not prone to problems.

  1. Adding JVM Parameters-=unlimited

Advantage: JDK and program code do not need to be adjusted.
Cons: May not be secure enough.

  1. Using OpenJDK, unverified JCE.

Advantage: no program changes required
Cons: Have to replace the JDK, may need to resolve issues with OracleJDK differences, such as fonts.

  1. Modify jre/lib/security/ under the JDK and add the line.10=and put the jar packages starting with bcprov-jdk into the jre\lib\ext directory under the JDK.

Pros: no program changes are required and no security risks are introduced.
Cons: Each deployment environment JDK need to be modified once, easy to miss processing.

.10 This 10 is the serial number, if there is already a 10, please treat it as the maximum serial number plus 1.

Expanded Reading

Maven coordinates starting with bcprov-jdk

bcprov-jdk beginning of the package has many versions, basically for the use of different JDK versions, the above briefly expand the content of this piece.
You can use group coordinates in the maven repository.to locate all the kits developed by the company, among others:

  • JDK1.4 Usage:bcprov-jdk14
  • JDK1.5 Usage:bcprov-jdk15
  • JDK1.5 or above use:bcprov-jdk15on
  • JDK1.5~8 Usage:bcprov-jdk15to18
  • For JDK8 and above:bcprov-jdk18on

If an incompatible version is used in the scenarios in this article, it may cause the problem to still occur, please refer to the above correspondences for dependencies.

I'm Hellxz, see you next time!

<Previous Next>