SecurityException with Bouncy Castle

I am using BouncyCastle library to encrypt the data transfer with Kakfa.
While my program run fine from IntelliJ, but when I package a fat JAR and run, it throws following exception:

java.lang.SecurityException: JCE cannot authenticate the provider BC
    at javax.crypto.Cipher.getInstance(Cipher.java:657)
    at javax.crypto.Cipher.getInstance(Cipher.java:596)
    at com.xyz.abc.fusioncell.utils.CryptoService$class.decrypt(CryptoService.scala:63)
    at com.xyz.abc.fusioncell.Boot$.decrypt(Boot.scala:13)
    at com.xyz.abc.fusioncell.conf.Config$$anonfun$userId$1.apply(Config.scala:28)
    at com.xyz.abc.fusioncell.conf.Config$$anonfun$userId$1.apply(Config.scala:28)
    at scala.util.Try$.apply(Try.scala:192)
    at com.xyz.abc.fusioncell.conf.Config$class.userId(Config.scala:28)
    at com.xyz.abc.fusioncell.Boot$.userId$lzycompute(Boot.scala:13)
    at com.xyz.abc.fusioncell.Boot$.userId(Boot.scala:13)
    at com.xyz.abc.fusioncell.Boot$.main(Boot.scala:24)
    at com.xyz.abc.fusioncell.Boot.main(Boot.scala)
Caused by: java.util.jar.JarException: file:/work/data_extractor/src/main/sh/data_extractor.jar has unsigned entries - scala/Array$$anonfun$apply$3.class
    at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:464)
    at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322)
    at javax.crypto.JarVerifier.verify(JarVerifier.java:250)
    at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:160)
    at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:186)
    at javax.crypto.Cipher.getInstance(Cipher.java:653)
    ... 11 more

First part of solution is to register the cryptographic service provider at runtime to ensure the configuration will work for everyone. You can use either of the Security.addProvider() or Security.insertProviderAt() methods:

if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null)
    Security.addProvider(new BouncyCastleProvider)

Next, you need to add BouncyCastle provider to security providers in your java platform in two steps:
1. Copy BouncyCastle library (currently bcprov-jdk16-146.jar) to directory $JAVA_HOME/jre/lib/ext/
2. Register BouncyCastle provider: edit file $JAVA_HOME/jre/lib/security/java.security and add following line in list of providers:

security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
Final list looks like:
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=apple.security.AppleProvider
security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
Recompile and package the fat jar.

Comments