KeyGenerator or Jar Signing issue
mattvenn
fails every time I attempt to launch it.
Provider jceProvider = new com.x.jce.provider.JCEProvider;
Security.addProvider (jceProvider);
Provider [] currentProviders = Security.getProviders();
// ... code to print the array removed
SecureRandom rand = SecureRandom.getInstance("SHA1PRNG",
"JceProvider");
//psuedo random number generator
KeyGenerator aesKeyGen = KeyGenerator.getInstance("AES","JceProvider");
The SecureRandom getInstance function works fine, but the KeyGenerator
getInstance function fails with the following error:
[java] java.security.NoSuchProviderException: JCE cannot authenticate
the provider JceProvider
[java] at javax.crypto.SunJCE_b.a(DashoA6275)
[java] at javax.crypto.SunJCE_b.a(DashoA6275)
[java] at javax.crypto.KeyGenerator.getInstance(DashoA6275)
[java] at com.x.jce.AES.go(Unknown Source)
[java] at com.x.jce.AES.main(Unknown Source)
[java] Caused by: java.util.jar.JarException: file:/jceProvider.jar is
not signed by a trusted signer.
[java] at javax.crypto.SunJCE_d.b(DashoA6275)
[java] at javax.crypto.SunJCE_d.a(DashoA6275)
[java] at javax.crypto.SunJCE_d.a(DashoA6275)
[java] at javax.crypto.SunJCE_b.b(DashoA6275)
[java] ... 5 more
Any ideas why the KeyGenerator would fail but the SecureRandom (which
looks for the same exact provider) fails? I've attempted to sign the
jars with self-signed certificates. Verifying the signatures always
returns true. I am completely stumped.
Thanks in advance for any help.
-Matt
dala
You must sign your JCE provider JAR file using a code signing
certificate issued by Sun Microsystems, see step 5a in
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/HowToImplAJCEProvider.html
You cannot use a self-signed certificate when you implement (extends)
the abstract SPI classes that resides in the javax.crypto.* package.
For example you'll get same error when extending the class
javax.crypto.CipherSpi.
Regards,
Tommy Grandefors