2 Replies Latest reply on May 10, 2003 8:27 AM by Alan Moor

    JBoss 3.2 and BouncyCastle

    Alan Moor Newbie

      I have attempted to install BouncyCastle JCE provider using unlimited keylength security policy files from sun. My debugs tell me the provider is installed in the JVM, but when I try to generate a SecretKey, I get:

      java.security.InvalidKeyException: Public key presented not for certificate signature
      at org.bouncycastle.jce.provider.X509CertificateObject.verify(X509CertificateObject.java:644)
      at javax.crypto.SunJCE_b.e(DashoA6275)
      at javax.crypto.SunJCE_v.run(DashoA6275)

      This tells me, I think, that I'm not getting the unlimited keylenth policy files. I have the j2sdk1.4.1_02 jce.jar in the classpath.

      What I am trying to do is use password based encryption (PBE) using the Triple DES 3-key algorithm. I have it working like a champ in Tomcat, just can't get it done in JBoss.

      Any help would be appreciated,
      Alan Moor

        • 1. Re: JBoss 3.2 and BouncyCastle
          Jon Barnett Master

          Not quite sure what you are trying to do but here are some excerpts of our routines from an MBean:

          try
          {
          X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKeyBytes);
          KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
          publicKey = keyFactory.generatePublic(publicKeySpec);
          }
          catch(Exception e)
          {
          log.error("The public key is badly formatted.");
          return false;
          }

          So we're using the Bouncy Castle RSA routines for generating the public key - all through the JCE API. The JBoss security policies are fine (java.policy) - we don't touch them.

          bcprov-jdk14-118.jar lives in JAVA_HOME/jre/lib/ext.

          In JAVA_HOME/jre/lib/security/java.security add the line,
          security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

          And then the routine works. So we're not doing anything too special or different from the JCE guidelines.

          We're just speculating on things here as you'd need to detail further your code for a clear understanding.

          • 2. Re: JBoss 3.2 and BouncyCastle
            Alan Moor Newbie

            Thank you for your response. Let me start by saying that I'm a fairly junior Java programmer (less than a year) and totally inexperiences with JCE, so I'm doing most of my coding by example and fighting my way through stack traces using Google searches and newsgroups. Painful at best.

            I brought the code home last night and set everything up and it runs fine. Not sure what's up with the environment at work, but I'm sure I'll figure it out. Sorry to waste your time.