Home » Bugs, Cryptography, Debian, Featured, Java, Security, Shell

java.lang.SecurityException: JCE cannot authenticate the provider BC

10 August 2009 2 Comments

Trying to integrate BouncyCastle Cryptography provider in Java can be a nightmare. I read a lot of forums messages about “JCE cannot authenticate the provider BC” and I didn’t find any clear response. After several hours of tweaking and digging I found the main reason of the problem. If you want to use BouncyCastle as Security provider then install it directly on your Java Virtual Machine and remove any library of bc from your application.

How to install correctly Bouncy Castle on your JVM:

First for Ubuntu/Debian users you should look what JVM you run. To achieve that just run

[rb@randombugs]$ update-java-alternatives -l
java-6-sun 63 /usr/lib/jvm/java-6-sun

To change that or more, just read this article about “Change the default Java Runtime on Ubuntu or Debian“.

Now the steps what you should follow to get your Bouncy Castle running correctly:

1. Find java.security in /path_to_your_jvm/jre/lib/security
2. Add security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider
Your file should look like

security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider

If you don’t have all those security providers then change security.provider.9 with your next number from security.provider, don’t use 9.
3. add the bcprov-jdk16-143.jar, bcmail-jdk16.143 and any other BC library to /path_to_your_jvm/jre/lib/ext
4. Remove any other BC library from your class path.

To test if BouncyCastle is successfully installed then just get the next program, compile and run it.

SimpleTest.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

 
import java.security.Security;
 
public class SimpleTest
{
    public static void main (String[] args)
    {
        String Name= "BC";
        if (Security.getProvider(Name) == null)
        {
            System.out.println("not installed");
        }
        else
        {
            System.out.println("installed");
        }
    }
}

To compile it just run

[rb@randombugs]$ javac SimpleTest.java

To create the jar archive

[rb@randombugs]$ jar -cf check.jar SimpleTest.class

Now open the Manifest from the check.jar and add at the end of it:

Main-Class: SimpleTest

Save manifest and run:

[rb@randombugs]$java -jar check.jar

Good luck !


2 Comments »

  • Joshua Hansen said:

    This is exactly what I needed! Thanks!

    # 8 December 2009 at 5:25 am
  • Christoph Schmidt said:

    Thank you very much – this post helped alot!

    I had this problem when invoking BC during an ant run (it worked fine when starting the target through a main() method in the java class).
    However, it isn’t really necessary to add the provider to the java.security properties file (found this out because I had a typo in the key and it worked anyways).

    Thanks again!

    # 5 February 2010 at 12:08 pm

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.