Home » Bugs, Cryptography, Debian, Featured, Java, Security, Shell

java.lang.SecurityException: JCE cannot authenticate the provider BC

10 August 2009 8 Comments

Trying to integrate BouncyCastle Cryptography provider in Java can be a nightmare. I read a lot of forums messages about “JCE cannot authenticate the provider BC” and I didn’t find any clear response. After several hours of tweaking and digging I found the main reason of the problem. If you want to use BouncyCastle as Security provider then install it directly on your Java Virtual Machine and remove any library of bc from your application.

How to install correctly Bouncy Castle on your JVM:

First for Ubuntu/Debian users you should look what JVM you run. To achieve that just run

[rb@randombugs]$ update-java-alternatives -l
java-6-sun 63 /usr/lib/jvm/java-6-sun

To change that or more, just read this article about “Change the default Java Runtime on Ubuntu or Debian“.

Now the steps what you should follow to get your Bouncy Castle running correctly:

1. Find java.security in /path_to_your_jvm/jre/lib/security
2. Add security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider
Your file should look like

security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider

If you don’t have all those security providers then change security.provider.9 with your next number from security.provider, don’t use 9.
3. add the bcprov-jdk16-143.jar, bcmail-jdk16.143 and any other BC library to /path_to_your_jvm/jre/lib/ext
4. Remove any other BC library from your class path.

To test if BouncyCastle is successfully installed then just get the next program, compile and run it.

SimpleTest.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

 
import java.security.Security;
 
public class SimpleTest
{
    public static void main (String[] args)
    {
        String Name= "BC";
        if (Security.getProvider(Name) == null)
        {
            System.out.println("not installed");
        }
        else
        {
            System.out.println("installed");
        }
    }
}

To compile it just run

[rb@randombugs]$ javac SimpleTest.java

To create the jar archive

[rb@randombugs]$ jar -cf check.jar SimpleTest.class

Now open the Manifest from the check.jar and add at the end of it:

Main-Class: SimpleTest

Save manifest and run:

[rb@randombugs]$java -jar check.jar

Good luck !


8 Comments »

  • Joshua Hansen said:

    This is exactly what I needed! Thanks!

    # 8 December 2009 at 5:25 am
  • Christoph Schmidt said:

    Thank you very much – this post helped alot!

    I had this problem when invoking BC during an ant run (it worked fine when starting the target through a main() method in the java class).
    However, it isn’t really necessary to add the provider to the java.security properties file (found this out because I had a typo in the key and it worked anyways).

    Thanks again!

    # 5 February 2010 at 12:08 pm
  • Artur Friesen said:

    Thank yout for post! It helped me!

    # 16 July 2010 at 5:40 pm
  • Keith said:

    Hey great post! Thanks for putting this up. One thing that might make it a little simpler would be to skip the jaring.

    first
    $ javac SimpleTest.java

    then
    $ java SimpleTest.class

    # 17 December 2010 at 1:19 am
  • admin (author) said:

    Yes … is much much simple …

    # 26 December 2010 at 1:45 pm
  • Albert Ciffone said:

    Hi,

    It’s not necessary that you installs the provider on the JVM. If you put the BC provider before the SunJCE provider in the list, the BC works fine. You can do this programatically doing:

    Security.insertProviderAt(new BouncyCastleProvider(),1);

    1 specifies the priority for this provider.

    Regards,

    # 25 November 2011 at 9:24 am
  • admin (author) said:

    Yes is true. But I didn’t know about that at that moment or the feature was not available :)

    Regards

    # 29 November 2011 at 9:38 am
  • JBoss and BouncyCastleProvider – SecurityException : “cannot authenticate the provider” « bits.of.info said:

    [...] Are you having problems trying to use the BouncyCastleProvider from your app on Jboss 5.x + (i.e. like the errors listed below)? If so and you don’t want to spend hours trying to workaround this issue in Jboss, just follow this guy’s instructions and get back to business: http://www.randombugs.com/java/javalangsecurityexception-jce-authenticate-provider-bc.html [...]

    # 11 July 2012 at 9:23 pm

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.