JCE cannot authenticate the provider BC

Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC
	at javax.crypto.Cipher.getInstance(Cipher.java:657)
	at javax.crypto.Cipher.getInstance(Cipher.java:596)
	at org.bouncycastle.jcajce.NamedJcaJceHelper.createCipher(Unknown Source)
	at org.bouncycastle.openpgp.operator.jcajce.OperatorHelper.createCipher(Unknown Source)
	at org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder$1.recoverKeyData(Unknown Source)
	... 13 more
Caused by: java.util.jar.JarException: file:/hadoop/yarn/local/usercache/hdfs/appcache/application_1448909148534_0008/filecache/11/job.jar/job.jar has unsigned entries - com/google/common/annotations/Beta.class
	at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:464)
	at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322)
	at javax.crypto.JarVerifier.verify(JarVerifier.java:250)
	at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:160)
	at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:186)
	at javax.crypto.Cipher.getInstance(Cipher.java:653)
	... 17 more

 

http://stackoverflow.com/questions/9534512/bouncycastle-jboss-as7-jce-cannot-authenticate-the-provider-bc

 

 

But if You change server from JBoss to other (for example Glassfish) You have the same problem.
The better solition for me are changes in jdk.
You shoud add Bouncy Castle to security providers on Your java platform in two steps:
1. Copy BC librarys (currently bcpkix-jdk15on-149.jar, bcprov-jdk15on-149.jar) to directory $JAVA_HOME/jre/lib/ext/
2. Register BC provider: edit file $JAVA_HOME/jre/lib/security/java.security and under line

security.provider.1=sun.security.provider.Sun
add Your BC provider

security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
Change numbers of rest providers. The whole block of providers should be similar to:

security.provider.1=sun.security.provider.Sun
 security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
 security.provider.3=sun.security.rsa.SunRsaSign
 security.provider.4=sun.security.ec.SunEC
 security.provider.5=com.sun.net.ssl.internal.ssl.Provider
 security.provider.6=com.sun.crypto.provider.SunJCE
 security.provider.7=sun.security.jgss.SunProvider
 security.provider.8=com.sun.security.sasl.Provider
 security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
 security.provider.10=sun.security.smartcardio.SunPCSC

Sorry, You don’t need change providers. Just add under SunPCSC provider next number of providers such as:

security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider 

BC provider does not have to be the second. Might be the last. – Krzysztof Szewczyk Jul 5 ’13 at 10:08

Thanks. It works for me. – Phat H. VU Jun 10 ’14 at 10:26

5 thoughts on “JCE cannot authenticate the provider BC

  1. Attractive element of content. I just stumbled upon your website
    and in accession capital to say that I acquire in fact enjoyed account your blog posts.
    Any way I will be subscribing to your augment and even I
    achievement you access constantly rapidly.

  2. Hi there, i read your blog from time to time and i own a
    similar one and i was just wondering if you get a lot of spam responses?
    If so how do you prevent it, any plugin or anything you can recommend?

    I get so much lately it’s driving me insane so any assistance is very much
    appreciated.

  3. Hi! This is my first visit to your blog! We are a team of volunteers and starting a new project in a community in the same niche. Your blog provided us valuable information to work on. You have done a marvellous job!

Leave a Reply

Your email address will not be published. Required fields are marked *