How do you use BC FIPS in Java app?
I’ve been trying recently to use BC FIPS module in my Java app. Turns out – not as simple as you’d think.
The problems I faced were mainly with the keystore format, but other issues came up as well.
1. Download the bc-fips-1.0.0.jar (download latest and greatest from here) file
2. Place it in jre/lib/ext
3. Edit jre/lib/security/java.security file. Edit the following line:
security.provider.4=com.sun.net.ssl.internal.ssl.Provider BCFIPS
4. Edit jre/lib/security/java.security file. Add the following line:
security.provider.11=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
(Make sure you use the right numbering. It should be consecutive)
5. Create your keystore:
keytool -genkey -storetype BCFKS -alias mykey -keyalg RSA -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -storepass test123 -keystore test_fips
Of course, you can change the parameters are you need
6. Add the following line in your code (I prefer that over the java.security changes)
new com.sun.net.ssl.internal.ssl.Provider("BCFIPS");
7. If your code requires specifying the keystore type, use the following constant – BCFKS
You should be OK…
Tona Consulting 