4.5 KiB
wolfCrypt JCE Provider
The wolfCrypt JCE Provider is currently set up to be compiled together into the same JAR file as the normal wolfcrypt-jni classes.
The wolfCrypt JCE Provider is located in the following package:
com.wolfssl.wolfcrypt.jce.provider
Compiling the JCE provider is done using the same instructions as wolfcrypt-jni. Follow direction in the README.md for compiling the package, but make sure to use one of the following "ant" build targets:
build-jce-debug
build-jce-release
This JCE provider has been tested on OSX (Oracle JVM), Linux (OpenJDK), and Android platforms.
Pre-compiled and signed wolfCrypt JNI/JCE JAR's are included with the stable releases of the JCE provider. See below for more details.
Algorithm Support:
The JCE provider currently supports the following algorithms:
MessageDigest Class
MD5
SHA-1
SHA-256
SHA-384
SHA-512
SecureRandom Class
DEFAULT (maps to HashDRBG)
HashDRBG
Cipher Class
AES/CBC/NoPadding
AES/CBC/PKCS5Padding
AES/GCM/NoPadding
DESede/CBC/NoPadding
RSA
RSA/ECB/PKCS1Padding
Mac Class
HmacMD5
HmacSHA1
HmacSHA256
HmacSHA384
HmacSHA512
Signature Class
MD5withRSA
SHA1withRSA
SHA256withRSA
SHA384withRSA
SHA512withRSA
SHA1withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
KeyAgreement Class
DiffieHellman
DH
ECDH
KeyPairGenerator Class
RSA
EC
DH
CertPathValidator Class
PKIX
SecretKeyFactory
PBKDF2WithHmacSHA1
PBKDF2WithHmacSHA224
PBKDF2WithHmacSHA256
PBKDF2WithHmacSHA384
PBKDF2WithHmacSHA512
PBKDF2WithHmacSHA3-224
PBKDF2WithHmacSHA3-256
PBKDF2WithHmacSHA3-384
PBKDF2WithHmacSHA3-512
SecureRandom.getInstanceStrong()
When registered as the highest priority security provider, wolfJCE will provide
SecureRandom with the underlying HashDRBG algorithm.
Java applications can alternatively call the SecureRandom.getInstanceStrong()
API to get a "known strong SecureRandom implementation". To provide this
with wolfJCE, the java.security file needs to be modified by setting the
securerandom.strongAlgorithms property to:
securerandom.strongAlgorithms=HashDRBG:wolfJCE
Note that the securerandom.source property in java.security has no affect
on the wolfJCE provider.
Example / Test Code
JUnit test code can act as a good usage reference, and is located under the
./src/test/java/com/wolfssl/provider/jce/test/ directory for each wolfJCE
engine class.
There are some JCE examples located under the examples/provider directory,
including:
ProviderTest
This is an example that prints out all Security providers that are registered in the system. It then programatically registers wolfJCE as the highest-level provider and prints out the list again.
This example will be built when using the following ant targets:
$ ant build-jce-debug
$ ant build-jce-release
The example can then be run using:
$ ./examples/provider/ProviderTest.sh
JAR Code Signing
The Oracle JDK/JVM requires that JCE providers who implement several of the classes above be signed by a code signing certificate issued by Oracle.
Full details on obtaining a JCE Code Signing Certifciate can be found here:
http://www.oracle.com/technetwork/java/javase/tech/getcodesigningcertificate-361306.html
For instructions on signing the "wolfcrypt-jni.jar" file generated by the ant build system, please see the main README.md included in this package.
Using a Pre-Signed JAR File
wolfSSL (company) has it's own set of code signing certificates from Oracle that allow wolfJCE to be authenticated in the Oracle JDK. With each release of wolfJCE, wolfSSL ships a couple pre-signed versions of the ‘wolfcrypt-jni.jar”, located at:
wolfcrypt-jni-X.X.X/lib/signed/debug/wolfcrypt-jni.jar wolfcrypt-jni-X.X.X/lib/signed/release/wolfcrypt-jni.jar
This pre-signed JAR can be used with the JUnit tests, without having to re-compile the Java source files. To run the JUnit tests against this JAR file:
$ cd wolfcrypt-jni-X.X.X $ cp ./lib/signed/release/wolfcrypt-jni.jar ./lib $ ant test
Support
Please email support@wolfssl.com with any questions or feedback.
The wolfJCE User Manual (PDF), available from the wolfSSL website contains additional details on using the wolfCrypt JCE provider.