Installing Providers for JCE
There are two parts to installing a provider: installing the provider package classes, and configuring the provider.
Installing the Provider Classes
The first thing you must do is make the provider classes available so that they can be found when requested. Provider classes are shipped as a JAR file.
There are a couple of possible ways of installing other provider classes:
- Place a JAR file containing the provider classes anywhere on your CLASSPATH.
- Install the provider JAR file as an "installed" or "bundled" optional package (extension).
For more information on "installed" extensions, see Installed Optional Packages.
For more information on "bundled" extensions, see Bundled Optional Packages.
Configuring the Provider
The next step is to add the provider to your list of approved providers. This step is done statically by editing the following security properties file
<install_dir>\jre\lib\security\java.security [Windows]
<install_dir>/jre/security/java.security [UNIX]
Where <install_dir>
refers to the directory where the
runtime environment was installed.
For each provider, this file should have a statement of the following form:
security.provider.n=className
This statement declares a provider, and specifies its preference order n. The preference order is the order in which providers are searched for requested algorithms when no specific provider is requested. The order is 1-based; 1 is the most preferred, followed by 2, and so on.
className must specify the fully qualified name of the provider's class. The provider vendor should supply you this name.
J2SE comes standard with a number
of providers, which are automatically configured as static providers
in the java.security
properties file, as follows:
security.provider.1=com.ibm.jsse.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.crypto.plus.provider.IBMJCEPlus
security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
(The "JCE" provider's class is the IBMJCE
class in the
com.ibm.crypto.provider
package.)
In order to statically add a new provider to your list of providers, you need to edit the
security properties file to contain a line of the format shown previously. For example, suppose that
a provider's class is the CryptoX
class in the
com.cryptox.provider
package, and that you would like to make this provider the
fifth preferred provider. To do so, add the following line to the java.security
file after the line for the "IBMCertPath" provider:
security.provider.5=com.cryptox.provider.CryptoX
Providers
can also be registered dynamically. To do so, a program can call either
the addProvider
or insertProviderAt
method
in the Security
class. This type of registration
is not persistent and can be done only by "trusted" programs. See
the Security class section of the Java™ Cryptography Architecture API
Specification and Reference.
An example of dynamic registration of the "CryptoX" provider is the following:
Provider cx = new com.cryptox.provider.CryptoX();
Security.addProvider(cx);