Installing Providers for JCE

There are two parts to installing a provider: installing the provider package classes, and configuring the provider.

Installing the Provider Classes

The first thing you must do is make the provider classes available so that they can be found when requested. Provider classes are shipped as a JAR file.

There are a couple of possible ways of installing other provider classes:

  • Place a JAR file containing the provider classes anywhere on your CLASSPATH.
  • Install the provider JAR file as an "installed" or "bundled" optional package (extension).

For more information on "installed" extensions, see Installed Optional Packages.

For more information on "bundled" extensions, see Bundled Optional Packages.

Configuring the Provider

The next step is to add the provider to your list of approved providers. This step is done statically by editing the following security properties file

<install_dir>\jre\lib\security\java.security [Windows]
<install_dir>/jre/security/java.security [UNIX]

Where <install_dir> refers to the directory where the runtime environment was installed.

For each provider, this file should have a statement of the following form:

 security.provider.n=masterClassName

This statement declares a provider, and specifies its preference order n. The preference order is the order in which providers are searched for requested algorithms when no specific provider is requested. The order is 1-based; 1 is the most preferred, followed by 2, and so on.

masterClassName must specify the fully qualified name of the provider's "master class". The provider vendor should supply you this name.

J2SE comes standard with a number of providers, which are automatically configured as static providers in the java.security properties file, as follows:

 security.provider.1=com.ibm.jsse.IBMJSSEProvider2
 security.provider.2=com.ibm.crypto.provider.IBMJCE
 security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
 security.provider.4=com.ibm.security.cert.IBMCertPath

(The "JCE" provider's master class is the IBMJCE class in the com.ibm.crypto.provider package.)

In order to statically add a new provider to your list of providers, you need to edit the security properties file to contain a line of the format shown previously. For example, suppose that a provider's master class is the CryptoX class in the com.cryptox.provider package, and that you would like to make this provider the fifth preferred provider. To do so, add the following line to the java.security file after the line for the "IBMCertPath" provider:

 security.provider.5=com.cryptox.provider.CryptoX

Providers can also be registered dynamically. To do so, a program can call either the addProvider or insertProviderAt method in the Security class. This type of registration is not persistent and can be done only by "trusted" programs. See the Security class section of the Java™ Cryptography Architecture API Specification and Reference.

An example of dynamic registration of the "CryptoX" provider is the following:

 Provider cx = new com.cryptox.provider.CryptoX();
 Security.addProvider(cx);