Installing security providers

You can install security providers statically, by editing the java.security file, or dynamically in your Java™ application code.

Installing a provider statically

The java.security file is a flat text file that is used to configure various security settings that are used by the Java VM. Among other things, the java.security file contains the list of installed providers and specifies a preference order for them. If you do not explicitly specify a provider in your Java code (that is, on a Java API call that supports such a parameter), then the SDK uses the preference order in the java.security file to search for the first provider that implements the requested service and algorithm. On z/OS®, the java.security file is in the $JAVA_HOME/conf/security directory. The provider list in the java.security file has the following form:

security.provider.1=IBMJCECCA
security.provider.2=OpenJCEPlus

To register a new provider, add an entry to specify the provider subclass name and the preference order for that provider. The entry has the following format:

security.provider.n=providerName

Where:

n: specifies the preference order. 1 is the most preferred provider.
providerName: specifies the name of the subclass that is implementing the Provider class.

Then change the preference order of the existing entries. For example, to add the IBMJCECCA provider to the provider list shown previously, update the file follows:

security.provider.1=SunJSSE
security.provider.2=IBMJCECCA
security.provider.3=OpenJCEPlus

Providers that you register by using the java.security file are instantiated when the Java VM is initialized. The provider settings apply to any VM that is created by using that Java installation configuration.

Notes for specific providers:

IBMJCECCA: The software JCE provider supports more algorithms than the IBMJCECCA provider, and so is used for Java cryptographic services by default. To ensure that the IBMJCECCA provider is used instead (and so get the benefits of hardware cryptography), either move it higher in the list than any software JCE provider or specify it in your application code (for example, when you call the getInstance() method).

Installing providers dynamically

You can dynamically add or remove a provider or change its preference order from within a Java application, by using the Security.addProvider(), Security.insertProviderAt(), or Security.removeProvider() methods in the java.security.Security class. These methods dynamically alter the installed providers list. The changes apply only to applications that are running in the same VM as the Java application that makes the changes. For more information about the APIs that dynamically alter the security provider list, see the Java API documentation.