Problem Statement (Java Security):
- What is default provider used by cryptographic cipher.
- How to use providers apart from default providers for encryption & decryption.
How to check providers enabled in Java Runtime?
- Navigate to “<Java Installation>/jre/lib/security/” (Linux) or “<Java Installation>\jre\lib\security\” (Windows).
- Open java.security file and we can have a look at registered providers.
- In our Java runtime, there are following providers:
#
# List of providers and their preference orders:
#
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=sun.security.mscapi.SunMSCAPI
security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
Provider execution order in Java Runtime:
- java.security configuration file defines execution priority of registered providers. For instance, SunJCE provider has higher precedence than BouncyCastleProvider (as shown above).
- Consequently, when we create (get) the instance of Cipher class using “getInstance(String transformation)” method, without specifying any provider then Java Runtime would take care of using the appropriate (default) provider depending upon precedence order.
For example:
If we do not specify the provider then appropriate default provider
would be used to create the instance of Cipher class.
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
- However, if we create the instance of Cipher by specifying the registered provider then Java Runtime would use the supplied provider.
For example:
If we specify Bouncy Castle (BC) provider then Java Runtime would use
BC to create Cipher instance.
Cipher cipher = Cipher.getInstance("AES","BC");
Factory methods to create instance of Cipher class:
| Method Name |
Description |
|---|
| Cipher getInstance(String transformation) |
Returns a Cipher object that implements the specified transformation. |
| Cipher getInstance(String transformation, String provider) |
Returns a Cipher object that implements the specified transformation. |
| Cipher getInstance(String transformation, Provider provider) |
Returns a Cipher object that implements the specified transformation. |
Program: Create Cipher instance using default & supplied provider
package org.learn;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
public class ProviderOrderExecution {
public static void main(String[] args) throws NoSuchPaddingException,
NoSuchAlgorithmException, NoSuchProviderException {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
String algorithm = cipher.getAlgorithm();
Provider provider = cipher.getProvider();
int blockSize = cipher.getBlockSize();
System.out.println("Output using default Provider:");
System.out.println("Algorithm :"+algorithm);
System.out.println("Provider Name:"+provider.getName());
System.out.println("Block Size :"+blockSize);
System.out.println("\nOutput using Bouncy Castle (BC) Provider:");
cipher = Cipher.getInstance("AES","BC");
algorithm = cipher.getAlgorithm();
provider = cipher.getProvider();
blockSize = cipher.getBlockSize();
System.out.println("Algorithm :"+algorithm);
System.out.println("Provider Name:"+provider.getName());
System.out.println("Block Size :"+blockSize);
}
}
Output: List of JCA/JCE providers in Java Runtime
Output using default Provider:
Algorithm :AES/CBC/PKCS5Padding
Provider Name:SunJCE
Block Size :16
Output using Bouncy Castle (BC) Provider:
Algorithm :AES
Provider Name:BC
Block Size :16
