How do I get Java to use my Security provider?

Question

I wrote a custom security provider for AES/CBC/PKCS5Padding. That works fine.

What settings do I need to add to the Provider in order for Java to recognize it as a valid provider for the above algorithm? I already have

public class FooBarProvider extends Provider {
  public FooBarProvider() {
    super("FooBar", 1.0, "Provider for AES.");
    put("Cipher.AES", "foo.bar.AESCipher");
  }
}

where the latter argument is the actual CipherSpi that does the work. Where do I register the fact that it supports CBC and PKCS5Padding? Currently asking for a relevant Cipher does not return an instance of my class:

Security.insertProviderAt(new FooBarProvider(), 1);
Cipher cip = Cipher.getInstance("AES/CBC/PKCS5Padding");
System.out.println(cip.getProvider()); //prints "SunJCE version 1.7"

Answer 1

Provider, KeypairGenerator, KeyGenerator, KeyAgreement and related service-spi-s may be integrated by subclassing and without registering the provider. For class Cipher there is no bypass inside the Java-Security framework and the steps from the accepted answer are mandatory. Nothing hinders you to provide public constructors for your cipher class and instantiate it without the framework.

Answer 2

The Java Crypto documentation describes the mechanisms for registering a Provider class:

• http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#Provider

The short version is:

1. Put the provider JAR on the classpath or in the Java installation's extensions directory.
2. Register the provider:
   • manually edit the details into the java.security config file ($JAVA_HOME/lib/security/java.security), or
   • at runtime, call Security.addProvider or Security.insertProviderAt.

Answer 3

Writing the code is the very simplest part of the process. You have already declared that your classes provide a Cipher implementation for AES. This line:

put("Cipher.AES", "foo.bar.AESCipher");

is pretty much all you need to accomplish the task. Also note that your implementation will automatically be called for all combinations of mode and padding, since you have registered your cipher implementation at the algorithm level.

Having said that, writing the code was the easy part. You are creating a cipher, so you will need to sign your JAR before it can be installed and configured as a provider. Because the process is somewhat involved I will not copy it all here, rather I will refer you to the Oracle Guide on How to implement a Provider. It's an excellent source for this task.

If you follow the guide and still have issues, you may need to download and install the JCE Unlimited Strength Policy appropriate to your installed JDK.