Reputation: 47
Package in unique jar with bouncyCastle.SecurityException
I created a Java UI with NetBeans and I need to include external jar and package it in only one jar.
I got the following error:
Error: A JNI error has occurred, please check your installation and try again Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
I changed the build.xml with the following code:
<target name="-post-jar">
<jar jarfile="${dist.jar}" update="true">
<zipgroupfileset dir="\Users\feli\Documents\bouncy\" excludes="META-INF/*.SF,META-INF/*.DSA,META-INF/*.RSA"/>
<manifest>
<attribute name="Main-Class" value="herramientascriptograficas.AplicacionCriptografica"/>
</manifest>
</jar>
</target>
But, I got the same result.
I check the jar and I have in META-INF:
META-INF feli$ ls BC1024KE.DSA BC1024KE_1.DSA BC2048KE.DSA BC2048KE_1.DSA MANIFEST.MF BC1024KE.SF BC1024KE_1.SF BC2048KE.SF BC2048KE_1.SF
In conclusion, the build.xml doesn't exclude the files. Could you help me?
Ps: I have a Mac and I tried to change excludes ="META-INF/**/*", and I got the same result
Upvotes: 0
Views: 1151
Answers (2)
Reputation: 1
If the org.bouncycastle dependencies are transitive (not explicitly included in your code) and you don't need them, you can exclude them from whatever dependency is introducing them.
MAVEN:
<dependencies>
<dependency>
<groupId>some.group</groupId>
<artifactId>necessary-module</artifactId>
<version>X.Y.Z</version>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdkXXon</artifactId>
</exclusion>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdkXXon</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
GRADLE:
dependencies {
implementation ('some.group:necessary-module:X.Y.Z') {
exclude group: 'org.bouncycastle', module: 'bcprov-jdkXXon'
exclude group: 'org.bouncycastle', module: 'bcpkix-jdkXXon'
}
}
Note: bcprov-jdkXXon and bcpkix-jdkXXon should be replaced with whichever versions of bouncycastle are introduced.
Upvotes: 0
Reputation: 39241
Bouncycastle jars are signed because implements a cryptographic provider
If your provider is supplying encryption algorithms through the
CipherKeyAgreement,KeyGenerator,Mac, orSecretKeyFactoryclasses, you will need to sign your JAR file so that the JCA can authenticate the code at runtime.
You have repackaged all classes into a single jar, but you have not signed it. You are using the signature files of bouncycastle's jars, but they are not valid now because you have changed the content
Options:
Sign your code with a code signing certificate
Deploy also bcprov-jdk15on-1.xx.jar with your app
Upvotes: 3
Related Questions
- BouncyCastle signature creation java.lang.NoSuchFieldError: xmss_SHA256ph
- BouncyCastle does not find algorithms that it provides?
- java.security.spec.InvalidKeySpecException: encoded key spec not recognized: failed to construct sequence from byte[] by generating ECDSA Signature
- Using BouncyCastle results in 'myJar.jar has unsigned entries'
- Bouncycastle XmlSignatureFactory NoSuchAlgorithmException
- bouncycastle error "JCE cannot authenticate the provider BC" with "jar-with-dependencies"
- BouncyCastle jars giving SHA1 Digest Error for JDK 1.7
- Bouncy Castle unsigned entries Error running Jar-with-dependencies using Maven
- class "org.bouncycastle.asn1.ASN1ObjectIdentifier"'s signer information does not match signer information of other classes in the same package
- BouncyCastle SecurityException throws only when the *bcprov*.jar is packaged into the generated JAR