Skip to main content

SecurityException with Bouncy Castle

I am using BouncyCastle library to encrypt the data transfer with Kakfa.
While my program run fine from IntelliJ, but when I package a fat JAR and run, it throws following exception:

java.lang.SecurityException: JCE cannot authenticate the provider BC
    at javax.crypto.Cipher.getInstance(
    at javax.crypto.Cipher.getInstance(
    at scala.util.Try$.apply(Try.scala:192)
Caused by: java.util.jar.JarException: file:/work/data_extractor/src/main/sh/data_extractor.jar has unsigned entries - scala/Array$$anonfun$apply$3.class
    at javax.crypto.JarVerifier.verifySingleJar(
    at javax.crypto.JarVerifier.verifyJars(
    at javax.crypto.JarVerifier.verify(
    at javax.crypto.JceSecurity.verifyProviderJar(
    at javax.crypto.JceSecurity.getVerificationResult(
    at javax.crypto.Cipher.getInstance(
    ... 11 more

First part of solution is to register the cryptographic service provider at runtime to ensure the configuration will work for everyone. You can use either of the Security.addProvider() or Security.insertProviderAt() methods:

if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null)
    Security.addProvider(new BouncyCastleProvider)

Next, you need to add BouncyCastle provider to security providers in your java platform in two steps:
1. Copy BouncyCastle library (currently bcprov-jdk16-146.jar) to directory $JAVA_HOME/jre/lib/ext/
2. Register BouncyCastle provider: edit file $JAVA_HOME/jre/lib/security/ and add following line in list of providers:

Final list looks like:
# List of providers and their preference orders (see above):
Recompile and package the fat jar.


Popular posts from this blog

MPlayer subtitle font problem in Windows

While playing a video with subtitles in mplayer, I was getting the following problem:
New_Face failed. Maybe the font path is wrong. Please supply the text font file (~/.mplayer/subfont.ttf).
Solution is as follows:
Right click on "My Computer".Select "Properties".Go to "Advanced" tab.Click on "Environment Variables".Delete "HOME" variable from User / System variables.

Procedure for name and date of birth change (Pune)

For change of name, the form (scribd) is available free of cost at Government Book Depot (Shaskiya Granthagar), which is located near Collector’s office, next to Saint Helena's School. The postal address is:
Government Photozinco Press Premises and Book Depot,
5, Photozinco Press Road, Pune, MH, 411001.
Wikimapia link

Charges for name or date of birth change, in the Maharashtra Government Gazette:
INR 120.00 per insertion (for two copies of the Gazette)
For backward class applicants: INR 60.00
Charges for extra copy of the Gazette: INR 15.00 per copy (two copies are enough, so you may not want to pay extra for extra copies).

Backward class applicants are required to submit a xerox of caste certificate of old name as issued by the Collector of the District concerned.

Once the form is duly submitted, it normally takes 10 to 15 days for publication of advertisement in the Maharashtra Government Gazette. The Gazette copy reaches to the address filled in the form within next 7 to 15 day…

Setting up ELK 5.x (ElasticSearch, Logstash, Kibana) cluster

We recently upgraded from ElasticSearch 2.4.3 to 5.6.2.
Below are the steps that we used to install and configure new ELK cluster.

ElasticSearchInstallationmkdir -p /work/elk/data/data-es562 mkdir -p /work/elk/data/logs-es562 mkdir -p /work/elk/data/repo-es562 cd /work/elk/ curl -O tar -zxvf elasticsearch-5.6.2.tar.gz curl -O cd /work/elk/elasticsearch-5.6.2 ./bin/elasticsearch-plugin install file:///work/elk/
Settings for Master + Ingest node in elasticsearch.ymlWe have reused master nodes as ingest nodes, because we don't have any heavy ingest pipelines, and x-pack monitoring requires at-least one ingest node to be present in the cluster. ESDev562 "master_01" node.master: true # Enable the node.master role (enabled by default). false # D…