5:47 p.m.
Hey all,
Sorry if this question has been covered, I did a cursory search and came up with nothing.
I’m trying to integrate the signed JSS jar into my build to be used as a JCE provider for
fips compliance and am running into issues. Using the java Security class I’m trying to
set the JSS provider as the default security provider
```
Security.insertProviderAt(new JSSProvider() ,1);
```
This works, however when running my test suite I get about a billion errors which all seem
to trace back to errors around the default PRNG provider. Ex.
```
Could not initialize class javax.crypto.JceSecurityManager
```
I’ve read that in order to use jss classes directly one needs to initialize the
cryptomanager class. Is this necessary if I just want to use jss as a JCE provider? If so,
how do I know what arguments to pass into the initialize function?
Thanks,
Jon
9:58 a.m.
Hi Jon,
I do have to say I'm not that familiar with your use case. You might want to
take a look at TomcatJSS and PKI for examples using JSS. One thing that I will
point out is that, rather than directly adding the JSSProvider to the JCE, we
let the CryptoManager deal with that:
See:
https://github.com/dogtagpki/pki/blob/master/base/server/cmscore/src/com/...
Which calls here:
https://github.com/dogtagpki/jss/blob/master/org/mozilla/jss/CryptoManage...
I'm guessing the latter will give you the clues you seek for initializing the
RNG if you want to do it yourself... :)
(So I think to directly answer the last question, you either need to initialize
the CryptoManager class, or do the work it does (RNG initialization in this
current case) and/or the subset of work it does that enables your use cases...
so I'd perhaps consider just using the CryptoManager class myself).
- Alex
----- Original Message -----
From: "Jon Moroney" <jonm(a)rescale.com>
To: pki-devel(a)redhat.com
Sent: Wednesday, November 7, 2018 6:47:08 PM
Subject: [Pki-devel] Integrating JSS into an existing java project
Hey all,
Sorry if this question has been covered, I did a cursory search and came up
with nothing.
I’m trying to integrate the signed JSS jar into my build to be used as a JCE
provider for fips compliance and am running into issues. Using the java
Security class I’m trying to set the JSS provider as the default security
provider
```
Security.insertProviderAt(new JSSProvider() ,1);
```
This works, however when running my test suite I get about a billion errors
which all seem to trace back to errors around the default PRNG provider. Ex.
```
Could not initialize class javax.crypto.JceSecurityManager
```
I’ve read that in order to use jss classes directly one needs to initialize
the cryptomanager class. Is this necessary if I just want to use jss as a
JCE provider? If so, how do I know what arguments to pass into the
initialize function?
Thanks,
Jon
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
2196
days inactive
2202
days old
1 comments
2 participants
participants (2)
-
Alexander Scheel -
Jon Moroney