PBEWITHSHA256AND128BITAES-CBC-BC creating java.security.NoSuchAlgorithmException on RedHat 6.4

Question

PBEWITHSHA256AND128BITAES-CBC-BC creating java.security.NoSuchAlgorithmException on RedHat 6.4

We have an application that uses Bouncy Castle to encrypt data using the PBEWITHSHA256AND128BITAES-CBC-BC algorithm. It works fine on Unbuntu running OpenJDK 1.7 . But when we move it to RedHat 6.4 and run OpenJDK 1.7 , we get the following exception:

 java.security.NoSuchAlgorithmException

Any thoughts on what might be causing this. How to add PBEWITHSHA256AND128BITAES-CBC-BC algorithm in RedHat 6.4 ?

ps application works in JBoss .

 private String cryptoAlgorithm = "PBEWITHSHA256AND128BITAES-CBC-BC"; Security.addProvider(new BouncyCastleProvider()); // load passPhrase from configured external file to char array. char[] passPhrase = null; try { passPhrase = loadPassPhrase(passPhraseFile); } catch (FileNotFoundException e) { throw BeanHelper.logException(LOG, methodName, new EJBException("The file not found: " + passPhraseFile, e)); } catch (IOException e) { throw BeanHelper.logException(LOG, methodName, new EJBException("Error in reading file: " + passPhraseFile, e)); } PBEKeySpec pbeKeySpec = new PBEKeySpec(passPhrase); try { SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(cryptoAlgorithm); SecretKey newSecretKey = secretKeyFactory.generateSecret(pbeKeySpec); return newSecretKey; } catch (NoSuchAlgorithmException e) { throw BeanHelper.logException(LOG, methodName, new EJBException("The algorithm is not found: " + cryptoAlgorithm, e)); } catch (InvalidKeySpecException e) { throw BeanHelper.logException(LOG, methodName, new EJBException("The key spec is invalid", e)); }

( In RH 6.4 )

 #java -version java version "1.7.0_19" OpenJDK Runtime Environment (rhel-2.3.9.1.el6_4-x86_64) OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)

( On Ubuntu 12.04 )

 #java version "1.7.0_15" OpenJDK Runtime Environment (IcedTea7 2.3.7) (7u15-2.3.7-0ubuntu1~12.04) OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)

+6

java cryptography openjdk aes bouncycastle

Saqib ali May 31 '13 at 12:51

source share

3 answers

I am trying to confirm your problem and look like a problem in your environment. Here is an example of code that I successfully execute on pure OpenJDK 1.7, 1.6, Oracle JDK 1.7 and 1.6

 $ java -version java version "1.7.0_19" OpenJDK Runtime Environment (rhel-2.3.9.1.el6_4-x86_64) OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode):

Command line: java -cp bcprov-jdk15on-149.jar:. Test java -cp bcprov-jdk15on-149.jar:. Test

Output: OK

 import org.bouncycastle.jce.provider.BouncyCastleProvider; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import java.security.NoSuchAlgorithmException; import java.security.Security; import java.security.spec.InvalidKeySpecException; public class Test { public static void main(String[] args) throws Exception{ String cryptoAlgorithm = "PBEWITHSHA256AND128BITAES-CBC-BC"; Security.addProvider(new BouncyCastleProvider()); char[] passPhrase = null; passPhrase = "12321".toCharArray(); PBEKeySpec pbeKeySpec = new PBEKeySpec(passPhrase); try { SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(cryptoAlgorithm, "BC"); SecretKey newSecretKey = secretKeyFactory.generateSecret(pbeKeySpec); assert newSecretKey != null; System.out.println("OK"); } catch (NoSuchAlgorithmException e) { System.out.println("The algorithm is not found: " + cryptoAlgorithm); } catch (InvalidKeySpecException e) { System.out.println("The key spec is invalid"); } } }

Try running this program in your environment. You can download BouncyCastle jar from here http://downloads.bouncycastle.org/java/bcprov-jdk15on-149.jar

+2

user1516873 Jun 07 '13 at 12:43

source share

I believe that the order of security providers is different in both environments.

 for (Provider provider : Security.getProviders()) { System.out.println("Name: " + provider.getName() + " Version: " + provider.getVersion()); }

You can try to insert an invigorating lock supplier at a specific position in the supply chain. Here, for example, in the first position, if another security provider is not used, this should not lead to problems.

 Security.insertProviderAt(new BouncyCastleProvider(), 1);

using a specific provider for the algorithm is not recommended

 SecretKeyFactory.getInstance(cryptoAlgorithm, provider)

see Java ™ Cryptographic Architecture Architecture Reference Guide (JCA)

0

Suboptimal Jun 04 '13 at 11:05

source share

Jukka · Accepted Answer · 2013-06-09T04:00:59+0000

Do you have a BouncyCastle JAR JAR (e.g. bcprov-jdk15on-149.jar) in your classpath?

I tested your script with a minimal installation of CentOS 6.4 (64-bit), OpenJDK 1.7 and BouncyCastle 1.49, and did not find any problems with it.

I put the JAR in the lib / ext JRE directory:

 /usr/lib/jvm/java-1.7.0-openjdk.x86_64/jre/lib/ext

PBEWITHSHA256AND128BITAES-CBC-BC creating java.security.NoSuchAlgorithmException on RedHat 6.4

More articles: