Skip to Content
0
Oct 07, 2010 at 10:09 PM

PGP encryption using Bouncycastle

65 Views

Hi,

We have been attempted to use the bouncycastler pgp and jce provider jar files in AS Java stack.

There were no problems using the bouncycastle pgp library which is a client of the standard java security apis.

Attempting to use the bouncycastle jce provider apis directly in the ear file

Either

-as source

-As a shared library

Or

-as a bundled library

all resulted in exceptions of the following form

java.lang.IllegalStateException: Usage of an unregistered loader. This loader has been unregistered and is not supposed to be used anymore. All the references to it had to be removed before unregistering

Loader name - com.sap/SecurityEAR

Loader hash code - 529bfb12



at com.sap.engine.boot.loader.MultiParentClassLoader.loadClass(MultiParentClassLoader.java:235)

at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:376)

at org.bouncycastle.jce.provider.JDKDigestSignature.engineInitSign(Unknown Source)
 (These are the bouncycastle jce provider apis)

at java.security.Signature$Delegate.engineInitSign(Signature.java:1098)

at java.security.Signature.initSign(Signature.java:485)
 (These are the java security apis)

at org.bouncycastle.openpgp.PGPSignatureGenerator.initSign(PGPSignatureGenerator.java:130)
 (These are the bouncycastle PGP library)

at org.bouncycastle.openpgp.PGPSignatureGenerator.initSign(PGPSignatureGenerator.java:106)

at nz.govt.aucklandcouncil.pgp.ClearSignStreamProcessor.signContent(ClearSignStreamProcessor.java:206)

at nz.govt.aucklandcouncil.pgp.ClearSignStreamProcessor.signContent(ClearSignStreamProcessor.java:263)

at ac.key.KeyAccessBean.sign(KeyAccessBean.java:121)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

Thre is a description here of the classloading mechanism in SAP with a specific reference to this exception.

https://cw.sdn.sap.com/cw/docs/DOC-100874

We have been able to use the bouncycastle jce provider jar by including it on the bootclasspath of the jvm.

However this solution is problematic as it is impacts the whole jvm rather than being isolated to a single application/library/service.

The question we want answered ideally is what steps are required to use a third party jce provider in AS Java stack.???

If there is no mechanism other than the bootclasspath approach we have determined does work, is this solution supported by SAP.???

regards,

RDS