1

I am trying to configure nCipherKM Security provider with OpenJDK11. With jdk8 I had to add the provider to the java.security file and add the provider jar file to jre/lib/ext and it was working fine. Since external libraries are not allowed in the later jdk versions how can I add a provider on OpenJDK 11?

I have performed the following to configure the security provider with openjdk 11 -

  1. Added the nCipherKM.jar to the CLASSPATH by creating a CLASSPATH environment variable

  2. Added the security provider to the java.security file under openjdk11/conf/security/

    security.provider.14=nCipherKM I've also tried
    security.provider.14=com.ncipher.provider.km.nCipherKM

  3. java.Security.Provider file found in the nCipherKM.jar under nCipherKM\META-INF\services\ contains com.ncipher.provider.km.nCipherKM

  4. To validate if the provider was registered, I ran the command -

    java --module-path %NFAST_HOME%\java\classes com.ncipher.provider.InstallationTest

    I get the below output which indicates that the provider has been installed fine.

    unlimited strength jurisdiction files are installed. The nCipher provider is installed, but is not registered at the top of the providers list in the java.security file. See the user guide for more information about the recommended

However, when I run my application, I still see the error -

 [java.security.NoSuchProviderException:no such provider: nCipherKM]-> 
 [java.base/sun.security.jca.GetInstance.getService(GetInstance.java:83)

I'd like to know what am I missing here. Thank you for the help!

NSH2020
  • 41
  • 1
  • 6
  • So you are following the installation documentation https://nshielddocs.entrust.com/api-generic/12.80/jca-jce-csp? – Robert Aug 20 '22 at 12:33
  • Try adding security.provider.1=nCipherKM instead of security.provider.14=nCipherKM – Thiago Henrique Hupner Aug 22 '22 at 19:41
  • @Robert Yes, I'm following the documentation from nshielddocs.entrust.com . @Thiago Henrique Hupner I did change the nCipherKm provider to be the the first security.provider on the list. This time the installationTest failed unless I added the fully qualified class name for the provider . I also had to pass the Classpath with the Java command and now the NoSuchProviderException is gone. However, I get a new error now - ```:The private key material is not exportable outside of the HSM][javax.net.ssl.SSLException:The private key material is not exportable outside of the HSM``` – NSH2020 Aug 23 '22 at 05:24

1 Answers1

-1

as a first check you need to ensure that if more than one version of Java is installed in your system, if your application is working with the correct version.

Max Bot
  • 1
  • 1
  • Hello, Thanks for the inputs. I do have jd8 and openjdk11 on this system, but my application is using openjdk11 it doesn't use JAVA_HOME that's set to JDK8. Would that still be an issue? – NSH2020 Aug 19 '22 at 17:49