Can older BC be signed with latest JCE?

[bblueBEDS]

Running older 1.40 bc jar on IBM JRE app and getting "java.security.NoSuchProviderException: JCE cannot authenticate the provider BC" exception.

IBM claims "If you encounter this issue with a 3rd party JCE provider, like BouncyCastle, you will need to go to your security provider to obtain an updated JCE jar signed by the new Oracle JCE Code Signing CA."

Is it possible to get an older version of BC signed with latest JCE? I tried everything else online and cannot for the life of me get around this err. Thanks,

[dghgit]

It is possible to sign an earlier jar with a newer signing certificate. You can apply for a signing certificate if you want to do this. One thing though, 1.40 is rather old... we are at 1.72 now. It would really be better to upgrade your application - unfortunately cryptography APIs, and algorithms, do not age gracefully

[bblueBEDS]

@dghgit How do I apply for a signing certificate? Also, I tried upgrading to latest BC.jar but it looks like some of the functionality is not the same (getting a exception unwrapping private key - java.security.InvalidKeyException: pad block corrupted). Also I ran jarsigner on the latest bc 171 jar and received a similar error "PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target".

[dghgit]

The jar is signed using the JCE signing certificate, this is embedded in the JVM but not something jarsigner has access to.

Signing certificates can be obtained through IBM or Oracle.