bcgit
Error initializing KeyPiarGenerator ( java.security.KeyPairGenerator ) with java OpenJDK Runtime Environment (build 1.8.0_382-b05)
Hi Team, We are getting errors while creating the certificate.
We get errors while generating KeyPiarGenerator ( java.security.KeyPairGenerator ) with java OpenJDK Runtime Environment (build 1.8.0_382-b05). We have added following dependencies in our pom.xml
It's working fine with OpenJDK Runtime Environment (build 1.8.0_322-b06 ).
generator = KeyPairGenerator.getInstance(ALGORITHM, securityProvider); // this line is executed generator.initialize(new ECGenParameterSpec(ELLIPTIC_CURVE), new SecureRandom()); // error executing this line
I had to catch this error by catching Throwable.
Stack trace:
WARN - Exception while getting the generator throwable org/bouncycastle/math/ec/custom/djb/Curve25519Point.withCompression
2024-08-19 07:12:25,405 [WebContainer : 6] pushnotification.PushNotificationKeyManager WARN - java.lang.NoSuchFieldError: org/bouncycastle/math/ec/custom/djb/Curve25519Point.withCompression
at org.bouncycastle.math.ec.custom.djb.Curve25519Point.
Caused by: java.lang.NoSuchFieldError: org/bouncycastle/math/ec/custom/djb/Curve25519Point.withCompression
at org.bouncycastle.math.ec.custom.djb.Curve25519Point.<init>(Unknown Source) ~[bcprov-jdk15on-1.57.jar:1.57.0]
at org.bouncycastle.math.ec.custom.djb.Curve25519Point.<init>(Unknown Source) ~[bcprov-jdk15on-1.57.jar:1.57.0]
at org.bouncycastle.math.ec.custom.djb.Curve25519.<init>(Unknown Source) ~[bcprov-jdk15on-1.57.jar:1.57.0]
at org.bouncycastle.crypto.ec.CustomNamedCurves$1.createParameters(Unknown Source) ~[bcprov-jdk15on-1.57.jar:1.57.0]
at org.bouncycastle.asn1.x9.X9ECParametersHolder.getParameters(Unknown Source) ~[bc-fips-1.0.2.3.jar:1.0.2.3]
at org.bouncycastle.crypto.ec.CustomNamedCurves.getByName(Unknown Source) ~[bcprov-jdk15on-1.57.jar:1.57.0]
Please check and help us resolve the issue.
Thank you
Dattatreya
Hi Team, could you please check and help us resolve the issue.
Thank you Dattatreya
The stack trace reveals that you also have bc-fips-1.0.2.3.jar in the classpath:
at org.bouncycastle.asn1.x9.X9ECParametersHolder.getParameters(Unknown Source) ~[bc-fips-1.0.2.3.jar:1.0.2.3]
FIPS and non-FIPS jars cannot be used together.
Hi @peterdettman
I am facing the same error even after removing the fips jar. I can run the independent program when I remove the jar. But I am facing an error when I deploy my application.
Our java.security file is as follows. Do you think this will create a problem?
security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider C:HYBRID;ENABLE{All}; security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider security.provider.3=sun.security.provider.Sun security.provider.4=sun.security.rsa.SunRsaSign security.provider.5=sun.security.ec.SunEC security.provider.6=com.sun.net.ssl.internal.ssl.Provider security.provider.7=com.sun.crypto.provider.SunJCE security.provider.8=sun.security.jgss.SunProvider security.provider.9=com.sun.security.sasl.Provider security.provider.10=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.11=sun.security.smartcardio.SunPCSC
#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
Security providers used when FIPS mode support is active
fips.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider C:HYBRID;ENABLE{All}; fips.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS fips.provider.3=sun.security.provider.Sun fips.provider.4=com.sun.crypto.provider.SunJCE fips.provider.5=com.sun.security.sasl.Provider
Please find the jar details below. find / -iname bc-fips.jar* /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64/jre/lib/ext/bc-fips-1.0.2.1.jar /opt/Avaya/Common/lib/bc-fips-1.0.2.1.jar /opt/Avaya/wildfly-24.0.0.Final/standalone/tmp/vfs/deployment/deploymentaad4699bb62e6ea5/bc-fips-1.0.2.1.jar-8c1d6cd3e7520138/bc-fips-1.0.2.1.jar /opt/IBM/WebSphere/AppServer/lib/ext/bc-fips-1.0.2.3.jar
find / -iname bcp.jar* /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64/jre/lib/ext/bcpkix-fips-1.0.5.jar /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/jruby-openssl-0.14.2-java/lib/org/bouncycastle/bcpkix-jdk18on/1.74/bcpkix-jdk18on-1.74.jar /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/jruby-openssl-0.14.2-java/lib/org/bouncycastle/bcprov-jdk18on/1.74/bcprov-jdk18on-1.74.jar /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/bouncycastle/bcpkix-jdk18on/1.71/bcpkix-jdk18on-1.71.jar /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/bouncycastle/bcprov-jdk18on/1.71/bcprov-jdk18on-1.71.jar /opt/Avaya/Common/lib/bcpkix-fips-1.0.5.jar /opt/Avaya/wildfly-24.0.0.Final/modules/system/layers/base/org/bouncycastle/bcpg/main/bcpg-jdk15on-1.68.jar /opt/Avaya/wildfly-24.0.0.Final/modules/system/layers/base/org/bouncycastle/bcpkix/main/bcpkix-jdk15on-1.68.jar /opt/Avaya/wildfly-24.0.0.Final/modules/system/layers/base/org/bouncycastle/bcprov/main/bcprov-jdk15on-1.68.jar /opt/Avaya/wildfly-24.0.0.Final/standalone/tmp/vfs/deployment/deploymentaad4699bb62e6ea5/bcpg-fips-1.0.5.1.jar-8f2ba2bc1447ea24/bcpg-fips-1.0.5.1.jar /opt/Avaya/wildfly-24.0.0.Final/standalone/tmp/vfs/deployment/deploymentaad4699bb62e6ea5/bcpkix-fips-1.0.5.jar-75a8f31e3a48c6a/bcpkix-fips-1.0.5.jar /opt/Avaya/drs/lib/bcprov-jdk15.jar /opt/Avaya/drs/lib/bcprov-jdk15on-169.jar /opt/Avaya/dcm/gigaspace/lib/required/bcpkix-jdk15on-1.50.jar /opt/Avaya/dcm/gigaspace/lib/required/bcprov-jdk15on-1.50.jar /opt/Avaya/dcm/gigaspace/lib/required_was/bcpkix-jdk15on-1.50.jar /opt/Avaya/dcm/gigaspace/lib/required_was/bcprov-jdk15on-1.50.jar /opt/IBM/WebSphere/AppServer/lib/ext/bcpkix-fips-1.0.5.jar /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/Node01Cell/PSConnector-10.1.0.1.9.ear/psconnector-war-10.1.0.1-SNAPSHOT.war/WEB-INF/lib/bcpkix-jdk15on-1.57.jar /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/Node01Cell/PSConnector-10.1.0.1.9.ear/psconnector-war-10.1.0.1-SNAPSHOT.war/WEB-INF/lib/bcprov-jdk15on-1.57.jar /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/Node01Cell/PresenceServices-10.1.0.1.30.ear/psng-war-10.1.0.1-SNAPSHOT.war/WEB-INF/lib/bcpkix-jdk15on-1.57.jar /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/Node01Cell/PresenceServices-10.1.0.1.30.ear/psng-war-10.1.0.1-SNAPSHOT.war/WEB-INF/lib/bcprov-jdk15on-1.57.jar
find / -iname bct.jar* /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64/jre/lib/ext/bctls-fips-1.0.12.2.jar /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/jruby-openssl-0.14.2-java/lib/org/bouncycastle/bctls-jdk18on/1.74/bctls-jdk18on-1.74.jar /usr/share/logstash/vendor/jruby/lib/ruby/stdlib/org/bouncycastle/bctls-jdk18on/1.71/bctls-jdk18on-1.71.jar /opt/Avaya/Common/lib/bctls-fips-1.0.12.2.jar /opt/IBM/WebSphere/AppServer/lib/ext/bctls-fips-1.0.12.2.jar
Enterprise support for the FIPS edition is available at https://www.keyfactor.com/open-source/bouncy-castle-support/
