Library JAR with Bouncy Castle

1
votes

I'm working on a project with multiple subprojects and they all use a utilities library that I created for hashing, signing and encrypting messages. This library is basically a wrapper for bouncy castle.

When I run the tests associated with the library, everything passes and it's alright. When I package the utilities library into the jar two things happen:

  1. The subproject that is using the library cannot find the jars associated with bouncy castle.
  2. Even when I add the bouncy castle jars to the subproject that is using the library, the project cannot find the bouncy castle security provider "BC"

Here's the configuration of the exported utilities jar in intellij: Artifact Picture

The error: error

Security provider initialization: initialization

Why can't I export a library with an included security provider? Is this a side effect from the generated class loader?

Thanks in advance.

1
javaintellij-ideajarcryptographybouncycastle
Note that you only mentioned bouncycastle with 67 followers (most of which will be inactive). Always try and include a "higher up" tag such as cryptography to get your question noticed (between the ten million questions out there).Maarten Bodewes
Thanks added the new tag.AndrewD

1 Answers

1
votes

Providers need to be signed. It could be that you're messing with the verification routine, although this is hard to tell from a distance. If you are repackaging the BC provider you're certainly in trouble though, and using a different class loader may very well mess with the provider signature as well, yes.

Another issue may be that you register the provider in a constructor. If the constructor is not called before the provider then you may run into issues. Generally you should register the provider at the earliest convenience, i.e. in a static code block of the first class that is used for your application. Note that there is no risk in registering a provider multiple times - it will just find that one has already registered under the same name and do nothing.