PBEWITHSHA256AND128BITAES-CBC-BC creating java.security.NoSuchAlgorithmException on RedHat 6.4

java cryptography aes bouncycastle

13,112

Solution 1

Do you have the BouncyCastle provider JAR (e.g. bcprov-jdk15on-149.jar) in your classpath?

I tested your scenario with a minimal CentOS 6.4 (64-bit) installation, OpenJDK 1.7 and BouncyCastle 1.49, and found no issues with it.

I placed the JAR in the JRE lib/ext directory:

/usr/lib/jvm/java-1.7.0-openjdk.x86_64/jre/lib/ext

Solution 2

I try to confirm your issue and looks like problem in your environment. Here is sample of code i successfully run on clean OpenJDK 1.7, 1.6, Oracle JDK 1.7 and 1.6

$ java -version
java version "1.7.0_19"
OpenJDK Runtime Environment (rhel-2.3.9.1.el6_4-x86_64)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode):

Command line: java -cp bcprov-jdk15on-149.jar:. Test

Output: OK

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;

public class Test {
    public static void main(String[] args) throws Exception{
        String cryptoAlgorithm = "PBEWITHSHA256AND128BITAES-CBC-BC";
        Security.addProvider(new BouncyCastleProvider());

        char[] passPhrase = null;
        passPhrase = "12321".toCharArray();
        PBEKeySpec pbeKeySpec = new PBEKeySpec(passPhrase);
        try {
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(cryptoAlgorithm, "BC");
            SecretKey newSecretKey = secretKeyFactory.generateSecret(pbeKeySpec);
            assert newSecretKey != null;
            System.out.println("OK");
        } catch (NoSuchAlgorithmException e) {
            System.out.println("The algorithm is not found: " + cryptoAlgorithm);
        } catch (InvalidKeySpecException e) {
            System.out.println("The key spec is invalid");
        }
    }
}

Try to run that program on your environment. BouncyCastle jar you can download from here http://downloads.bouncycastle.org/java/bcprov-jdk15on-149.jar

13,112

Author by

Saqib Ali

UI/UX Designer for an open source Ideas Bank

Updated on June 17, 2022

Comments

Saqib Ali almost 2 years

We have an application that uses Bouncy Castle to encrypt data using PBEWITHSHA256AND128BITAES-CBC-BC algorithm. It works fine on Ubuntu running OpenJDK 1.7. But when when we move it to RedHat 6.4 also running OpenJDK 1.7, we get the following exception:

java.security.NoSuchAlgorithmException

Any thoughts on what could be causing this. How can we add PBEWITHSHA256AND128BITAES-CBC-BC algorithm to RedHat 6.4?

p.s. the application is running in JBoss.

private String cryptoAlgorithm = "PBEWITHSHA256AND128BITAES-CBC-BC";

Security.addProvider(new BouncyCastleProvider());

// load passPhrase from configured external file to char array.
char[] passPhrase = null;
try {
    passPhrase = loadPassPhrase(passPhraseFile);
} catch (FileNotFoundException e) {
    throw BeanHelper.logException(LOG, methodName, new EJBException("The file not found: " + passPhraseFile, e));
} catch (IOException e) {
    throw BeanHelper.logException(LOG, methodName, new EJBException("Error in reading file: " + passPhraseFile, e));
}

PBEKeySpec pbeKeySpec = new PBEKeySpec(passPhrase);

try {
    SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(cryptoAlgorithm);
    SecretKey newSecretKey = secretKeyFactory.generateSecret(pbeKeySpec);
    return newSecretKey;
} catch (NoSuchAlgorithmException e) {
    throw BeanHelper.logException(LOG, methodName, new EJBException("The algorithm is not found: " + cryptoAlgorithm, e));
} catch (InvalidKeySpecException e) {
    throw BeanHelper.logException(LOG, methodName, new EJBException("The key spec is invalid", e));
}

(On RH 6.4)

#java -version
java version "1.7.0_19"
OpenJDK Runtime Environment (rhel-2.3.9.1.el6_4-x86_64)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)

(On Ubuntu 12.04)

#java version "1.7.0_15"
OpenJDK Runtime Environment (IcedTea7 2.3.7) (7u15-2.3.7-0ubuntu1~12.04)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)

Maarten Bodewes almost 11 years

That cannot be it, as the providers will be questioned for the implemented algorithm strings. The whole bunch of providers will be tested unless a specific provider is given.
SubOptimal almost 11 years

For sure it should not be. But it doesn't work. And as I said "I guess". So at least it would be worth to first check the order of registered providers and then check if a manual insert of BC at first position would fix it. If not follow-up the investigation. But to find the issue you need to start at some point. ;-) And those above checks are done quick and if they are not the solution at least you can remove them from the list of possibilities.
Saqib Ali almost 11 years

it is on the machine where ear file was compiled. does have to exist on the jboss server as well?
Jukka almost 11 years

If the BouncyCastle JAR is not within the EAR, then you need to copy the JAR to the JBoss machine. In fact I would recommend to not put the JAR in the EAR but to place it in the appropriate jre/lib/ext folder (see example path above).
Jukka almost 11 years

Try and remove the JAR from the EAR and put it in the appropriate JBoss profile's lib directory (e.g. server/default/lib) or in the said JRE lib/ext directory . Also make sure JBoss isn't already packing (a possibly differing version of) BouncyCastle.