17

我为 AES/CBC/PKCS5Padding 编写了一个自定义安全提供程序。这很好用。

Provider为了让 Java 将其识别为上述算法的有效提供程序,我需要添加哪些设置?我已经有了

public class FooBarProvider extends Provider {
  public FooBarProvider() {
    super("FooBar", 1.0, "Provider for AES.");
    put("Cipher.AES", "foo.bar.AESCipher");
  }
}

后一个参数是实际CipherSpi工作的参数。我在哪里注册它支持 CBC 和 PKCS5Padding 的事实?目前要求相关Cipher不返回我的类的实例:

Security.insertProviderAt(new FooBarProvider(), 1);
Cipher cip = Cipher.getInstance("AES/CBC/PKCS5Padding");
System.out.println(cip.getProvider()); //prints "SunJCE version 1.7"
4

2 回答 2

10

编写代码是该过程中最简单的部分。您已经声明您的类为 AES 提供了 Cipher 实现。这一行:

put("Cipher.AES", "foo.bar.AESCipher");

几乎是完成任务所需的一切。另请注意,您的实现将自动为modepadding的所有组合调用,因为您已在算法级别注册密码实现。

Having said that, writing the code was the easy part. You are creating a cipher, so you will need to sign your JAR before it can be installed and configured as a provider. Because the process is somewhat involved I will not copy it all here, rather I will refer you to the Oracle Guide on How to implement a Provider. It's an excellent source for this task.

If you follow the guide and still have issues, you may need to download and install the JCE Unlimited Strength Policy appropriate to your installed JDK.

于 2012-04-08T07:01:58.500 回答
5

Java Crypto 文档描述了注册Provider类的机制:

简短的版本是:

  1. 将提供程序 JAR 放在类路径或 Java 安装的扩展目录中。
  2. 注册提供者:
    • 手动将详细信息编辑到java.security配置文件 ( $JAVA_HOME/lib/security/java.security) 中,或者
    • 在运行时,调用Security.addProviderSecurity.insertProviderAt.
于 2012-04-08T04:34:30.030 回答