How do you use BC FIPS in Java app?
I’ve been trying recently to use BC FIPS module in my Java app. Turns out – not as simple as you’d think.
The problems I faced were mainly with the keystore format, but other issues came up as well.
1. Download the bc-fips-1.0.0.jar (download latest and greatest from here) file
2. Place it in jre/lib/ext
3. Edit jre/lib/security/java.security file. Edit the following line:
4. Edit jre/lib/security/java.security file. Add the following line:
(Make sure you use the right numbering. It should be consecutive)
5. Create your keystore:
keytool -genkey -storetype BCFKS -alias mykey -keyalg RSA -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -storepass test123 -keystore test_fips
Of course, you can change the parameters are you need
6. Add the following line in your code (I prefer that over the java.security changes)
7. If your code requires specifying the keystore type, use the following constant – BCFKS
You should be OK…