provider registration

Bernd ecki at zusammenkunft.net
Wed Feb 28 16:36:59 UTC 2018


Hello,

there was a thread on BouncyCastle's crypto-dev mailing list how to use a
custom JCA provider with Java 9+. Since there is no alternative for the
lib/ext extension mechanism this is a bit tricky (if you do want to make
the extension in the java.security file permanent).

There are multiple alternatives (adding to module path, to classpath, using
service loader or programmatic registration). Those are described in the
actual documentation.

However expanding the java.security list does not mention explicitely that
without the extension mechanism this produces a java home which wont start
without modifying the module path.

Not sure if there is actually a default way to storesuch a "security
provider module" without using for example jlink to build a new image (or
add the -mp argument).

Maybe this should be stated explicite?

"Starting with Java 9 there is no extension mechanism where you could
install the provider JAR permanently. Therefore expanding the java.security
leaves typically a incomplete java home and should be avoided. Permanently
installing an additional module could be done with a custom jlink image."

(I havent tested if JLink works, BCProv is not yet modularized or service
loader enabled. Classpath and programmatic registration works fine).

Is that correct?

Gruss
Bernd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20180228/738a0681/attachment.html>


More information about the security-dev mailing list