FIPS 140-2 approved java crypto library

Similar Messages

• Mountain Lion finally FIPS 140-2 approved

  I have seen no press coverage about this nor mention here in the forums, nor announcement by Apple. Perhaps even Apple are as yet unaware of this
  Mountain Lion and iOS 6 have both finally received offical FIPS 140-2 certification. You can see this by going to the following page and searching for Apple.
  http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
  This should mean it is now possible to use FileVault2 instead of third-party equivalents such as PGP or CheckPoint or Sophos or WinMagic.
  (Have I got a news scoop here )
  PS. The following article will also be important - http://support.apple.com/kb/ht5396

  NSS is a set of security libraries written in C so you can certainly use C APIs to access it as well. JSS is the Java interface to NSS. You can either use the JSS API directly or use Sun's PKCS11 wrapper which gives you access to most of the NSS functionalities.

• Java 8 64 bit on Windows with NSS for FIPS 140 compliance

  I have asked this question on Stackoverflow but I am beginning to think that this may be a better forum to ask.
  According to JEP 131, Java 8 should provide a PKCS#11 Crypto provider for 64 bit Windows:  https://blogs.oracle.com/mullan/entry/jep_131_pkcs_11_crypto.
  With that in mind, I downloaded and built both 32 and 64 bit versions of NSS with NSPR using these instructions:  https://developer.mozilla.org/en-US/docs/NSS_Sources_Building_Testing
  I downloaded Java 8 for Windows 64 build b118, configured the java.security file and created a nss.cfg file:
  Excerpt from java.security file:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=sun.security.rsa.SunRsaSign
  security.provider.3=sun.security.ec.SunEC
  security.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS
  security.provider.5=com.sun.crypto.provider.SunJCE
  security.provider.6=sun.security.jgss.SunProvider
  security.provider.7=com.sun.security.sasl.Provider
  security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
  security.provider.9=sun.security.smartcardio.SunPCSC
  security.provider.10=sun.security.pkcs11.SunPKCS11 /devel/nss.cfg
  From my nss.cfg file:
  # Use NSS as a FIPS-140 compliant cryptographic token
  # SunPKCS11-NSS
  name = NSS
  #32 bit
  #nssLibraryDirectory = C:\devel\nss\nss-3.15.3.1\dist\WINNT6.1_DBG.OBJ\lib
  #64 bit
  nssLibraryDirectory = C:\devel\nss\nss-3.15.3.1\dist\WINNT6.1_64_DBG.OBJ\lib
  #non FIPS
  #nssDbMode = noDb
  #attributes = compatibility
  #FIPS
  nssSecmodDirectory = c:\devel\fipsdb
  nssModule = fips
  I ran the test suite that comes with NSS and it looks like all of the encryption/decryption tests passed (did have some issues with the tests that required hostname/domainname but that has to do with the Windows environment).
  So here is the problem. I run my test encryption app on Java 7 32 bit with the 32 bit version of NSS and everything works great. When I attempt to run Java 8 64 bit with 64 bit NSS I get the following error:
  java.security.ProviderException: Could not initialize NSS
  at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:212)
  at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at sun.security.jca.ProviderConfig$2.run(Unknown Source)
  at sun.security.jca.ProviderConfig$2.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.security.jca.ProviderConfig.doLoadProvider(Unknown Source)
  at sun.security.jca.ProviderConfig.getProvider(Unknown Source)
  at sun.security.jca.ProviderList.getProvider(Unknown Source)
  at sun.security.jca.ProviderList.getIndex(Unknown Source)
  at sun.security.jca.ProviderList.getProviderConfig(Unknown Source)
  at sun.security.jca.ProviderList.getProvider(Unknown Source)
  at java.security.Security.getProvider(Unknown Source)
  at sun.security.ssl.SunJSSE.<init>(Unknown Source)
  at sun.security.ssl.SunJSSE.<init>(Unknown Source)
  at com.sun.net.ssl.internal.ssl.Provider.<init>(Unknown Source)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
  at java.lang.reflect.Constructor.newInstance(Unknown Source)
  at sun.security.jca.ProviderConfig$2.run(Unknown Source)
  at sun.security.jca.ProviderConfig$2.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.security.jca.ProviderConfig.doLoadProvider(Unknown Source)
  at sun.security.jca.ProviderConfig.getProvider(Unknown Source)
  at sun.security.jca.ProviderList.getProvider(Unknown Source)
  at sun.security.jca.ProviderList$ServiceList.tryGet(Unknown Source)
  at sun.security.jca.ProviderList$ServiceList.access$200(Unknown Source)
  at sun.security.jca.ProviderList$ServiceList$1.hasNext(Unknown Source)
  at javax.crypto.KeyGenerator.nextSpi(KeyGenerator.java:323)
  at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:158)
  at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:208)
  at STSAESEncryption.generateKeyWithGenerator(STSAESEncryption.java:74)
  at Main.main(Main.java:24)
  Caused by: java.io.IOException: %1 is not a valid Win32 application.
  at sun.security.pkcs11.Secmod.nssLoadLibrary(Native Method)
  at sun.security.pkcs11.Secmod.initialize(Secmod.java:210)
  at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:207)
  ... 36 more
  Has JEP 131 been implemented with Windows/Java 64 bit as of b119?  If so has it been verified to work with NSS or should I submit a bug report?  I did download the code and the error is occurring in the following block of code at the line in bold (also with the arrow by it):
  public synchronized void initialize(DbMode dbMode, String configDir,
          String nssLibDir, boolean nssOptimizeSpace) throws IOException {
          if (isInitialized()) {
              throw new IOException("NSS is already initialized");
          if (dbMode == null) {
              throw new NullPointerException();
          if ((dbMode != DbMode.NO_DB) && (configDir == null)) {
              throw new NullPointerException();
          String platformLibName = System.mapLibraryName("nss3");
          String platformPath;
          if (nssLibDir == null) {
              platformPath = platformLibName;
          } else {
              File base = new File(nssLibDir);
              if (base.isDirectory() == false) {
                  throw new IOException("nssLibDir must be a directory:" + nssLibDir);
              File platformFile = new File(base, platformLibName);
              if (platformFile.isFile() == false) {
                  throw new FileNotFoundException(platformFile.getPath());
              platformPath = platformFile.getPath();
          if (configDir != null) {
              File configBase = new File(configDir);
              if (configBase.isDirectory() == false ) {
                  throw new IOException("configDir must be a directory: " + configDir);
              File secmodFile = new File(configBase, "secmod.db");
              if (secmodFile.isFile() == false) {
                  throw new FileNotFoundException(secmodFile.getPath());
          if (DEBUG) System.out.println("lib: " + platformPath);
  --->   nssHandle = nssLoadLibrary(platformPath);
          if (DEBUG) System.out.println("handle: " + nssHandle);
          fetchVersions();
          if (supported == false) {
              throw new IOException
                  ("The specified version of NSS is incompatible, "
                  + "3.7 or later required");
          if (DEBUG) System.out.println("dir: " + configDir);
          boolean initok = nssInitialize(dbMode.functionName, nssHandle,
              configDir, nssOptimizeSpace);
          if (DEBUG) System.out.println("init: " + initok);
          if (initok == false) {
              throw new IOException("NSS initialization failed");
          this.configDir = configDir;
          this.nssLibDir = nssLibDir;
  Any help or advise about filing a bug report would be appreciated.
  Thanks,

  Had a few similar short system freezes, after installing Windows 8 x64 on 13” MacBook Pro Mid-2010 with BootCamp 5.0.5033.
  There is a suggestion that DisableDynamicTick may fix the problem: https://discussions.apple.com/message/21565295#21565295. There were similar topics at Microsoft forums: 1, 2, 3. It was said “that this will likely reduce system battery life, so it should be undone when you update your Windows build or if it doesn't resolve your issue”, and that “this problem is resolved in the release versions of Windows 8”.
  Another possibility is that there is indeed a buggy driver, within BootCamp 5.0.5033, or a 3rd party, like a wireless network driver in the following case http://answers.microsoft.com/en-us/windows/forum/windows_8-performance/system-fr eeze-randomly-after-installing-windows-8/49488183-26cf-4389-af21-a85dc366c99a?pa ge=2#LastReply.
  The problem has been noticeable on my MacBook, but not annoying enough yet to spend time troubleshooting. If you find a robust solution, using the links above or other method, it would be interesting to know.
  HTH

• Is DBMS_CRYPTO FIPS 140-2 certified?

  Sadly, I think that the answer is no. I am hoping someone more knowledgeable can contradict me. This link describes the Oracle Database FIPS certification status.
  http://www.oracle.com/technology/deploy/security/seceval/oracle-fips140-validations.html.
  This is the linked to certificate which applies to Oracle Cryptographic Libraries for SSL.
  http://www.oracle.com/technology/deploy/security/seceval/pdf/140crt861.pdf
  I have found nothing that includes DBMS_CRYPTO under Oracle Cryptographic Libraries for SSL. This link might imply that it is not, but I am unclear what might apply to DBMS_CRYPTO.
  http://www.oracle.com/technology/deploy/security/as_security/sslfipsfaq_r1.html
  Is Oracle Advanced Security’s SSL adapter also included in this FIPS evaluation?
  No. Oracle SSL libraries that is only included in Oracle Application Server 10g (9.0.4) alone has received this FIPS 140-2 certification. We are considering evaluation of the Oracle SSL libraries included in the Oracle Database at the earliest.
  So in summary, it appears that Oracle has gone through the work to certify the Java libraries, but not the PL/SQL library.
  TIA
  Edited by: rmonical on May 26, 2009 4:12 PM

  The best source of Oracle online documentation is http://tahiti.oracle.com.
  If you go there and search, I did it under 10gR2, for "FIPS" you will find a tremendous amount of material with respect to the Oracle Database and FIPS.
  And unless I misunderstand your question you are totally incorrect.
  The Oracle database is in full compliance with FIPS 127-2.

• Lync FIPS 140-2 encryption for Data in Transit Certificate?

  I work for an organization that has deployed Lync 2013 throughout the enterprise. 
  We have no need for “Data at Rest” encryption on the servers or clients at this time, but we do have a customer requirement for FIPS 140-2 encryption for “Data in Transit”?  Does Lync provide data in transit encryption utilizing one of the National
  Institute of Standards and Technology (NIST) approved modules by default? If so, have all the traffic types been “Certified” compliant (i.e. Server-to-Server, Client-to-Server, IM, Audio, Video, Desktop Sharing, web conferencing, etc…)? 
  I’ve read all the technet articles and looked at the following links, but it is not clear to me. 
  I cannot find the certification number and certificate for the FIPS 140-2 validation for Lync's encryption module on either the Microsoft or NIST websites.
  http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
  https://technet.microsoft.com/en-us/library/security/cc750357.aspx

  Lync Server 2013 and Microsoft Exchange Server 2010 Service Pack 1 (SP1) operate with support for Federal Information Processing Standard (FIPS) 140-2 algorithms if the Windows Server 2008 R2 operating systems
  are configured to use the FIPS 140-2 algorithms for system cryptography. To implement
  FIPS support, you must configure each server running Lync Server 2013 to support it. For details about
  FIPS-compliant algorithms and how to implement
  FIPS support, see Microsoft Knowledge Base article 811833, "System cryptography: Use
  FIPS compliant algorithms for encryption, hashing, and signing security setting in Windows XP and in later versions of Windows at
  <linktext xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">http://go.microsoft.com/fwlink/p/?linkid=3052&kbid=811833</linktext>. For details about
  FIPS 140-2 support and limitations in Exchange 2010, see "Exchange 2010 SP1 and Support for
  FIPS Compliant Algorithms" at
  <linktext xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">http://go.microsoft.com/fwlink/p/?linkId=205335</linktext>.
  For More information on FIPS in Lync server 2013 
  http://technet.microsoft.com/en-us/library/jj205114.aspx 
  http://technet.microsoft.com/en-us/library/jj205084.aspx 
  Please remember, if you see a post that helped you please click ;Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph

• Compatibility between Java crypto and open ssl

  Hello
  I have some question about compatibility between java crypto and openssl library.
  This is my case:
  1.I created DESede key and stored it to file:
  SecretKey key = KeyGenerator.getInstance("TripleDES").generateKey();
  File f = new File("c:\\key.dat");
  DataOutputStream dos =new DataOutputStream(new FileOutputStream(f));
  dos.write(key.getEncoded());
  dos3.close();2.I encrypt some file "c:\\normal.dat" through:
  ecipher.init(Cipher.ENCRYPT_MODE, key2);
    byte[] enc = ecipher.doFinal(normalData);
    File f2 = new File("c:\\enc.dat");
    DataOutputStream dos =new DataOutputStream(new FileOutputStream(f2));
    dos.write(enc);
    dos.close();

  You have carefully left out some critical java code, namely the Cipher.getInstance() method. You'll notice in the documentation for this method that there 3 components to the "transform" argument of this method, the algorithm, the mode, and the padding. All of these must match exactly with the what openssl is using. Furthermore, if you are using one of the modes which require an IV, like CBC mode, then this must match exactly too. If you don't explicitly specify some of these parameters, you might get default values supplied. It is up to you to find out what these are.

• JAVA CRYPTO TOOLKIT

  I need to install JAVA CRYPTO TOOLKIT on XI 3.0. is the Plain J2SE Adapter engine a prerequiste for Java Crypto Toolkit?

  > is the Plain J2SE Adapter engine a prerequiste for Java Crypto Toolkit.
  No. Don't get confused about the use of J2SE. J2SE means Java 2 Standard Edition and is basis for all Java Programs.
  Plain J2SE Adapter means: That adapter runs on any system where the Java library is available (in contrary to J2EE adapter which runs only on a J2EE server).
  Regards
  Stefan

• Time Table for File Vault 2 FIPS-140-2 Certification

  I believe I read something that Lion/File Vault 2 encryption was submitted to NIST for FIPS-140-2 certification.   I know that IOS 5 is first to be certified, but does anyone know the time table for Lion/File Vault 2 to be certified?     I was told a few months ago that it would be certified by 12/31/2011.   Any update would be appreciated.  

  Disclosure: I work for NIST, but not in the Computer Security Div. (the group that issues the certificates).
  Looking at the NIST list of validated modules, Lion's crypto module recieved its certification on 3/30/12, but I don't know if this applies to all apps or just the libraries.  It doesn't apply to 3rd party apps yet (note says it will be re-evaluated for that use).  I wouldn't think File Vault is a "third party" app. 
  I'll post more if I find out anything.

• SunJCE compliant to FIPS-140-2 standard or not?

  Hi Folks,
  I am using encryption/ decryption (DES and AES) in my project .
  For that I am using javax.crypto and javax.crypto.spec package and the security provider used is SUNJCE.
  Please let me know whether JDK is compliant to the FIPS 140-2 standard or not. If it is compliant , also let me know from which version of JDK onwards it will compliant to that standard.
  Look forward your reply soon.
  Thanks
  R.Ravikumar

  Hi ,
  Thanks for your immediate response. I really appriciate that.
  I search in the google and found that IBM's versions of JSSE and JCE have been FIPS 140-2 certified, and are FIPS 140-2 compliant.
  I can see the same in the below link
  http://csrc.nist.gov/cryptval/140-1/1401vend.htm
  And I didn't see the SunJCE in the above link and it seems that Sun's versions of JSSE and JCE are not FIPS 140-2 cmpliant.
  Also I see the link which you have pointed out in the earlier, it seems JCE of JDK1.6 is compliant to FIPS 140-2.
  I am really confused, Please let me know your thoughts on that.
  Look forward your response.
  Thanks
  R.Ravikumar

• Are JSSE or JCE FIPS 140 compliant ?

  I have looked throught as much documentation as I can handle trying to find out if these packages are FIPS 140 compliant. I cannot find anything. I have looked at the web page http://csrc.nist.gov/cryptval/140-1/140val-all.htm and do not see anything from Sun as being approved. This is unfortunate and suprising to me that Sun has not put their own code through the approval process. Therefore I am unable to use the JSSE and JCE, and must use RSA BSAFE, which costs a fortune.
  Can anyone shed some light on this topic.
  ...Thank you.
  Mark

  I looked into this issue extensively last fall as we have a requirement
  to use a NIST certified encryption algorithm. At that time, the
  descriptions of Cert#s 247 & 248 in the table at
  http://csrc.nist.gov/cryptval/140-1/140val-all.htm looked very
  different. In fact, a reference to
  http://www.mozilla.org/projects/security/pki/nss/ appeared in the
  description as a means of obtaining a copy of NSS. I downloaded a
  version of NSS and attempted to use it (along with the JSS package
  also available at the mozilla site). After experimenting with NSS and
  JSS for some time, I just could not get it to work (can't recall now
  exactly what the issues were at that time).
  We abandoned the NSS approach with the expectation of obtaining a
  temporary exemption of this requirement; however, this requirement has
  now come full circle and is back on my plate. If we have to purchase
  a third-party tool, so be it; however, it would sure be nice to hear
  from the source exactly what, if anything, is occurring with regards
  to NIST certification. Thanks.
  -Mark
  I have looked throught as much documentation as I can
  handle trying to find out if these packages are FIPS
  140 compliant. I cannot find anything. I have looked
  at the web page
  http://csrc.nist.gov/cryptval/140-1/140val-all.htm and
  do not see anything from Sun as being approved. This
  is unfortunate and suprising to me that Sun has not
  put their own code through the approval process.
  Therefore I am unable to use the JSSE and JCE, and
  must use RSA BSAFE, which costs a fortune.
  Can anyone shed some light on this topic.
  ...Thank you.
  Mark

• NSS FIPS 140-2 encryption for Glassfish App Server on Windows

  We would like to configure Java such that our web service communications will be encrypted in a manner that is FIPS 140-2 compliant.
  I see here that Sun has achieved success in compliance testing in conjunction with the NSS libraries from Mozilla:
  http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#814
  I found Andrea's excellent blog which took me through steps in setting up the ..\jre\lib\security\java.security file and in setting up the nss.cfg file:
  http://blogs.sun.com/andreas/entry/elliptic_curve_cryptography_in_java
  However, when I go to the download of Mozilla \ NSS the latest releases only provide the C code tar bundles. The latest release that provided the binaries for Windows was 3.11 and that was for Windows NT.
  ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_RTM/
  I was therefore hoping that someone might have a step-by-step such that I could create these binaries for Windows XP and Windows Vista. Or even better someone might know of a site where I could download them.
  Other information: Our installation of Glassfish also has Metro installed.
  Thanks for any help or advice.

  Again you are a winner!
  I found certutil and modutil under C:\Mozilla\nss-3.12.4-with-nspr-4.8\mozilla\dist\WINNT5.1_DBG.OBJ\bin and the -N -d . was exactly what I needed.
  I found this blog: http://blogs.sun.com/arnabold/entry/jks_nss_and_glassfish It is a little dated but I need to somehow get Glassfish start-up to recognize my keystore as FIPS.
  The error that I am seeing when I attempt to start GlassfishV2.1 from Netbeans is:
  CORE5076: Using [Java HotSpot(TM) Client VM, Version 1.6.0_13] from [Sun Microsystems Inc.]
  Using MQ RA for Broker lifecycle control
  SEC1002: Security Manager is OFF.
  java.lang.reflect.InvocationTargetException
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.sun.enterprise.server.PELaunch.main(PELaunch.java:415)
  Caused by: java.lang.ExceptionInInitializerError
  at com.sun.enterprise.security.SecurityLifecycle.onInitialization(SecurityLifecycle.java:101)
  at com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:262)
  at com.sun.enterprise.server.ondemand.OnDemandServer.onInitialization(OnDemandServer.java:103)
  at com.sun.enterprise.server.PEMain.run(PEMain.java:399)
  at com.sun.enterprise.server.PEMain.main(PEMain.java:336)
  ... 5 more
  Caused by: java.lang.IllegalStateException: java.security.KeyStoreException: FIPS mode: KeyStore must be from provider SunPKCS11-NSS
  at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:128)
  ... 10 more
  Caused by: java.security.KeyStoreException: FIPS mode: KeyStore must be from provider SunPKCS11-NSS
  at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:44)
  at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
  at com.sun.enterprise.security.SSLUtils.initKeyManagers(SSLUtils.java:320)
  at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:106)
  ... 10 more
  I am hoping perhaps someone can tell me how to overcome this one, or point me to a blog that would provide instructions.
  Thanks again for your help.

• SAP Java Crypto Toolkit was not found

  Hi,
  I m trying to install Netweaver 7.0 BI and portal with SR3 package. Installation is Cluster installation on windows 2008 and sql 2008 platform. When I came to Centarl instance installtion. On Start Java Phase I had the error. I put the error below. I check the notes Note 1071472 - FileSystem SecureStore connection issues, Note 914818 - JSPM: Could not detect database, Note 1154133 - JSPM: SAP Java Crypto Toolkit was not found.
  Thank you For your Help.
  Bootstrap MODE:
  <INSTANCE GLOBALS>
  determined by parameter [ID0276347].
  Exception occurred:
  com.sap.engine.bootstrap.SynchronizationException: Database initialization failed! Check database properties!
       at com.sap.engine.bootstrap.Bootstrap.initDatabaseConnection(Bootstrap.java:476)
       at com.sap.engine.bootstrap.Bootstrap.<init>(Bootstrap.java:146)
       at com.sap.engine.bootstrap.Bootstrap.main(Bootstrap.java:971)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
  ==[ Caused by: ]==----
  com.sap.engine.frame.core.configuration.ConfigurationException: Error while connecting to DB.
       at com.sap.engine.core.configuration.impl.persistence.rdbms.DBConnectionPool.<init>(DBConnectionPool.java:115)
       at com.sap.engine.core.configuration.impl.persistence.rdbms.PersistenceHandler.<init>(PersistenceHandler.java:38)
       at com.sap.engine.core.configuration.impl.cache.ConfigurationCache.<init>(ConfigurationCache.java:149)
       at com.sap.engine.core.configuration.bootstrap.ConfigurationManagerBootstrapImpl.init(ConfigurationManagerBootstrapImpl.java:236)
       at com.sap.engine.core.configuration.bootstrap.ConfigurationManagerBootstrapImpl.<init>(ConfigurationManagerBootstrapImpl.java:49)
       at com.sap.engine.bootstrap.Synchronizer.<init>(Synchronizer.java:74)
       at com.sap.engine.bootstrap.Bootstrap.initDatabaseConnection(Bootstrap.java:473)
       at com.sap.engine.bootstrap.Bootstrap.<init>(Bootstrap.java:146)
       at com.sap.engine.bootstrap.Bootstrap.main(Bootstrap.java:971)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
  Caused by: com.sap.sql.log.OpenSQLException: Error while accessing secure store: Encryption or decryption is not possible because the full version of the SAP Java Crypto Toolkit was not found (iaik_jce.jar is required, iaik_jce_export.jar is not sufficient) or the JCE Jurisdiction Policy Files don't allow the use of the "PbeWithSHAAnd3_KeyTripleDES_CBC" algorithm..
       at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:106)
       at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:145)
       at com.sap.sql.connect.OpenSQLDataSourceImpl.setDataSourceName(OpenSQLDataSourceImpl.java:226)
       at com.sap.sql.connect.OpenSQLDataSourceImpl.setDataSourceName(OpenSQLDataSourceImpl.java:197)
       at com.sap.engine.core.configuration.impl.persistence.rdbms.DBConnectionPool.<init>(DBConnectionPool.java:112)
       ... 13 more
  Caused by: com.sap.security.core.server.secstorefs.NoEncryptionException: Encryption or decryption is not possible because the full version of the SAP Java Crypto Toolkit was not found (iaik_jce.jar is required, iaik_jce_export.jar is not sufficient) or the JCE Jurisdiction Policy Files don't allow the use of the "PbeWithSHAAnd3_KeyTripleDES_CBC" algorithm.
       at com.sap.security.core.server.secstorefs.SecStoreFS.openExistingStore(SecStoreFS.java:1975)
       at com.sap.sql.connect.OpenSQLConnectInfo.getStore(OpenSQLConnectInfo.java:802)
       at com.sap.sql.connect.OpenSQLConnectInfo.lookup(OpenSQLConnectInfo.java:783)
       at com.sap.sql.connect.OpenSQLDataSourceImpl.setDataSourceName(OpenSQLDataSourceImpl.java:209)
       ... 15 more
  Caused by: javax.crypto.NoSuchPaddingException: Padding 'PKCS5Padding' not implemented.
       at iaik.security.cipher.w.engineSetPadding(Unknown Source)
       at iaik.security.cipher.PbeWithSHAAnd3_KeyTripleDES_CBC.<init>(Unknown Source)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
       at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
       at java.lang.Class.newInstance0(Class.java:308)
       at java.lang.Class.newInstance(Class.java:261)
       at javax.crypto.SunJCE_b.a(DashoA12275)
       at javax.crypto.SunJCE_b.a(DashoA12275)
       at javax.crypto.Cipher.a(DashoA12275)
       at javax.crypto.Cipher.getInstance(DashoA12275)
       at com.sap.security.core.server.secstorefs.Crypt.<init>(Crypt.java:220)
       at com.sap.security.core.server.secstorefs.SecStoreFS.<init>(SecStoreFS.java:1346)
       at com.sap.sql.connect.OpenSQLConnectInfo.getStore(OpenSQLConnectInfo.java:798)
       ... 17 more
  [Bootstrap module]> Problem occurred while performing synchronization.

  Hi
  > > Caused by: com.sap.sql.log.OpenSQLException: Error while accessing secure store: Encryption or decryption is not possible because the full version of the SAP Java Crypto Toolkit was not found (iaik_jce.jar is required, iaik_jce_export.jar is not sufficient) or the JCE Jurisdiction Policy Files don't allow the use of the "PbeWithSHAAnd3_KeyTripleDES_CBC" algorithm..
  >      at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:106)
  >      at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:145)
  >      at com.sap.sql.connect.OpenSQLDataSourceImpl.setDataSourceName(OpenSQLDataSourceImpl.java:226)
  >      at com.sap.sql.connect.OpenSQLDataSourceImpl.setDataSourceName(OpenSQLDataSourceImpl.java:197)
  >      at com.sap.engine.core.configuration.impl.persistence.rdbms.DBConnectionPool.<init>(DBConnectionPool.java:112)
  It looks like the JCE file which you have downloaded is not the correct one. As you can see some jar files are missing. Check JCE files.
  Check SAP Note 1240081 - "Java Cryptography Extension Jurisdiction Policy" files
  Thanks
  Sunny

• How to change the Windows Registry to enable FIPS 140 in Acrobat Pro XI?

  Is there a set of instructions that identifies the registry key to enable FIPS 140?

  http://www.adobe.com/devnet-docs/acrobatetk/tools/PrefRef/Windows/AVGeneral.html#FIPSCompl iance
  Also some general info: 2   Pre-deployment Configuration — Digital Signatures Guide for IT
  hth,
  Ben

• FIPS 140-2 encryption for Acrobat 9 Pro on Mac?

  I wonder if anyone can help? I need to send documents using the FIPS 140-2 standard. Is this possible on Mac I read somewhere that it isn't!! I don't want to buy another piece of software (i.e. PGP). Any suggestions? Needs to be fairly step by step help.
  Many thanks.
  RuralTim

  FIPS for Acrobat is indeed a Windows only feature.
  see page 112 of this pdf: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3993&promoid=DTEHS
  Can only suggest to setup a vm image of windows and download a trial of either Acrobat Pro 9 or APEX for inwdows and do it there.

• Set image path in java class library

  Hi,
  I created a java class library project and made .jar file. My java class library contains .jpg files in separete folder named as Images. My .jar file contains list of classes and image folder also but when i am using .jar file in applet. java class library is working but images are not shown. Let me know how to create imageicon to show images also in the class library

  ImageIcon icon = new ImageIcon(getClass().getResource(path-to-file));