Problem: MyProvider is not signed by a trusted party

Hi, I'm Patrik, from university of Bologna, Italy.
I'm developing a small application that include 6 different Ciphers. Some of this ciphers are "strange" like Caesar's Ciphers, and are not available in standard Providers; then I've decided to implement my own provider.
To begin I've implemented only One provider, called "MyProvider", I've compiled it, then I've build a JAR file. Then I've put it into the directory "{$Java.Home}"/lib/ext . Then I've tested It, but I receive the error message:
The provider MyProvider may not be signed by a trusted party.
I've tried to do it work in a lot of ways:
(1) Signing the JAR
(2) Modifyng permissions in java.security and in java.policy
(3) Downloading the unlimited strebgth jurisdiction files.
But I always receive the same error Message. It's a nightmare !!
It's possible to build a provider for JCE and do it work on my Computer ?
( I'm using jdk1.4.1 )
Thanks in advance : Patrik ( [email protected] )

The Sun JCE will only instantiate Providers that are signed by Sun - and they'll only sign Providers for "major vendors". To implement your own Provider, I believe you need to find a "clean room" replacement for the jce.jar, and use it instead of the one in the JDK. I don't have any pointers handy, but I'm pretty sure there is such a beast out there - perhaps someone else can provide us with a URL.
Grant

Similar Messages

  • Error: provider may not be signed by a trusted party

    I am running with the latest Cryptix JCE, and I getting "provider may not be signed by a trusted party" error when using the Cipher Engine. I ran with the supplied cryptix-jce-provider.jar file and one that is signed by me using a code signing certificate obtained from SUN. I have the same error in both cases. The error message said that the jar should not be signed by a trusted party, but I think it is supposed to mean it is not signed by a trusted party. Does anybody know what's is going on, and why am I getting this error?
    - Tak

    I do not have this problem if I am running as root. But if I am a normal user, I am getting this error or "cannot find any provider supporting RSA/ECB/PKCS#1 depending on what I am doing. Please note that I am putting the provider jar file in the jre/lib/ext directory. If I run my test with the provider specified as part of the classpath, then it worked OK regardless who I am. Does anybody have any ideas?
    - Tak Sze

  • JCE Problem(not signed by a trusted signer) with J2RE 1.4.1 IBM Windows usi

    The application is working fine with J2RE 1.3 but is giving the following error with J2RE 1.4.1.
    java.security.NoSuchProviderException: JCE cannot authenticate the provider SunJCE java.util.jar.JarException: file:/C:/Workspace5.1/ukfnwLOCALHOST/ukfnwWeb/WebContent/WEB-INF/lib/sunjce_provider.jar is not signed by a trusted signer.
    I am facing the same problem with IAIK, Cryptix and SunJCE Providers.
    Thanks for your help.

    I was facing the same issue. Some where on the web I read that the following would fix it-
    Move <j2sdk dir>/jre/lib/jce.jar to some other location. I did this and restarted the web server and my servlet works fine with cryptix and jsse libraries.
    Seonie

  • Bouncycastle, sun app server 8.1, jar is not signed by a trusted signer

    hi,
    i am facing following problem,
    im trying to use 3rd party security provider signed with SUN, however, after everything is properly configured and i run webapplication code (sun app server 8.1) that should load registered 3rd party provider application crashes with following exception:
    Caused by: java.util.jar.JarException: file:/usr/jdk/instances/jdk1.5.0/jre/lib/ext/bcprov-jdk15-138.jar is not signed by a trusted signer.
         at javax.crypto.SunJCE_d.b(DashoA12275)
         at javax.crypto.SunJCE_d.a(DashoA12275)
         at javax.crypto.SunJCE_d.a(DashoA12275)
         at javax.crypto.SunJCE_b.b(DashoA12275)
         at javax.crypto.SunJCE_b.a(DashoA12275)
         at javax.crypto.SunJCE_b.b(DashoA12275)
         at javax.crypto.Cipher.getInstance(DashoA12275)
         at sk.tempest.anypay.helpers.Sha1Signer.sign(Sha1Signer.java:38)
    this happens with both, bouncycastle and cryptix and both are having valid certrificates
    this is machine specific problem
    does anybody know or solution or at least some information what could cause this?
    Has to be Java Code Signing CA in NSS cert8.db of application server?

    importing public key?
    have you ever seen JCE source code?
    well if you write provider you have to send it to SUN they will sign it,
    with Java Code Signing CA certificate.
    These certficate's other part of asymetric cipher code is hardcoded in jce.jar
    JCESecurity.java.
    I finally solved that configuration problem with making own modified jce.jar.,
    with provider signature checking turned off.
    Btw i think problem was caused with multiple libraries in system using same classes.
    There was some archaic jce.jar in SUNwam or somewhere.

  • Getting Error in NW : jce.jar is not signed by a trusted signer.

    We have deployed our application on SAP NetWeaver 6.40 SP11. We have used j2sdk1.4.2._12 and in our application we are using cryptography. But when we start our application it is giving following exception
    java.lang.SecurityException: Cannot authenticate JCE framework java.util.jar.JarException: jar:file:/C:/j2sdk1.4.2_12/jre/lib/jce.jar!/ is not signed by a trusted signer.
    Same cryptography is working on other application servers.

    importing public key?
    have you ever seen JCE source code?
    well if you write provider you have to send it to SUN they will sign it,
    with Java Code Signing CA certificate.
    These certficate's other part of asymetric cipher code is hardcoded in jce.jar
    JCESecurity.java.
    I finally solved that configuration problem with making own modified jce.jar.,
    with provider signature checking turned off.
    Btw i think problem was caused with multiple libraries in system using same classes.
    There was some archaic jce.jar in SUNwam or somewhere.

  • The provider BC may not be signed by a trusted party

    Hi all,
    I have encountered the runtime error of...
    [error] java.lang.SecurityException: The provider BC may not be signed by a trusted party [error]
    ...while using j2sdk1.4.2_04
    Meanwhile the same piece of test code didn't prompt any error if I use jdk1.3.1_06
    I guess I have done the necessary steps:
    - install the unrestricted policy files at <JAVA_HOME>/jre/lib/security
    - place my bcprov-jdk14-122.jar at <JAVA_HOME>/jre/lib/ext
    What's really wrong? Can someone please guide? Many thanks in advanced...

    FYI, I also done the following steps according to thread at http://forum.java.sun.com/thread.jsp?thread=487735&forum=9&message=2293004
    >
    Solution: Place the following archive files in the directory %java_home%/jre/lib/ext:
    - the unrestricted JCE archives; local_policy & US_export_policy (available for download)
    - the jce archive from %java_home%/jre/lib/security
    - you should also already have the sunjce_provider but in case you are missing it add it here also
    However, according to this...
    >
    You can try placing all security related jars(US_export_policy.jar,sunjce_provider.jar,Jce1_2_2.jar,local_policy.jar) on the following folder jdkhome\jre\lib\ext.
    Why do I need to place Jce1_2_2.jar in my ext path since I am already using j2sdk1.4.2_04?

  • The provider SunJCE may not be signed by a trusted party...

    Hi all, first time poster, long time reader
    I am having a bit of an issue getting encryption to work in Java and I thought I'd ask for some tips. I have scoured the 'net by and far, read every thread here and still I am at a loss.
    Background:
    OS: WinXP
    Java ver: j2sdk 1.4.2_01
    IDE: Eclipse 3.0.1
    Location: Canada (Maybe this is the trouble, dunno)
    End goal: two way encryption to enable storage & retrieval of data for a school project
    I have boiled down the error producing code to this:
    package security;
    import java.security.*;
    import javax.crypto.*;
    public class JCEProviderCheck {
        public static void main(String[] args) {
            Provider p = Security.getProvider("SunJCE");
            System.out.println("My provider name is " + p.getName());
            System.out.println("My provider version # is " + p.getVersion());
            System.out.println("My provider info is " + p.getInfo());
            System.out.println ("Home: " + System.getProperty("java.home"));
            Security.addProvider(new com.sun.crypto.provider.SunJCE());
            try {
                Cipher c = Cipher.getInstance("DES", "SunJCE");
                System.out.println("My Cipher algorithm name is " + c.getAlgorithm());
            } catch (Exception e) {
                e.printStackTrace(System.out);
    }The output:
    My provider name is SunJCE
    My provider version # is 1.42
    My provider info is SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
    Home: C:\Program Files\j2sdk1.4.2_01\jre
    java.lang.SecurityException: The provider SunJCE may not be signed by a trusted party
         at javax.crypto.SunJCE_b.a(DashoA6275)
         at javax.crypto.Cipher.a(DashoA6275)
         at javax.crypto.Cipher.getInstance(DashoA6275)
         at security.JCEProviderCheck.main(JCEProviderCheck.java:29)I have checked and re-checked both java.policy and java.security plus made sure the following jars are in %JAVA_HOME%\lib\ext:
    local_policy.jar
    sunjce_provider.jar
    US_export_policy.jar
    Is there some glaringly obvious step I have overlooked? Any help would be greatly appreciated
    -Kev

    I am seeing a related bug to this under jdk1.5_04 / Win32. Very strange behavior...
    KeyAgreement keyAgreement = KeyAgreement.getInstance( algo );
    intermittently throws an exception:
    Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: DiffieHellman, provider: SunJCE, class: com.sun.crypto.provider.DHKeyPairGenerator)
    at java.security.Provider$Service.newInstance(Provider.java:1155)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
    at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:177)
    ... 54 more
    Caused by: java.lang.SecurityException: class "com.sun.crypto.provider.DHKeyPairGenerator"'s signer information does not match signer information of other classes in the same package
    at java.lang.ClassLoader.checkCerts(ClassLoader.java:775)
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:487)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:614)
    Trying the same on RH Linux works fine.
    PS. I am in the US and we did not unpackage/repackage the JARS.

  • Problem with placing self-signed certificate in trust store on WLS 10.3

    I have had some problems setting up two-way SSL on WLS 10.3.2.
    1. I have not been able to use the java properties listed on
    http://weblogic-wonders.com/weblogic/2010/11/09/enforce-weblogic-to-use-sun-ssl-implementation-rather-than-certicom/
    to use the native Java SSL implementation rather than the certicom. Has anyone else had success using these?
    -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
    -Dssl.SocketFactory.provider=com.sun.net.ssl.internal.SSLSocketFactoryImpl
    -DUseSunHttpHandler=true
    -Dweblogic.wsee.client.ssl.usejdk=true (for webservice clients)
    2. When I use the ValidateCertChain to validate my keystore with the self-signed certificate I get the message
    CA cert not marked with critical BasicConstraint indicating it is a CA
    Certificate chain is invalid
    which I read was a problem with certificates generated by keytool, yet I find I was not able to circumvent this
    by setting the property weblogic.security.SSL.enforceConstraints to off in the WLS server environment.
    Has anyone else noticed this?
    3. The error I get is
    ####<Feb 15, 2011 1:12:21 PM EST> <Debug> <SecuritySSL> <hostname> <server
    <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1297793541204> <BEA-000000> <Exception during hands
    hake, stack trace follows
    java.lang.NullPointerException
    at com.certicom.security.cert.internal.x509.X509V3CertImpl.checkValidity(Unknown Source)
    at com.certicom.security.cert.internal.x509.X509V3CertImpl.checkValidity(Unknown Source)
    at com.certicom.tls.interfaceimpl.CertificateSupport.findInTrusted_Validity(Unknown Source)
    ####<Feb 15, 2011 1:12:21 PM EST> <Debug> <SecuritySSL> <hostname> <server> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tunin
    g)'> <<WLS Kernel>> <> <> <1297793541207> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 40
    java.lang.Exception: New alert stack
    at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
    at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
    Are there other conditions besides the issue about the missing Basic Constraint field that can raise an
    alert with type 40?
    4. Steps I used to generate jks keystore for inclusion in trust keystore (actual values substituted):
    ** keytool -genkey -alias mykey -keystore mykeystore -validity 35600 \
    -dname "cn=Common Name, ou=Common Name, o=Org, l=location, s=state, c=US" \
    -storepass mypass -keypass mypass
    ** exported a DER format head certificate of mykey into mykey.cer.der
    ** keytool -import -trustcacerts -keystore DemoTrust.jks -alias mykey -file mykey.cer.der
    Any comments appreciated and thanks for this forum.

    Faisal,
    Certicom has an internal restriction that a Date must be notBefore 1970 and notAfter 2105 inclusive.The Java-generated key is valid until Wed Mar 14 11:03:59 EDT 2108. Your knowledge of this area is
    quite impressive, thank you so much for this!

  • The provider ABA may not be signed by a trusted party

    I am trying to upgrade from 1.3.1_06 to 1.4.2_10 and I have an issue using the JCE solution I currently use. I have managed to sign the jce.jar file and have put it in the /lib/ext/ directory so it's permissions have all been correctly set. I have also exported the signing certificate and imported it into the CACERTS file, I am still however getting the error in the subject, Can anyone help with this.

    Is this a provider that provides JCE functionality (Cipher/KeyAgreement/MAC/etc.)? If so, did you sign with a JCE code signing cert issued from Sun, or from a cert you created?
    Also, I would suggest maybe using a different name than jce.jar, so you don't inadvertantly create confusion with the Sun jce.jar file.

  • HT5622 i can not sign in into i cloud , apple account error 403 is displayed ..... but the same apple id is used in several places except icloud plz guide me

    i am APPLE user and i am facing problem i can not sign in into i cloud , apple account error 403 is displayed ..... but the same apple id is sucessfully used in several places except icloud plz guide me

    Actually, that means you've reached the limit of three new iCloud accounts on this device. The only way to fix is to create the new account on a computer or another iOS device, then setup the account on your existing device.

  • Ovi Suite 3.0.0.284 "Could not sign in" problem (N...

    Hi,
    I have just installed Ovi suite 3.0.0.284 as suggested through software update and it works but I cannot sign into my account. I enter my details and I get an error as attached.
    The following things are ok:
    I can check for updates
    I can sync everything
    I can download new maps
    I can browse the internet on my computer and get my email, etc
    I can logon to Ovi online with these details and I could be fore upgrading.
    Does anyone else have this problem or a solution?
    Thanks, Rob
    PS I have no proxy's set, this is at home on broadband.
    Attachments:
    PrtScr capture.jpg ‏12 KB
    PrtScr capture_2.jpg ‏19 KB

    HI,
    Some suggestions for your Ovi account issues:
    I can not sign in my Ovi account with Nokia Ovi Suite 3.0, why?
    With Nokia Ovi Suite there is currently a known problem with expired certificates that can potentially prevent OVI account sign-in.
    As a workaround you can remove the problematic certificates manually:
    Go to Internet Explorer > Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities. Delete all GTE CyberTrust certificates whose expiration date has passed. You should be left with one GTE certificate that is valid.
    Why i am not able to sign my Nokia Ovi account with Nokia Ovi Suite?
    -Intermittent problems are most likely network connectivity or server problems.
    If the user cannot sign in at all through Nokia Ovi Suite (NOS) but can sign in to ovi.com through a web browser then the reason is most likely one of the following:
    - firewall settings do not allow nokia server process to communicate with the server,
    - proxy settings are not configured correctly in Internet Explorer (NOS uses IE proxy configuration),
    - proxies require authentication but credentials have not been provided in NOS settings,
    - the internet service provider does not allow access to ovi.com (but in this case sign in with a browser would not work either if the same network connection is being used), or
    - Windows WinTrust framework is not functional so nokia server cannot verify the signature of Nokia Ovi Suite (This may be a problem in pirate/unregistered versions of Windows or if the PC has been infected with a virus)
    Br
    Mahyav

  • Problem with Maverics: Can not sign in to App Store, Mac slow, Aperture not working

    I was using a Mac Book Pro 15" supplied with Snow Leopard. I have created an ID and used it to purchase apps such as Aperture. After buying an iPhone 5S, I wanted to share the contacts and was suggested by the seller to upgarde the Snow Leoprad to Maverics and use the iCloud. After installing the Maverics following happened:
    - I can use iCloud and share the contacts, mission completed
    - the Mac is running slow, really slow (as an old pc)
    - Aperture can not be used, a major problem since all of my photos are stroed on an external disk via Apeture
    - I can not sign in to App Sore to refresh my purchases and see if there is an update for Aperture
    - I tried to sign in by clicking the forgot password and entering my ID (e-mail address) but have received no mail - total mistery
    - I also see that the HP 7610 printer icon is not active and assume that will also be a problem
    What should I do? I need a fast running computer. I need Aperture, all of my private and business photos are accessible only via Aperture. I can sign in with the same ID/password on an iPad. The problem is obviously due to installing the Maverics. I do not have a time machine/capsule.
    Urgently need support, please help.
    Lanika

    LousyFool wrote:
    ... I enter my e-mail address and Apple ID ...
    Just for the record, you should enter your Apple ID ([email protected]) and password...
    Provided you did that and it doesn't work:
    You're using an account with parental control active?
    Do other logins with your Apple ID work? E.g. icloud.com, iTunes, ...?
    Correction: I did correctly enter my Apple ID and its password. And there are no parental controls.
    But I found a fix: I went to the Featured page and it showed me as logged in. I clicked the Account link and in the pop-up for that entered my Apple ID and Password. Now I can once again see my Purchases.
    It would seem to have been some undue delay or glitch at the Apple server end.

  • Dear Apple Good Morning Greetings from me. i use  IPHONE 5 in bangladesh. but now i facing a problem that is the signing problem the phone is not open even i cannot enter this phone is says Sign in to ICLOUD but i dont know the password what i do

    Apple please help me
    Good Morning
    Greetings from me.
    I used last 3 month  IPHONE 5 in bangladesh. but now i facing a problem that is the signing problem
    the phone is not open even i cannt enter this phone
    is says
    Sign in to ICLOUD
    Enter the Apple ID password for
    but i dont know the password. Please brother help me to use this phone. i brought this phone from some one 355pound. so i am in helpless.i am facing big trouble i dont have enough money for purchase another one. please help me...........................
    <E-mail Edited by Host>

    You need the previous owner to unlock it, unless they do you have a brick there is no other way .
    iPhone was probably stolen if you purchased on eBay, claim and get your money back
    See here
    http://support.apple.com/kb/HT5818
    for explanation of Activation lock
    APPLE will not help you

  • How can I solve the "could not sign in iTunes Store: An unknown error has occurred." problem

    after finishing watching a movie (paid movie), I tried renting another one but the "Could not sign in " error stopped me from doing that.  I have restarted the Apple TV many times, turned it off, restarted my cable modem, and much more. However, I am still getting this error. I would appreciate if anyone could give me a possible solution to this problem.
    Thanks.

    after finishing watching a movie (paid movie), I tried renting another one but the "Could not sign in " error stopped me from doing that.  I have restarted the Apple TV many times, turned it off, restarted my cable modem, and much more. However, I am still getting this error. I would appreciate if anyone could give me a possible solution to this problem.
    Thanks.

  • I do not use or have not signed up for a MobileMe Account but I am getting duplicates in my iCal for some reason.  All discussions I read are pointing to the MobileMe being the problem but it is not.  Please help me.  There must be another reason.

    I do not use or have not signed up for a MobileMe Account but I am getting duplicates in my iCal for some reason.  All discussions I read are pointing to the MobileMe being the problem but it is not.  Please help me.  There must be another reason all my entries appear twice. 

    If you wish to submit comments to Apple, the best way is to use their feedback pages.
    http://www.apple.com/feedback/itunesapp.html
    It's not likely that anyone from Apple will see your comments here among the thousands of other posts.
    Regards.

Maybe you are looking for

  • How to display data in table

    Hi all, can any one tell me how to display data in a table when user click on a button. i have created a node with a set of fields from different tables now how to write the logic to display data in that table. Thanks & Regards, Naveen

  • Newest update did not work

    I tried twice to update to the new software on my Apple TV, and got the same error message that the update was unsuccessful.  Any suggestions?

  • SD parts missing orders.

    Hi when I get and order in to the system its making a reservation in the system. For example if there is an order in the system it has a quantity of 10 in the system So the first order cam in with a quantity of 10. second order came in with a quantit

  • Deploying applets through workshop for weblogic

    Hi. I recently posted a question under the weblogic.developer.interest.workshop newsgroup, but was informed that this was not the appropriate place for such a post, and was directed here. Hope I will have more luck in here. We are creating a web appl

  • How do I call methods on a EJB?

    Hello! I have a couple of classes that I think would be nice of sharing among sevral sites at my Weblogic 8.13 There fore I guess it would be nice to assamble them in a EJB. For eg I have this class DatabaseAccessor that I guess would be nice to use