I was pulled to help others to solve issues for database encryption projects. One project is Jaguar manager plug in for Sybase Central, the other is a JBoss 7 web application built by myself.
I will write the problem and solution for the jboss 7 application in another post.
the database server would force connections using encrypted strings. For Sydbase JDBC driver, there are two properties to set
1. encrypt_password = true
2. JCE_provider = (eg.org.bouncycastle.jce.provider.BouncyCastleProvider)
general instructions on how to use JCE library, http://www.jasypt.org/non-default-providers.html
1. put the library on $JRE_HOME/lib/ext
2. enable the provider in java.security file
however, for Sybase central v3, based on JDK 1.4, it keeps throws below exception:
JZ0LA: Failed to instantiate Cipher object. Transformation RSA/NONE/ OAEPWithSHA1 AndMGF1Padding is not implemented by any of the loaded JCE providers.
according to Sybase, this basically means, the JCE provider jar is not class path. refer to: http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc39001.0707/html/prjdbc0707/CHDGJJIG.htm.
however, the weired stuff about sybase central v3 is that, it needs bouncycastle jce provider jdk1.4 jar bcprov-jdk1.4.jar plus, it needs jce-jdk1.3.jar, which replaced the default JDK1.4 jce jars.
The 2nd jar, the jce-jdk1.3.jar, provided by BC to override the JDK jce jar, caused me three hard days to figure out. And it’s from this page:
“Choose Your Cryptographic Provider
Sun’s JDK ships with a small set of cryptographic implementations and, in fact, doesn’t provide any asymmetric algorithms, like the industry-dominant RSA algorithms. In fact, many Java cryptology experts recommend avoiding Sun’s JCE provider altogether because once the Sun provider is loaded, it prevents the use of other providers (see Professional Java Security by Jess Garms and Daniel Somerfield for more details). ”
“I fired off several e-mails to Sybase engineers, but with the holiday break I hadn’t received a response prior to my submission deadline as to why this extra .jar might be necessary. ”