Database Encyrption using JCE provider

I was pulled to help others to solve issues for database encryption projects. One project is Jaguar manager plug in for Sybase Central, the other is a JBoss 7 web application built by myself.

I will write the problem and solution for the jboss 7 application in another post.

Background:

the database server would force connections using encrypted strings. For Sydbase JDBC driver, there are two properties to set
1. encrypt_password = true
2. JCE_provider = (eg.org.bouncycastle.jce.provider.BouncyCastleProvider)

refer to http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc20155.1500/html/newfesd/newfesd95.htm

general instructions on how to use JCE library, http://www.jasypt.org/non-default-providers.html
1. put the library on $JRE_HOME/lib/ext
2. enable the provider in java.security file

however, for Sybase central v3, based on JDK 1.4, it keeps throws below exception:

JZ0LA: Failed to instantiate Cipher object. Transformation RSA/NONE/
OAEPWithSHA1
AndMGF1Padding is not implemented by any of the loaded JCE providers.

according to Sybase, this basically means, the JCE provider jar is not class path. refer to: http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc39001.0707/html/prjdbc0707/CHDGJJIG.htm.

https://groups.google.com/forum/#!topic/sybase.public.jconnect/FD0XHvdVV6I

however, the weired stuff about sybase central v3 is that, it needs bouncycastle jce provider jdk1.4 jar bcprov-jdk1.4.jar plus, it needs jce-jdk1.3.jar, which replaced the default JDK1.4 jce jars.

The 2nd jar, the jce-jdk1.3.jar, provided by BC to override the JDK jce jar, caused me three hard days to figure out. And it’s from this page:

“Choose Your Cryptographic Provider
Sun’s JDK ships with a small set of cryptographic implementations and, in fact, doesn’t provide any asymmetric algorithms, like the industry-dominant RSA algorithms. In fact, many Java cryptology experts recommend avoiding Sun’s JCE provider altogether because once the Sun provider is loaded, it prevents the use of other providers (see Professional Java Security by Jess Garms and Daniel Somerfield for more details). ”

“I fired off several e-mails to Sybase engineers, but with the holiday break I hadn’t received a response prior to my submission deadline as to why this extra .jar might be necessary. ”
http://java.sys-con.com/node/106821/print

Powerbuild Application with JCE

Advertisements

Author: lwpro2

Java J2EE professional