27

I'm trying to use bouncycastle to encrypt a file using a public key. I've registered the provider programatically:

Security.addProvider(new BouncyCastleProvider());

I created the public key object successfully.

when i get to encrypting the file using a PGPEncryptedDataGenerator and the key I get a ClassNotFound exception.

It seems the provider can't find this class at runtime, though I know for sure I have its jar...

I'm running my app on tomcat. Using maven to handle dependencies - the bouncy castle jars I put are bcpg, bcprov, bcmail, bctsp. I tried using both the 1.4 and the 1.6 versions without success. I used the "dependency hierarchy" in maven plugin for eclipse and exclusions in the pom to make sure that there are no multiple versions of bouncycastle in my project.

This is the stack trace:

org.bouncycastle.openpgp.PGPException: exception encrypting session key
        at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
        at org.bouncycastle.openpgp.PGPEncryptedDataGenerator.open(Unknown Source)
.....(web application stack trace and uninteresting stuff).....
Caused by: java.security.NoSuchAlgorithmException: No such algorithm: ElGamal/ECB/PKCS1Padding
        at javax.crypto.Cipher.getInstance(DashoA13*..)
        at org.bouncycastle.openpgp.PGPEncryptedDataGenerator$PubMethod.addSessionInfo(Unknown Source)
        ... 42 more
Caused by: java.security.NoSuchAlgorithmException: class configured for Cipher(provider: BC)cannot be found.
        at java.security.Provider$Service.getImplClass(Provider.java:1268)
        at java.security.Provider$Service.newInstance(Provider.java:1220)
        ... 44 more
Caused by: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.JCEElGamalCipher$NoPadding
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1676)
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1521)
        at java.security.Provider$Service.getImplClass(Provider.java:1262)
Sam
  • 305
  • 1
  • 3
  • 6

3 Answers3

23

You have a BouncyCastle Security provider installation problem, you need to either

  • Add BouncyCastle to the JRE/JDK $JAVA_HOME/jre/lib/security/java.security file as a provider (be sure that you add it to the JRE you use when running, eg. if you have multiple JRE's/JDK's installed)

eg.

security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider

(and renumber the security providers below it - don't put it as the highest priority provider).

  • or you can add BouncyCastle programmatically, as you were trying to do above, but in this case the security policy $JAVA_HOME/jre/lib/security/java.policy should be "unlimited" (you can probably download an unlimited policy file from the Java homepage).
egbokul
  • 3,944
  • 7
  • 36
  • 54
  • 1
    Can you provide some more technical details for each method? – Sam Aug 02 '11 at 11:32
  • do you need to put all the bouncycastle jars in lib/ext? do you need to restart anything for the changes to take place? – Sam Aug 02 '11 at 11:40
  • IIRC yes to the first question, and yes, of course, you must restart the JVM (for example, if you are running Glassfish, or any other AppServer that needs to use BouncyCastle). – egbokul Aug 02 '11 at 14:30
  • Technical details: other than editing a text file, in case of the first method, not much else is required. – egbokul Aug 02 '11 at 14:31
  • Thanks a lot. Using this info and some info I found on bouncy mailing list I was able to solve the problem. – Sam Aug 02 '11 at 14:53
  • 7
    Recap for anyone having the problem: Don't add bouncy castle programatically. define it in $JAVA_HOME/jre/lib/security/java.security and put bouncy libs in jre/lib/ext. if your running you app on tomcat and using maven as i am then use maven to set dependencies scope to provided, redeploy your app with these settings and restart tomcat so it can "view" the new libs you put in lib/ext – Sam Aug 02 '11 at 14:56
  • NB: Personally I got luck with inserting BC at the 2nd place in `java.policy` (as opposite to the last place). – Pavel Vlasov Oct 31 '13 at 10:58
  • @Sam didn't get the maven one. I am facing similar issue. I am running it on maven tomcat 8 and facing compilation error - `package org.bouncycastle.cert does not exist` – NoobCoder Aug 01 '22 at 13:55
9

In my case it worked fine one time, but then later I got ClassNotFoundException when trying to use BC. I restarted Tomcat and then it worked fine.

I think if you redeploy the app, like you do often while developing, it stops working. JNI is another thing which suffers from this problem.

In our case this isn't a problem. We never redeploy on the test and production systems. I prefer shipping the jar with the app instead of having to manually copy it to the container lib directory.

Sarel Botha
  • 12,419
  • 7
  • 54
  • 59
  • 1
    I had `java.security.NoSuchAlgorithmException` after reloading just my webapp. This went away when I restarted Tomcat. – dave Nov 26 '18 at 22:33
3

You need to add javapns.jar and bcprove-jdk15on-1.47.jar file in your lib folder

import javapns.Push;

import org.apache.log4j.BasicConfigurator;

public class SendPushNotification {

  public static void main(String[] args) {

    try {

        BasicConfigurator.configure();
        Push.alert("Hello World!", "Cetificate.p12", "password", false,
                "mydeviceToken");

    } catch (Exception e) {
        System.out.println(e);
    }

   }

}
Imane Fateh
  • 2,418
  • 3
  • 19
  • 23
RamChandra Bhakar
  • 27
  • 6
  • javapns.jar is not needed for code which needs bcprov. (It is the other way around, but javapns usage is not related to the question.) – anre Jun 22 '20 at 10:42