So we recently updated Java on our Centos servers to java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64/
from java-1.8.0-openjdk-1.8.0.60-2.b27.el7_1.x86_64
and we ran into problems with communications and TLS encryption, etc. We discovered the solution to those issues being the java.security
file was not being overwritten with the new one (as we have specified BouncyCastleProvider in the file). Once we moved the java.security.rmpnew
into place as java.security
, our communication problems went away.
所以我们最近将Centos服务器上的Java更新为java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64 / from java-1.8.0-openjdk-1.8.0.60-2.b27.el7_1.x86_64我们遇到了通信和TLS加密等问题。我们发现这些问题的解决方案是java.security文件没有被新的覆盖(正如我们在文件中指定了BouncyCastleProvider)。一旦我们将java.security.rmpnew作为java.security移动到位,我们的通信问题就消失了。
We did NOT update the new java.security
file with the BouncyCastleProvider
, however, yet the encryption in our application, which uses the BouncyCastleProvider
, did NOT break. We even removed the bcprov-*.jar
from the jre/lib/ext
directory, restarted tomcat, rebooted the entire server, and STILL it works. I have checked the release notes and not found anything mentioning it. I worry that these changes will eventually break and our encryption will start to fail. Yet it is working WITHOUT and BouncyCastleProvider
on the server.I have checked the release notes and not found anything mentioning it. I worry that these changes will eventually break and our encryption will start to fail. Yet it is working WITHOUT and BouncyCastleProvider
on the server.
我们没有使用BouncyCastleProvider更新新的java.security文件,但是,我们的应用程序中使用BouncyCastleProvider的加密并没有中断。我们甚至从jre / lib / ext目录中删除了bcprov - * .jar,重新启动了tomcat,重新启动了整个服务器,并且它仍然有效。我检查了发行说明,没有找到任何提及它的内容。我担心这些更改最终会破坏,我们的加密将开始失败。然而它正在服务器上运行WITHOUT和BouncyCastleProvider。我检查了发行说明,但没有找到任何提及它的内容。我担心这些更改最终会破坏,我们的加密将开始失败。然而它正在服务器上运行WITHOUT和BouncyCastleProvider。
TLDR; my question is is BouncyCastle now included in Java8? We have removed the provider from java.security and the bcprov.jar from the /ext directory and it is still working. We are using jasypt v1.9.2
for the encryption.
TLDR;我的问题是BouncyCastle现在包含在Java8中了吗?我们已经从java.security中删除了提供程序,从/ ext目录中删除了bcprov.jar,它仍在运行。我们使用jasypt v1.9.2进行加密。
pom.xml
的pom.xml
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.52</version>
<scope>provided</scope>
</dependency>
Code:
码:
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
String algorithm = "PBEWITHSHA256AND256BITAES-CBC-BC";
String providerName = "BC";
encryptor.setAlgorithm(algorithm);
encryptor.setProviderName(providerName);
String encData = EMPTY_STRING;
try{
encryptor.setPassword("myPassword");
encData = encryptor.encrypt(dataToEncrypt);
}
1 个解决方案
#1
1
No. BouncyCastle isn't included in OpenJDK 8, or prior versions.
没有.BouncyCastle不包含在OpenJDK 8或以前的版本中。
Most likely, the library is bundled in the web applications or is present in one of Tomcat's extension libraries.
最有可能的是,该库捆绑在Web应用程序中,或者存在于Tomcat的一个扩展库中。
#1
1
No. BouncyCastle isn't included in OpenJDK 8, or prior versions.
没有.BouncyCastle不包含在OpenJDK 8或以前的版本中。
Most likely, the library is bundled in the web applications or is present in one of Tomcat's extension libraries.
最有可能的是,该库捆绑在Web应用程序中,或者存在于Tomcat的一个扩展库中。