So we recently updated Java on our Centos servers to java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64/ from java-1.8.0-openjdk-1.8.0.60-2.b27.el7_1.x86_64 and we ran into problems with communications and TLS encryption, etc. We discovered the solution to those issues being the java.security file was not being overwritten with the new one (as we have specified BouncyCastleProvider in the file). Once we moved the java.security.rmpnew into place as java.security, our communication problems went away.

所以我们最近将Centos服务器上的Java更新为java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64 / from java-1.8.0-openjdk-1.8.0.60-2.b27.el7_1.x86_64我们遇到了通信和TLS加密等问题。我们发现这些问题的解决方案是java.security文件没有被新的覆盖（正如我们在文件中指定了BouncyCastleProvider）。一旦我们将java.security.rmpnew作为java.security移动到位，我们的通信问题就消失了。

We did NOT update the new java.security file with the BouncyCastleProvider, however, yet the encryption in our application, which uses the BouncyCastleProvider, did NOT break. We even removed the bcprov-*.jar from the jre/lib/ext directory, restarted tomcat, rebooted the entire server, and STILL it works. I have checked the release notes and not found anything mentioning it. I worry that these changes will eventually break and our encryption will start to fail. Yet it is working WITHOUT and BouncyCastleProvider on the server.I have checked the release notes and not found anything mentioning it. I worry that these changes will eventually break and our encryption will start to fail. Yet it is working WITHOUT and BouncyCastleProvider on the server.

我们没有使用BouncyCastleProvider更新新的java.security文件，但是，我们的应用程序中使用BouncyCastleProvider的加密并没有中断。我们甚至从jre / lib / ext目录中删除了bcprov - * .jar，重新启动了tomcat，重新启动了整个服务器，并且它仍然有效。我检查了发行说明，没有找到任何提及它的内容。我担心这些更改最终会破坏，我们的加密将开始失败。然而它正在服务器上运行WITHOUT和BouncyCastleProvider。我检查了发行说明，但没有找到任何提及它的内容。我担心这些更改最终会破坏，我们的加密将开始失败。然而它正在服务器上运行WITHOUT和BouncyCastleProvider。

TLDR; my question is is BouncyCastle now included in Java8? We have removed the provider from java.security and the bcprov.jar from the /ext directory and it is still working. We are using jasypt v1.9.2 for the encryption.

TLDR;我的问题是BouncyCastle现在包含在Java8中了吗？我们已经从java.security中删除了提供程序，从/ ext目录中删除了bcprov.jar，它仍在运行。我们使用jasypt v1.9.2进行加密。

pom.xml

的pom.xml

<dependency>
  <groupId>org.bouncycastle</groupId>
  <artifactId>bcprov-jdk15on</artifactId>
  <version>1.52</version>
  <scope>provided</scope>
</dependency>

Code:

码：

StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
String algorithm = "PBEWITHSHA256AND256BITAES-CBC-BC";
String providerName = "BC";

encryptor.setAlgorithm(algorithm);
encryptor.setProviderName(providerName);

String encData = EMPTY_STRING;

try{
  encryptor.setPassword("myPassword");
  encData = encryptor.encrypt(dataToEncrypt);
}

1 个解决方案

#1

---