I'm reading here and also http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation and also itext's white paper on digital signature.
here's a sniplet of itext's sample code:
BouncyCastleProvider provider = new BouncyCastleProvider();
Security.addProvider(provider);
KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
ks.load(new FileInputStream(path), pass);
Question: What is a security provider and what is it used for? Itext code uses the bouncycastle provider. Is it basically code used to hash the pdf and then later the private key is used to encrypt the hash? And what is the role of the "Security" library above where it says Security.addProvider(provider).
Thanks.
A security provider provides algorithm services to the runtime. These are implementations of algorithms, for instance Bouncy Castle adds a lot of algorithm implementations that extend CipherSpi (Spi means service provider implementation). Oracle provides CipherSpi classes as well, but it is limited to certain algorithms. These services are also used to implement e.g. KeyStoreSpi for "pkcs12", to make this more specific to your question.
Besides providing support for extra algorithms, providers can also be used to extend the functionality of the API, provide support for hardware tokens (smart cards, HSM's), specific key stores, faster implementations etc. . Bouncy however is mainly used because it extends the number of algorithms available. Usually you don't specify the provider name when requesting an algorithm, letting the system choose for you. But sometimes the algorithm provides (or provided) some specific advantage to the one in the Oracle providers (e.g. "SunJCE"). It may make sense to explicitly choose the provider as in your example code.
The Security class is a register. It can be used by the system to look and list the services present in the provider, using their names (as string) and aliases. To have an idea how this works, please try my answer here.