I have been able to run decryption and encryption locally using the bouncycastle jars. I have generated keys that I want to put the public key a client (Java and Android) and the private key in a web service. I have been able to encrypt and encoded a message and send the encrypted message to the webservice (on a hosted service by Lunarpages), but the webservice decryption fails with a FileNotFoundException on the line
BouncyCastleProvider bc = new BouncyCastleProvider();
or
Security.addProvider(new BouncyCastleProvider());
The bcprov-ext-jdk14-146.jar and the bcprov-jdk14-146.jar is included in the web-inf lib directory.
Is there something I can do programmatic to enable this or does Lunarpages have to do something?
I couldnt even get a stacktrace to print for me and so I thought I might attempt a different provider to see if I get a better response - the SunJCE.
access denied (java.security.SecurityPermission insertProvider.SunJCE)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:269) java.security.AccessController.checkPermission(AccessController.java:401) java.lang.SecurityManager.checkPermission(SecurityManager.java:524) java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1673) java.security.Security.check(Security.java:1307) java.security.Security.insertProviderAt(Security.java:697) java.security.Security.addProvider(Security.java:757) net.wpstudios.tcws.pgp.RSAEncrypt.generateKeys(RSAEncrypt.java:81) javax.servlet.http.HttpServlet.service(HttpServlet.java:165) javax.servlet.http.HttpServlet.service(HttpServlet.java:103) com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:96) com.caucho.server.http.Invocation.service(Invocation.java:315) com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:135) com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:346) com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:274) com.caucho.server.TcpConnection.run(TcpConnection.java:139) java.lang.Thread.run(Thread.java:534)
Does the FileNotFound exception matter? Obviously the caucho server setup is using access restrictions on adding providers. Never mind that, if you want to develop some application level encryption/decryption you can simply use the bouncy castle crypto API directly. It's not as friendly as the JCE but it is useable enough. This might not work if you want to use a library that in its turn uses the JCA/JCE framework though.
Lunarpages is to change the permissions or add providers manually (using resin.conf, it seems), but it might be hard to change them just for you, unless you are the only one using the Java application server. It never hurts to ask I suppose.