Using Sun JCE provider on top of IBM SDK

Question

Hi, I need to use Sun JCE provider in an application that is running on IBM Websphere. This can be achieved by specifying the security_provider.1=com.sun.crypto.provider.SunJCE. Some parts of my application make use of SSL facilities of IBM.

I want to know whether configuring the SunJCE provider affects the JSSE provider usage in other parts of my application.

The other question I wanted to ask is, is there any way I can continue using IBM JDK defaults (JCE< JSSE and other) and use only Sun JCE wherever required. I mean I will configure Sun JCE Provider as the last one security_provider.10. And in the code base where I need to use Sun JCE provider, I will explicitly provide the provider name in my Crypto related classes. For ex Cipher cip = Cipher.getInstance("DES","Sun")..

Please let me know which is the best way.

Answer 1

To specify a security provider you should do that what you've said:

Cipher cip = Cipher.getInstance("DES","Sun")

But the Sun provider is named "SunJCE", the IBM's is "IBMJCE". You can use thir-party providers too as BouncyCastle. You should take care of the "ProviderNotFound" exception.

This will use the Sun implementation:

Cipher cip = Cipher.getInstance("DES","SunJCE")

This will use the IBM implementation:

Cipher cip = Cipher.getInstance("DES","IBMJCE")

If your are using the IBM SDK, this will do the same:

Cipher cip = Cipher.getInstance("DES")

By the way, if you install (editing the security SDK files) the Sun provider as the LAST provider, that shouldn't affect your application in any way because when you look for an algorithm, the JCE API will look for the first provider instances, then for the second, and so on (when it founds the algorithm, it stops).