I have a package containing java encryption/decryption services (using Cryptix32 provider) that works perfectly in IS6.0.1 SP3 environment with Sun JVM 1.4.2.

However, once I tried to install the package in IS6.1 and IS6.5 environments (both also with Sun JVM 1.4.2), the exception thrown when running the encryption/decryption services was: java.security.NoSuchAlgorithmException: algorithm TripleDES is not available from provider Cryptix.

The same cryptix jar files have been included in the package’s jars/static folder, and I could see them listed in the IS Administrator About page, so I think the most likely cause is some settings that I need to set in both IS6.1 and IS6.5. Initially the package loaded partially but after setting watt.server.reorderSecurityProviders=true in the server.cnf file and restarting, the package loaded completely. Can anyone help me?

The Cryptix32 provider may not be installed properly in the JVMs you are using for IS 6.1 and IS 6.5. This would ususally involve copying the security provider’s jar files to your JVM’s \jre\lib\ext folder and adding the provider name to the \jre\lib\security\java.security file.

It may also be that you have not installed the unlimited strength security policy files for the JVM’s in use on your IS 6.1 and IS 6.5 instances. The default policies impose key length restrictions shorter than what is used by TripleDES. However, I would have expected to see an “invalid key length” error rather than the one you listed.

Take a look at the attached README.TXT for the Cryptix32 JCE.

Why is the watt.server.reorderSecurityProviders setting necessary? Did WM Support suggest this?

Mark
README.TXT (6.69 KB)

In my IS 6.0.1 SP3 environment, the jar files were not placed in the JVM’s \jre\lib\ext folder but rather in the package’s jars\static folder (e.g. IntegrationServer\packages\PackageA\code\jars\static) and it works. The watt.server.reorderSecurityProviders setting is based on the IS6.0.1 SP3 readme.txt. As for the java.security file, the provider names are added programatically with an addProvider java service that runs during the package startup.

BTW, I removed the watt.server.reorderSecurityProviders setting in IS 6.5and the package loads completely rather than partially. Am trying another method to try to solve this, but appreciate if anyone out there have other ideas.

Yeah, it looks like Cryptix32’s jars just need to be in the classpath. Did you check on the unlimited strength policy files?

wM TS has come back by saying “You will not be able to use the same cryptix jar on both 6.0 and 6.1/6.5. IS 6.1/6.5 requires the use of signed security libraries. There should be one on the Cryptix site.”

Unfortunately, Cryptix V3 is no longer maintained. Looks like I have to look at other alternatives such as Bouncy Castle. Appreciate it if anyone has other suggestions.

I did some work with XML encryption and XML digital signature using Bouncy Castle. It installed easily and I had no problems using it with IS 6.5 SP1 with the Sun 1.4.2_08 JRE.

See this thread for some related information and a link to a good book that uses the Bouncy Castle provider for its examples.

Mark

Thanks. Will try it out.

Hi,
IS 6.1 comes with Cryptix. I trying to use Cryptix to sign and encrypt SOAP request using X509 certificates. Do you have any samples on how to do it?

Thanks

Hi,
Even I have similar requirement. Could you please provide sample code.

Thanks