General information about security providers

Overview of the security providers in the SDK.

Start of changes for service refresh 7The IBM security providers are signed with the SHA256withRSA signature algorithm to enhance the security of JAR file signing and verification.End of changes for service refresh 7

Default security providers

This release has been tested with the following default security providers:
  • security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
  • security.provider.2=com.ibm.crypto.plus.provider.IBMJCEPlus
  • security.provider.3=com.ibm.crypto.provider.IBMJCE
  • security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
  • security.provider.5=com.ibm.security.cert.IBMCertPath
  • security.provider.6=com.ibm.security.sasl.IBMSASL
  • security.provider.7=com.ibm.xml.crypto.IBMXMLCryptoProvider
  • security.provider.8=com.ibm.xml.enc.IBMXMLEncProvider
  • security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
  • security.provider.10=sun.security.provider.Sun
IBM does not provide a separate ECC provider.

Default security providers for HP-UX, Solaris, and Mac OS

IBM® supplies versions of the development kit for use with Solaris, HP-UX, and Mac OS that contain all the original jar files, plus the IBM security components. The following default security providers have been tested:
  • security.provider.1=com.ibm.security.jgss.IBMJGSSProvider
  • security.provider.2=sun.security.provider.Sun
  • security.provider.3=com.ibm.crypto.provider.IBMJCE
  • security.provider.4=com.ibm.jsse2.IBMJSSEProvider2
  • security.provider.5=com.ibm.security.cert.IBMCertPath
  • security.provider.6=com.ibm.security.sasl.IBMSASL
  • security.provider.7=com.ibm.xml.crypto.IBMXMLCryptoProvider
  • security.provider.8=com.ibm.xml.enc.IBMXMLEncProvider
  • security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
IBM does not provide a separate ECC provider.

Using other providers

You can also add other IBM security providers, such as the IBMJCEFIPS provider (com.ibm.crypto.fips.provider.IBMJCEFIPS), using one of these methods:

  1. To add a new provider statically, edit a Java™ security properties file. For example, the java.security file.
  2. To add a new provider from within your application, use the methods of the java.security.Security class. For example:
    java.security.Security.addProvider()

On HP-UX, Solaris, and Mac OS, these security providers can be used as replacements for some of the public API packages. IBM uses the Endorsed Standards Override Mechanism to implement these providers in the development kits. This mechanism is the officially supported method for overriding existing API implementations. For further information about the Endorsed Standards Override Mechanism, see .https://docs.oracle.com/javase/8/docs/technotes/guides/standards/index.html

Note: Although the Extension Mechanism allows you to include new jar files on the class path, you must not use this method with the IBM security providers. Unless you always use -Xbootclasspath to specify the location of the IBM replacement API jar files, the bootstrap class loader loads the original non-IBM classes first.