Error when remote clients run JDK 1.4 ...

John Shott shott at snf.stanford.edu
Wed Dec 19 17:32:56 PST 2001


Bill and Mike:

At the moment, anyone running a remote client on JDK1.4.0 will see the
following error because it installs the Sun jce.jar automatically.

The error that occurs (in terms of the error that the user sees) is:
"Unable to make a secure connection. Please see the lab staff."
In their log file they will see something like:

Unable to construct an encryption object.
java.security.NoSuchProviderException: JCE cannot authenticate the provider
ABA java.util.jar.Exception
File long_name/DMlib/RMjce.zip is not signed by a trusted signer.
Unable to initialize BlackBox


The way that I currently get around this on my linux box (and the way that we
avoid any of these issues on sunray/rosen and friends is to rename
$JAVA_HOME/jre/lib/jce.jar to $JAVA_HOME/jre/lib/jce.jar.orig.  This approach
will likely not be viable for most of our remote clientele ...

It appears as if the solution for people running 1.4 is the covert to Bouncy
Castle (that has a signed jar file ... signed by sun.).  Of course, we don't
yet know if the Bouncy Castle implementation of RSA results in the same
encrypted/decrypted passwords as the ABA implementation.

Also, while that is probably the approach for people who do have JDK 1.4, we
would then have (I think) the backward compatability problem of people still
running 1.3 who, presumably, don't have JCE installed.

Since I gather that some of the ABA folks have now thrown in with Bouncy
Castle, I may see if they happen to know the answer to this ...

While I don't know yet what our best approach will be, I wanted to at least
try to save some trouble if you get a report of a remote client failing in ths
way.

John



More information about the coral mailing list