java - 为什么JCE初始化需要MD5

Question

我正在尝试在我的 Java 应用程序上启用 FIPS 180-3。 FIPS 180-3 只允许使用 5 个安全 [hashes] (http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf)，MD5 不是其中之一。因此，我试图以编程方式从 Sun 提供程序中删除 MD5 算法。这是示例代码。

---

public static void main(String[] args) throws Exception {
    Security.removeProvider("SUN");
    Sun sun = new Sun();
    sun.remove("MessageDigest.MD5"); //Comment and it will work !!!
    Security.addProvider(sun);
    Cipher ciph = Cipher.getInstance("AES");                
}   

---

但这会抛出以下异常。如果您评论“sun.remove(..”，程序工作正常。如果我删除 MD2，而不是 MD5，那么它也可以正常工作。

在我看来，jre 库似乎使用 MD5 进行签名，但我检查了 jre/lib/ext/sunjce_provider.jar 签名器及其使用的 sha1。

知道为什么我的代码会因此错误而失败吗？

线程“main”中的异常 java.lang.ExceptionInInitializerError 在 javax.crypto.Cipher.getInstance(DashoA13*..) 在 TestRemoveMD5.main(TestRemoveMD5.java:20)

引起:java.lang.SecurityException:无法为受信任的 CA 设置证书 在 javax.crypto.SunJCE_b.(DashoA13*..) ... 还有 3 个

引起:java.lang.SecurityException:签名类已被篡改 在 javax.crypto.SunJCE_b.d(DashoA13*..) 在 javax.crypto.SunJCE_b.c(DashoA13*..) 在 javax.crypto.SunJCE_b$1.run(DashoA13*..) 在 java.security.AccessController.doPrivileged( native 方法) ... 还有 4 个

Answer 1

这是一项安全功能，可防止不受信任的代码删除 Sun 提供程序。有一种方法可以做到这一点，包括拥有适当的权限。如果你去这个链接 http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html并向下滚动到 The Security Class 标题，您可以阅读有关如何删除提供商以及将会发生什么的信息。

编辑

从检查已安装的非扩展提供程序的文档中摘录可能需要策略文件来执行某些操作，例如添加和删除提供程序。值得一试。

The documentation from the vendor of each provider you will be using should include information as to which permissions it requires, and how to grant such permissions. For example, the following permissions may be needed by a provider if it is not an installed extension and a security manager is installed

-

The Security class manages installed providers and security-wide properties. It only contains static methods and is never instantiated. The methods for adding or removing providers, and for setting Security properties, can only be executed by a trusted program. Currently, a "trusted program" is either

• a local application not running under a security manager, or
• an applet or application with permission to execute the specified method (see below).

The determination that code is considered trusted to perform an attempted action (such as adding a provider) requires that the applet is granted the proper permission(s) for that particular action.

-

Each "grant" statement in such a file grants a specified code source a set of permissions, specifying which actions are allowed.

Here is a sample policy configuration file:

grant codeBase "file:/home/sysadmin/", signedBy "sysadmin" {
    permission java.security.SecurityPermission "insertProvider.*";
    permission java.security.SecurityPermission "removeProvider.*";
    permission java.security.SecurityPermission "putProviderProperty.*";
};