why call cipher.getInstance(),throw below error?



my source code is:
Security.addProvider(new BouncyCastleProvider());
Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING","BC");

when run it , cause below error,who can explain it,thanks in

at java.lang.Class.runStaticInitializers(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.getInstance(Unknown Source)
at org.dvb.lang.DVBClassLoader.securityCheck(Unknown Source)
at org.dvb.lang.DVBClassLoader.acquireData(Unknown Source)
at org.dvb.lang.DVBClassLoader.defineClassPrivileged(Unknown
at org.dvb.lang.DVBClassLoader.access$000(Unknown Source)
at org.dvb.lang.DVBClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Unknown Source)
at org.dvb.lang.DVBClassLoader.findClass(Unknown Source)
at org.dvb.lang.DVBClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at com.sun.tv.Request.execReq(Unknown Source)
at com.sun.tv.XletRunnable$ExecThread.run(Unknown Source)
at java.lang.Thread.startup(Unknown Source)
Caused by: java.lang.SecurityException: Cannot set up certs for
trusted CAs
at javax.crypto.SunJCE_b.<clinit>(Unknown Source)
... 20 more
Caused by: java.lang.SecurityException: Jurisdiction policy files
are not signed by trusted signers!
at javax.crypto.SunJCE_b.f(Unknown Source)
at javax.crypto.SunJCE_b.e(Unknown Source)
at javax.crypto.SunJCE_s.run(Unknown Source)
at java.security.AccessController.doPrivileged(Unknown Source)
at java.security.AccessController.doPrivileged(Unknown Source)
... 21 more

Roedy Green

Security.addProvider(new BouncyCastleProvider());
Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING","BC");

I will make a guess here that the jar you got from BouncyCastle was
digitally signed using Jarsigner. Have a peak inside the jar at the
manifests to see. BouncyCastle's certificate may have been backed by
a CA not in your .cacerts. What you would then need to do is import
the root cert of that CA as a certificate authority.

Perhaps some file YOU created has the same problem, possibly a
self-signed certificate.

You can use keytool.exe. see
or keyman. See http://mindprod.com/jgloss/keyman.html

Also see

see also
for an example of RSA ciphers.

I wrote the following SSCCE to see if I could help you out.

Unfortunately, my code does not work and I can't figure out why.
It just gets -1 when I try to read back the encrypted length I put on
the front of the stream.

JCE code rarely works first time. However, I am having a different
problem from you, so perhaps this code might give you a clue.

package com.mindprod.example;

import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

* Demonstrate use of CipherOutputStream and CipherInputStream to
encipher and decipher a message.
* This particular version uses RSA/ECB/PKCS1Padding
* but it fairly easy to convert it to use other algorithms.
* RSA requires a digital certificate in your .keystore.
* <p/>
* composed with IntelliJ IDEA
* @author Roedy Green, Canadian Mind Products
* @version 1.0 2008-07-07
public class TestCipherRSA
// ------------------------------ FIELDS

* configure with encryption algorithm to use. Changes to
algorithm may require additional ivParms.
private static final String ALGORITHM = "RSA";

* configure with block mode to use. We have to use insecure ECB
since Sun support nothing else.
private static final String BLOCK_MODE = "ECB";

* where to find .keystore
private static final String KEYSTORE_FILENAME =

* configure with padding method to use
private static final String PADDING = "PKCS1Padding";

* alias of the RSA certificate in .keystore in JKS format.
Contains private key of recipient.

* receiver's public key in standalone certificate, in x.509
private static final String RECEIVERS_PUBLIC_CERTIFICATE =

* the encoding to use when converting bytes <--> String
private static final Charset CHARSET = Charset.forName( "UTF-8" );

// -------------------------- STATIC METHODS

* read an enciphered file and retrieve its plaintext message.
* @param cipher method used to encrypt the file
* @param privateCert certificate, including private key of
* @param file file where the message was written.
* @return the reconstituted decrypted message.
* @throws java.security.InvalidKeyException
* if something wrong with the key.
* @throws java.io.IOException if problems reading the file.
@SuppressWarnings( { "JavaDoc" } )
private static String readCiphered( Cipher cipher, X509Certificate
privateCert, File file )
throws InvalidKeyException, IOException,
cipher.init( Cipher.DECRYPT_MODE, privateCert );

final CipherInputStream cin = new CipherInputStream( new
FileInputStream( file ), cipher );

// read big endian short length, msb then lsb
final int messageLengthInBytes = ( cin.read() << 8 ) |
System.out.println( file.length() + " enciphered bytes in
file" );
System.out.println( messageLengthInBytes + " reconstituted
bytes" );

final byte[] reconstitutedBytes = new

// we can't trust CipherInputStream to give us all the data in
one shot
int bytesReadSoFar = 0;

int bytesRemaining = messageLengthInBytes;
while ( bytesRemaining > 0 )
final int bytesThisChunk = cin.read( reconstitutedBytes,
bytesReadSoFar, bytesRemaining );
if ( bytesThisChunk == 0 )
throw new IOException( file.toString() + " corrupted."
bytesReadSoFar += bytesThisChunk;
bytesRemaining -= bytesThisChunk;
return new String( reconstitutedBytes, CHARSET );

* write a plaintext message to a file enciphered.
* @param cipher the method to use to encrypt the file.
* @param publicCert the certificate, containing public key
of recipient.
* @param file the file to write the encrypted message to.
* @param plainText the plaintext of the message to write.
* @throws java.security.InvalidKeyException
* if something is wrong with they key
* @throws java.io.IOException if there are problems writing the
* @throws java.security.InvalidAlgorithmParameterException
* if problems with CBC_SALT.
private static void writeCiphered( Cipher cipher, X509Certificate
publicCert, File file, String plainText )
throws InvalidKeyException, IOException,
cipher.init( Cipher.ENCRYPT_MODE, publicCert );
final CipherOutputStream cout = new CipherOutputStream( new
FileOutputStream( file ), cipher );
final byte[] plainTextBytes = plainText.getBytes( CHARSET );
System.out.println( plainTextBytes.length + " plaintext bytes
written" );
// prepend with big-endian short message length, will be
encrypted too.
cout.write( plainTextBytes.length >>> 8 );// msb
cout.write( plainTextBytes.length & 0xff );// lsb
cout.write( plainTextBytes );

// --------------------------- main() method

* Demonstrate use of CipherOutputStream and CipherInputStream to
encipher and decipher a message.
* @param args not used
* @throws java.security.NoSuchAlgorithmException
* if DES is not supported
* @throws javax.crypto.NoSuchPaddingException
* if PKCS5 padding is not supported.
* @throws java.security.InvalidKeyException
* if there is something wrong with
the key.
* @throws java.io.IOException if there are problems reading or
writing the file.
* @throws java.security.InvalidAlgorithmParameterException
* if problems with CBC_SALT.
public static void main( String[] args ) throws
// The secret message we want to send to our secret agent in
final String plainText = "W. to visit Abu Ghraib for a hands
on, wink wink, tomorrow at 19:05.";

// instead of generating a secret key, we use a certificate,
contanining the receiver's public key
final FileInputStream fis = new FileInputStream(
final CertificateFactory cf = CertificateFactory.getInstance(
"X.509" );
final X509Certificate publicCert = ( X509Certificate )
cf.generateCertificate( fis );

// use default Sun provider
final Cipher cipher = Cipher.getInstance( ALGORITHM + "/" +

// write out the ciphered message
writeCiphered( cipher, publicCert, new File( "transport.bin"
), plainText );

// now try reading message back in deciphering it.
final KeyStore keystore = KeyStore.getInstance( "JKS" );
keystore.load( new FileInputStream( KEYSTORE_FILENAME ), null
final X509Certificate privateCert = ( X509Certificate )

final String reconstitutedText = readCiphered( cipher,
privateCert, new File( "transport.bin" ) );

System.out.println( "original: " + plainText );
System.out.println( "reconstituted: " + reconstitutedText );

// output is:
// 68 plaintext bytes written
// 128 enciphered bytes in file (indeed there are)
// -1 reconstituted bytes -- OOPS. Not deciphering


Roedy Green

Here is a slightly tidier version of the code after running it through
Intellij Lint.

package com.mindprod.example;

import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

* Demonstrate use of CipherOutputStream and CipherInputStream to
encipher and decipher a message.
* This particular version uses RSA/ECB/PKCS1Padding
* but it fairly easy to convert it to use other algorithms.
* RSA requires a digital certificate in your .keystore.
* <p/>
* composed with IntelliJ IDEA
* @author Roedy Green, Canadian Mind Products
* @version 1.0 2008-07-07
public class TestCipherRSA
// ------------------------------ FIELDS

* configure with encryption algorithm to use. Changes to
algorithm may require additional ivParms.
private static final String ALGORITHM = "RSA";

* configure with block mode to use. We have to use insecure ECB
since Sun support nothing else.
private static final String BLOCK_MODE = "ECB";

* where to find .keystore
private static final String KEYSTORE_FILENAME =

* configure with padding method to use
private static final String PADDING = "PKCS1Padding";

* alias of the RSA certificate in .keystore in JKS format.
Contains private key of recipient.

* receiver's public key in standalone certificate, in x.509
private static final String RECEIVERS_PUBLIC_CERTIFICATE =

* the encoding to use when converting bytes <--> String
private static final Charset CHARSET = Charset.forName( "UTF-8" );

// -------------------------- STATIC METHODS

* get the receiver's private cert from .keystore.
* @return certificate containing private key
* @throws KeyStoreException if .keystore corrupt.
* @throws IOException if trouble loading cert.
* @throws NoSuchAlgorithmException if no JCE support.
* @throws CertificateException if certificate corrupt.
private static X509Certificate getPrivateCert()
throws KeyStoreException, IOException,
NoSuchAlgorithmException, CertificateException
final KeyStore keystore = KeyStore.getInstance( "JKS" );
keystore.load( new FileInputStream( KEYSTORE_FILENAME ), null
return ( X509Certificate ) keystore.getCertificate(

* get the receiver's public cert from standalone cert file.
* @return certificate containing public key
* @throws FileNotFoundException if missing certificate file.
* @throws CertificateException if certificate corrupt.
private static X509Certificate getPublicCert()
throws FileNotFoundException, CertificateException
// instead of generating a secret key, we use a certificate,
containing the receiver's public key
final FileInputStream fis = new FileInputStream(
final CertificateFactory cf = CertificateFactory.getInstance(
"X.509" );
return ( X509Certificate ) cf.generateCertificate( fis );

* read an enciphered file and retrieve its plaintext message.
* @param cipher method used to encrypt the file
* @param privateCert certificate, including private key of
* @param file file where the message was written.
* @return the reconstituted decrypted message.
* @throws java.security.InvalidKeyException
* if something wrong with the key.
* @throws java.io.IOException if problems reading the file.
@SuppressWarnings( { "JavaDoc" } )
private static String readCiphered( Cipher cipher, X509Certificate
privateCert, File file )
throws InvalidKeyException, IOException
cipher.init( Cipher.DECRYPT_MODE, privateCert );

final CipherInputStream cin = new CipherInputStream( new
FileInputStream( file ), cipher );

// read big endian short length, msb then lsb
final int messageLengthInBytes = ( cin.read() << 8 ) |
System.out.println( file.length() + " enciphered bytes in
file" );
System.out.println( messageLengthInBytes + " reconstituted
bytes" );

final byte[] reconstitutedBytes = new

// we can't trust CipherInputStream to give us all the data in
one shot
int bytesReadSoFar = 0;

int bytesRemaining = messageLengthInBytes;
while ( bytesRemaining > 0 )
final int bytesThisChunk = cin.read( reconstitutedBytes,
bytesReadSoFar, bytesRemaining );
if ( bytesThisChunk == 0 )
throw new IOException( file.toString() + " corrupted."
bytesReadSoFar += bytesThisChunk;
bytesRemaining -= bytesThisChunk;
return new String( reconstitutedBytes, CHARSET );

* write a plaintext message to a file enciphered.
* @param cipher the method to use to encrypt the file.
* @param publicCert the certificate, containing public key of
* @param file the file to write the encrypted message to.
* @param plainText the plaintext of the message to write.
* @throws java.security.InvalidKeyException
* if something is wrong with the key
* @throws java.io.IOException if there are problems writing the
* .
private static void writeCiphered( Cipher cipher, X509Certificate
publicCert, File file, String plainText )
throws InvalidKeyException, IOException
cipher.init( Cipher.ENCRYPT_MODE, publicCert );
final CipherOutputStream cout = new CipherOutputStream( new
FileOutputStream( file ), cipher );
final byte[] plainTextBytes = plainText.getBytes( CHARSET );
System.out.println( plainTextBytes.length + " plaintext bytes
written" );
// prepend with big-endian short message length, will be
encrypted too.
cout.write( plainTextBytes.length >>> 8 );// msb
cout.write( plainTextBytes.length & 0xff );// lsb
cout.write( plainTextBytes );

// --------------------------- main() method

* Demonstrate use of CipherOutputStream and CipherInputStream to
encipher and decipher a message.
* @param args not used
* @throws NoSuchAlgorithmException if RSA is not supported
* @throws NoSuchPaddingException if PKCS5 padding is not
* @throws InvalidKeyException if there is something wrong
with the key.
* @throws IOException if there are problems reading
or writing the file.
* @throws InvalidAlgorithmParameterException
* if programming error
* @throws NoSuchProviderException if no JCE support
* @throws KeyStoreException if .keystore corrupt.
* @throws CertificateException if either certificate corrupt.
public static void main( String[] args ) throws
// The secret message we want to send to our secret agent in
final String plainText = "W. to visit Abu Ghraib for a hands
on, wink wink, tomorrow at 19:05.";

// use default Sun provider
final Cipher cipher = Cipher.getInstance( ALGORITHM + "/" +

final X509Certificate publicCert = getPublicCert();

// write out the ciphered message
writeCiphered( cipher, publicCert, new File( "transport.bin"
), plainText );

// now try reading message back in deciphering it.
final X509Certificate privateCert = getPrivateCert();

final String reconstitutedText = readCiphered( cipher,
privateCert, new File( "transport.bin" ) );

System.out.println( "original: " + plainText );
System.out.println( "reconstituted: " + reconstitutedText );

// output is:
// 68 plaintext bytes written
// 128 enciphered bytes in file
// -1 reconstituted bytes -- OOPS. Not deciphering
properly. Can't even read lead two encrypted bytes.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Latest member

Latest Threads
