Configure Oracle JDK to use IBM JCE/JSSE providers for FIPS compliance

I would like to configure the Oracle JDK to use IBM's FIPS-compliant JCE/JSSE security providers. What JAR files do I need and where should they be installed? What should the pro开发者_高级运维vider list in the java.security file look like?

I'm using IBMJCE on sun jdk5 and it works fine. It may be similar to fips, I guess

You need ibmjceprovider.jar, ibmpkcs.jar, ibmjcefips.jar

You can find them in ibm jre

The code like this

static{
    //install ibm's provider
    java.security.Security.addProvider(new IBMJCE());
}

public byte[] encrypt(byte[] input)throws SecurityException{
    KeyGenerator kg = KeyGenerator.getInstance("DES");
    //call ibm's provider
    SecureRandom sr = SecureRandom.getInstance("IBMSecureRandom", new IBMJCE());
    sr.setSeed(str.getBytes());
    kg.init(sr);
    Key key = kg.generateKey();
    Cipher cipher = Cipher.getInstance("DES");
    cipher.init(1, key);
    byte[] ret = cipher.doFinal(input);
    return ret;
}

This is an old post but anyway...
IBM JVM is FIPS compliant when configuring it to use IBMJCEFIPS provider.
This is applicable only to IBM Java though.
Not drop the jars in a SUN JDK.
For SUN you should use the NSS project which is also FIPS compliant

According this IBM document, FIPS-approved providers are only available with IBM SDK.

Another clue (because I first thought WebSphere on Solaris runs on Oracle JVM): in WebSphere MQ requirements on Solaris a note clearly states that

FIPS compliance is only supported on IBM SDK

In fact, on Solaris platform, the IBM SDK is built on Sun/Oracle JVM but with many changes (ORB and security...).