Is the CMSAlgorithm.DES_CBC supported for encryption by BCFIPS provider ? In a standalone reproducer program, it seem to work fine while the following exception gets thrown in k8s-docker based environment. This occurs despite having the same versioned bc* jars in both the environments. Both the environments are having these properties set.
java.security.Security.addProvider(new BouncyCastleFipsProvider());
System.setProperty("org.bouncycastle.fips.approved_only", "false");
System.setProperty("org.bouncycastle.rsa.allow_pkcs15_enc", "true");
System.setProperty("org.bouncycastle.rsa.allow_multi_use", "true");
Any clues on what could be the reason?
java.security.NoSuchAlgorithmException: no such algorithm: 1.3.14.3.2.7 for provider BCFIPS
at java.base/sun.security.jca.GetInstance.getService(GetInstance.java:87)
at java.base/javax.crypto.JceSecurity.getInstance(JceSecurity.java:127)
at java.base/javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:286)
at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createKeyGenerator(Unknown Source)
... 43 common
Standalone reproducer program works fine