From e83c57dcc925fedd1f4a9049b2f26e677afee1d3 Mon Sep 17 00:00:00 2001 From: Leon Poyyayil Date: Sat, 25 Oct 2025 11:39:38 +0200 Subject: [PATCH] Add BorderCastle JCE Signing --- BorderCastle-JCE-Signing.md | 88 +++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 BorderCastle-JCE-Signing.md diff --git a/BorderCastle-JCE-Signing.md b/BorderCastle-JCE-Signing.md new file mode 100644 index 0000000..0d1539d --- /dev/null +++ b/BorderCastle-JCE-Signing.md @@ -0,0 +1,88 @@ +# BorderCastle JCE Signing + +In order to allow the BorderCastle JCE provider to be used in Oracle JDKs, it needs to be signed by an official certificate which is trusted for that specific purpose. + +The used certificate has the following contents: +``` +========================================================================= +Certificate: X.509v3 RSA 2048 bits certificate => VERIFIED +- Serial-No.: 0x5d849a1aa81ef8d083db1912303c6011020c7446 +- Signature: SHA256withRSA +Subject DN: CN=BorderCastle JCE Code Signer, OU=Java Software Code Signing, O=Oracle Corporation +Issuer DN: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation +Validity: not before: 2025-10-21 - 08:55:04.000 +0200 + not after: 2030-10-21 - 08:55:04.000 +0200 + duration: 5y1d +Key usage: no-CA, Digital signature +- Extended: Code signing +Fingerprints: + MD5: 50:B4:90:6E:7C:14:34:87:34:12:76:A5:80:C8:D5:71 + SHA-1: 77:AC:80:9B:4D:3D:10:99:EE:31:5C:F8:6F:86:98:C3:25:05:6D:C1 + SHA-256: 43:64:30:C9:CC:FD:A5:48:7D:16:9E:FC:70:96:DF:88:75:E5:1B:5E:DD:97:5F:D8:CB:7B:60:EC:C1:7C:01:CD +-------------- +Certificate: X.509v3 RSA 2048 bits certificate => VERIFIED +- Serial-No.: 0x3c9eb1fc89f733d3 +- Signature: SHA256withRSA +Subject DN: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation +Issuer DN: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation +Validity: not before: 2016-07-07 - 01:48:44.000 +0200 + not after: 2030-12-31 - 01:00:00.000 +0100 + duration: 14y180d11m16s +Key usage: CA:max-path-length=0, Digital signature, Key certificate sign, CRL sign +Fingerprints: + MD5: BE:ED:42:08:9F:6F:C8:86:00:C0:C7:58:63:AD:66:51 + SHA-1: F4:B9:C6:4A:52:AD:22:3C:E4:BF:BA:52:52:87:9C:9F:71:1D:4B:33 + SHA-256: 40:E3:A9:00:6F:3A:A6:BB:13:0A:39:58:6E:4D:25:C8:CE:BA:5F:AA:30:DF:74:E3:BD:35:9A:C8:B7:8D:EE:7B + +``` + +The signature is verified by the Oracle JDK when attempting to use the JCE provider. + +The certificate PEM chain: +``` +-----BEGIN CERTIFICATE----- +MIIDvjCCAqagAwIBAgIUXYSaGqge+NCD2xkSMDxgEQIMdEYwDQYJKoZIhvcNAQEL +BQAwYDEbMBkGA1UECgwST3JhY2xlIENvcnBvcmF0aW9uMSMwIQYDVQQLDBpKYXZh +IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAwwTSkNFIENvZGUgU2lnbmlu +ZyBDQTAeFw0yNTEwMjEwNjU1MDRaFw0zMDEwMjEwNjU1MDRaMGkxGzAZBgNVBAoM +Ek9yYWNsZSBDb3Jwb3JhdGlvbjEjMCEGA1UECwwaSmF2YSBTb2Z0d2FyZSBDb2Rl +IFNpZ25pbmcxJTAjBgNVBAMMHEJvcmRlckNhc3RsZSBKQ0UgQ29kZSBTaWduZXIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6dnq/+x1QvHk6NWvWD4w/ +DgcBJKjg1QmX+lVxEst2S7/G2BB/ksbJO2xR6a21MJV0jTM6d5xdBwrRGR09j/ng +Qb0WSDqqC5erRUfBUeC2ebI0YX6yiJX5nk/5w+SZ5JPJkG6fyDf+FdA1A+y2jgg8 +SneiUht/W6S4azxylFAE85yTO5UYWobmCCq0ionzREsgjpUMIl690RQp2u6v3jDy +r+W2NgANlxuPEV9GF2jzWLNFgrym2+gml6g8DwGP+h+qO0Y2aaNIa0INhq4afoL0 +A+QJbD/nivHJ0hZHXX1C70qkrxiT3FLzX2l8DtTo3uv9qS/EJoczXX/tG9KaVyU3 +AgMBAAGjZzBlMB8GA1UdIwQYMBaAFFnVAYTTAjuNQZdGl+elUQe8bCArMBMGA1Ud +JQQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBTbNA6wJGu5t/nSek1z6Ibvk4j+XzAO +BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADWWeg7co9EXc965cOSb +ThlZOfwFsRksGFEWN7zGsEbJuET0dwKvKfVE8zQN+I3I4VPORg1oOX9Fpg9IK/P4 +/vjzxhhFgDGzFo49spBT+Olnh7vMMzQzZwNXin5lPtoxYNlo9q/oALSrhu3H9jJt +t0O0poc2vFsmu620tUiVf8CiTY7ezbVlb1BW9n5WtnNGk1UkbCx2+A0Qa0ELLyCX +P8Aki/7OPEtaUUApqL4r4HrouVtq7iaZSO1GzSeEoSRS1fOV5HC/JVWWaCOo1o9j +ybKuzrR5y876uCpk10xCxs4nCgNK8IsNKhvemHb6xzCZlNXukIDU/7ZV5NA4oLNM +3Hs= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIIPJ6x/In3M9MwDQYJKoZIhvcNAQELBQAwYDEbMBkGA1UE +CgwST3JhY2xlIENvcnBvcmF0aW9uMSMwIQYDVQQLDBpKYXZhIFNvZnR3YXJlIENv +ZGUgU2lnbmluZzEcMBoGA1UEAwwTSkNFIENvZGUgU2lnbmluZyBDQTAeFw0xNjA3 +MDYyMzQ4NDRaFw0zMDEyMzEwMDAwMDBaMGAxGzAZBgNVBAoMEk9yYWNsZSBDb3Jw +b3JhdGlvbjEjMCEGA1UECwwaSmF2YSBTb2Z0d2FyZSBDb2RlIFNpZ25pbmcxHDAa +BgNVBAMME0pDRSBDb2RlIFNpZ25pbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCHGu8ubNImPxLYDIBNUFLAwFODNNwSTqsJqcdV66GV7VXa6niJ +SXAo+5z6Uy13UUA3KDqZ1xqyJ49ktAL2kmj8iMcqqQqGw6EwV1/MsgAxc1NXULIa +Shqyp5yt2Lj620J5FIlMNjXfWtJflOWMUPnMjE1sHf60OGIeDiqg4upSliI0VDna +O5y+6uJrqAXukQQQjYwu98boK7M8V2sR2wQNh03oIFMJCF9Hm66r5J53ADfEZRuP +vgfxuZJaHCLbqOXpsp3pLMPRjhRsoY/UCzTfyNwA1kSyO6R43rIzqRvi3eOXQNIZ +wnPXzG/H48YU0A3I4KOZ1Nrkpe8CcieqxHMBAgMBAAGjZjBkMB0GA1UdDgQWBBRZ +1QGE0wI7jUGXRpfnpVEHvGwgKzASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQY +MBaAFFnVAYTTAjuNQZdGl+elUQe8bCArMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG +9w0BAQsFAAOCAQEAPxN/18JA6B7OeYYQa5K3+2vVwFYMETqEzCiXvsiWoGx6e7LS +YiMlpCQwDoYyz2nuUB3bb1EA1o0Uiayv/zuTGLjjoa1wtTx5G+4ig6V+ahl/V6bG +TT6dhoDeVMUApbltPKJ8ebSYNRoZHbjkIegN1mJA9hE+Opft2P9raT/MJJxjdVGP +/d6pLBQUu/tQ7/8fsEItFzSjFEOUwsXD9kw8zTVOFigo36ZDtMuMMHas+FtqvjEA +HUN5WicO2HweUFNOyiZoJkGdycW/VXBF91e1Fbgxb3naPbZ/OUivlUToFjICSLDl +q8TxEaNhIQ7B1JxwxnW3vWorRmFelMg4aQNawA== +-----END CERTIFICATE----- +``` \ No newline at end of file