Making a JRE VM Pack FIPS-Compliant
InstallAnywhere 2020 SP2
Most JRE VM packs are not preconfigured to use FIPS-compliant Java Cryptography Extension (JCE) security providers. To enable JCE encryption and specify an encryption algorithm, use the Variables view on the Project page in the Advanced Designer. Together with a FIPS-compliant JCE library, these settings enable you to create FIPS 140-2 compliant installers.
To make a VM pack FIPS-compliant:
| 1. | Extract the contents of the VM pack. |
| 2. | Extract the resulting VM archive (vm.zip or vm.tar.Z). |
| 3. | Obtain a FIPS-compliant security provider library that works with the JRE in the VM pack. |
| 4. | Place the security provider library in the lib/ext directory of the extracted VM archive contents. |
| 5. | Modify the security provider list in lib/security/java.security. For example, after modifying the IBM JVM security provider, it lists the following: |
security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.jsse.IBMJSSEProvider
security.provider.4=com.ibm.jsse2.IBMJSSEProvider2
security.provider.5=com.ibm.security.jgss.IBMJGSSProvider
security.provider.6=com.ibm.security.cert.IBMCertPath
...
| 6. | Re-create the VM pack archive. For more information, see: |
| • | Using the Create JRE VM Pack Wizard |
| • | Creating a JRE VM Pack Manually |
Note:While modifying the VM pack, you can also add a setting to the vm.properties file to set the type of algorithm that should be used by default when the Use JCE Encryption check box is selected in the Variables view on the Project page). For example, vm.algorithm=DES.
See Also