This article outlines the correct way to configure the BouncyCastle FIPS JCE provider, in approved mode. This will ensure that only FIPS-approved algorithms are used by the API.
The following configuration should be applied before any other calls to the Maverick APIs.
Firstly, ensure that the provider is installed in the list of JCE providers.
Security.insertProviderAt(new BouncyCastleFipsProvider(), 1);
Configure BCFIPS to use approved mode only:
CryptoServicesRegistrar.setApprovedOnlyMode(true);
Then, configure the API to use this BCFIPS provider as default:
JCEProvider.initializeDefaultProvider("BCFIPS");
When the API starts up, you should see output related to algorithms being tested, for which now, only those algorithms supported by BCFIPS will be available/enabled.
