bouncy | bounce HTTP requests around for load balancing | HTTP library

Based on the input by Peter we were able to fix this problem as following:

Sharing my own solution just in case anyone else has the same issue.

That cipher is actually available in the /lib/ext/sunjce_provider.jar file on the openjdk compilation (IBM Semeru Runtime Open Edition (build 1.8.0_322-b06)).

As posted on the question, it's actually on the provider list (index 6), but the jar was not being loaded. I have yet to investigate if there is any change on the extension classloader that I'm not aware of, but, so far, manually adding that jar to the application classpath has worked flawlessly and got the cipher working.

I only install

The blind-signature library used in the NodeJS code for blind signing implements the process described here:

• BlindSignature.blind() generates the SHA256 hash of the message and determines the blind message m' = m * r^e mod N.
• BlindSignature.sign() calculates the blind signature s' = (m')^d mod N.
• BlindSignature.unblind() determines the unblind signature s = s' * r^-1 mod N.
• BlindSignature.verify() decrypts the unblind signature (s^e) and compares the result with the hashed message. If both are the same, the verification is successful.

No padding takes place in this process.

In the Java code, the implementation of signing the blind message in signConcealedMessage() is functionally identical to BlindSignature.sign().
In contrast, the verification in the Java code is incompatible with the above process because the Java code uses PSS as padding during verification.
A compatible Java code would be for instance:

As you have declared, you have your own code for preparing a PDF for signing and for injecting the signature container into it. Thus, your question essentially burns down to

How to create a CAdES signature container with BouncyCastle that can be used to create a PAdES BASELINE B or T PDF signature?

As I do not have your existing code, I had to use a different framework for my tests. I used the iText 7 signing framework for that.

BouncyCastle does contain a CMSSignedDataGenerator to generate CMS signature containers.

The default implementation of the SignerInfo generation therein unfortunately is not CAdES/PAdES compatible as it does not create signed ESSCertID[v2] attributes. Fortunately, though, the implementation is designed to allow plugging in custom attributes sets.

Thus, you can create the CAdES containers required for PAdES BASELINE signatures with a customized CMSSignedDataGenerator.

So when you have prepared the PDF for signing, you can proceed like this:

Please, be aware that the cipher suites described in your debug output doesn't show the cipher suite that was actually used by openssl, ECDHE-RSA-AES256-GCM-SHA384. In fact, they don't include any cipher suite that requires AES 256. It may not be of relevance, but it may be a symptom of any misconfiguration, and can explain why the handshake is failing. As indicated in the Oracle documentation when describing Java 8 supported cipher suites:

Cipher suites that use AES_256 require installation of the JCE Unlimited Strength Jurisdiction Policy Files.

As a consequence, please, be sure you installed and properly configured the JCE Unlimited Strength Jurisdiction Policy Files.

As indicated by @dave_thompson_085 in his excellent comment, only Oracle Java 8 below 8u161 requires adding the unlimited policy, as stated in Appendix C of the aforementioned Oracle documentation.

The JCE Unlimited Strength Jurisdiction Policy Files are bundled into the JDK since JDK 8u151, but the unlimited policy was not defined as the default one since JDK 8u161.

In JDK 8u151 or 8u152, as stated in one of the previous cited links, and explained as well by @dave_thompson_085 - thank you very much again, in order to make the unlimited version of the JCE the one that should be used, you need to define the system property crypto.policy. From the docs:

This release introduces a new feature whereby the JCE jurisdiction policy files used by the JDK can be controlled via a new Security property. In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary. To enable unlimited cryptography, one can use the new crypto.policy Security property. If the new Security property (crypto.policy) is set in the java.security file, or has been set dynamically by using the Security.setProperty() call before the JCE framework has been initialized, that setting will be honored. By default, the property will be undefined. If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security directory, then the default cryptographic level will remain at 'limited'. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of 'unlimited'. See the notes in the java.security file shipping with this release for more information.

The issue is not present in OpenJDK.

As an alternative solution, as suggested in this related SO question, probably using an alternate provider like BouncyCastle could be of help as well.

After checking the documentation of react-native-bouncy-checkbox, the following is important.

1. isCheckeddetermines the default internal checkbox state. It is only evaluated once.
2. The check-state handling is handled internally by the library.
3. We want to handle this on our own, in order to check all checkbox with a single state change. To do so, we need to set the disableBuiltInState prop to true "if you want to manually handle the isChecked prop and disable built in handling".

Thus, I would suggest the following workflow.

1. Create a state array for isChecked which contains a boolean flag for each of the elements.
2. Create a custom onPress-handler which gets the index from the FlatList as a parameter. With that index, we are able to to set the correct boolean flag in our state array to true or false.
3. If Select All is pressed, our onPress-handler sets all boolean flags of our state array to true. This will cause a rerendering of our screen and since we set disableBuiltInState prop to true, react-native-bouncy-checkbox will use our custom state handling.

Here is a minimal working example.

OK, got it. I was using the wrong private key:

There are two completely separate providers:

1. "BC", i.e. BouncyCastleProvider, the very widely used cryptography API, currently at version 1.70 (website).
2. "BCFIPS", i.e. BouncyCastleFipsProvider, a FIPS-compliant implementation of a more limited set of algorithms, currently at version 1.0.2.3 (website).

These can't be used together. Also BCFIPS is not just a drop-in replacement for BC that suddenly makes your project FIPS-compliant. The great majority of users should be using BC.

The methods you mention are only relevant to BCFIPS, yet you are talking about version numbers that are only relevant to BC, which implies either that you are confused about which jars/provider you are trying to use, or that perhaps you are trying to use both in the same process, which doesn't work.