Downloading and installing the NinthTest JCA Provider

The NinthTest JCA Provider is available in both binary (JAR) and source forms. Please note that Java SE version 6 or greater is required.

The Java™ Cryptography Architecture requires that Java security providers be code-signed (using a code-signing certificate issued by Oracle Corporation). As a consequence of this requirement, a JAR that is compiled directly from source will not permit the use of the JCA engine classes implemented by the NinthTest JCA Provider. If you wish to use the NinthTest JCA Provider, you must download the signed JAR.

The non-JCA classes (see the NinthTest JCA Provider API documentation and the examples in Using the NinthTest JCA Provider) are not subject to the code-signing requirement, and can be used without restriction whether you download the signed JAR or compile from source.

Download the signed NinthTest JCA Provider JAR

This download is recommended for general use of the NinthTest JCA Provider. The current version is 1.1.0.

Signed JARs by version
Version Filename Description MD5
1.1.0 ninthtest_provider-1.1.0 The signed NinthTest JCA Provider 1.1.0 JAR. 19dda0a0c20824b6b8b04d558d1ff76b
1.0 ninthtest_provider-1.0 The signed NinthTest JCA Provider 1.0 JAR. 062d4e4e903ae10d543dd170bfa8cd78

Version 1.1.0

This release adds support for a Helix PRNG (SecureRandom service).

Version 1.0

This release adds support for the Helix combined stream cipher and MAC function (Cipher, Mac, SecretKeyFactory, AlgorithmParameters, and KeyGenerator services).

Download the NinthTest JCA Provider source code

This download is recommended if you wish to create a derivative work, or are interested in examining the NinthTest JCA Provider source code for any other reason.

Source code is available by cloning the NinthTest JCA Provider Mercurial repository from BitBucket. The source code is licensed under the GNU Lesser General Public License, version 3.0 (LGPL-3.0).

Note: If you wish to create a derivative work, even for personal (non-distribution) use, you must obtain your own code-signing certificate from Oracle Corporation to sign the JAR. Please refer to How to Implement a Provider in the Java™ Cryptography Architecture (step 6) for details.

Install the NinthTest JCA Provider

Once you have acquired the binary (JAR) of the NinthTest JCA Provider, you must take additional steps to install or register the provider before using it; it is not sufficient to simply place the JAR on your CLASSPATH! This is a security provision of the Java™ Cryptography Architecture.

The sections below describe the differences between "installing" and "registering" the NinthTest JCA Provider, and include the requisite steps for each approach.

Choose the option that best suits your needs. Please note that installing or registering the provider is not necessary if you only wish to use the non-JCA classes (see the NinthTest JCA Provider API documentation and the examples in Using the NinthTest JCA Provider).

Use the NinthTest JCA Provider as an installed extension

This form of installation is persistent; the steps only need to be followed once for any given release.

  1. Copy the downloaded ninthtest-provider.jar file into your JAVA_HOME/lib/ext directory.
  2. Add the NinthTestProvider class to the list of approved providers in the Java security properties file (see below).

Approved providers are identified in the Java security properties file, JAVA_HOME/lib/security/ The comments in that file explain how to add an approved provider:

# To register a provider in this master security properties file,
# specify the Provider subclass name and priority in the format
#    security.provider.<n>=<className>
# This declares a provider, and specifies its preference
# order n. The preference order is the order in which providers are 
# searched for requested algorithms (when no specific provider is
# requested). The order is 1-based; 1 is the most preferred, followed
# by 2, and so on.

For example, if the last approved provider has the property name security.provider.10, add the following line:

Use the NinthTest JCA Provider as a dynamically-registered provider

Please note that dynamic registration of a provider is not persistent.

  1. Reference the downloaded ninthtest_provider.jar on your application's CLASSPATH.
  2. Grant permissions to the NinthTest JCA Provider (see below).

When registered dynamically, the NinthTest JCA Provider requires permission from the security manager for getProtectionDomain, insertProvider, and putProviderProperty operations.

These permissions can be granted to the NinthTest JCA Provider by placing the following grant entry into your HOME/.java.policy file. Change the location of the ninthtest_provider.jar file to match the location on your system. For example:

grant codeBase "file:/path/to/ninthtest_provider.jar" {
    permission java.lang.RuntimePermission "getProtectionDomain";
    permission "insertProvider.NinthTestProvider";
    permission "putProviderProperty.NinthTestProvider";


The NinthTest JCA Provider follows the Semantic Versioning Specification (SemVer).


Because the NinthTest JCA Provider deals with encryption, it is subject to U.S. Export Regulations. The source code is classified as ECCN 5D002, and takes advantage of License Exception TSU under section 740.13(e) of the Export Administration Regulations (EAR).

Derivative works and/or redistribution may be subject to additional or alternate restrictions. Please visit for more information.