Hello, there was a thread on BouncyCastle's crypto-dev mailing list how to use a custom JCA provider with Java 9+. Since there is no alternative for the lib/ext extension mechanism this is a bit tricky (if you do want to make the extension in the java.security file permanent).
There are multiple alternatives (adding to module path, to classpath, using service loader or programmatic registration). Those are described in the actual documentation. However expanding the java.security list does not mention explicitely that without the extension mechanism this produces a java home which wont start without modifying the module path. Not sure if there is actually a default way to storesuch a "security provider module" without using for example jlink to build a new image (or add the -mp argument). Maybe this should be stated explicite? "Starting with Java 9 there is no extension mechanism where you could install the provider JAR permanently. Therefore expanding the java.security leaves typically a incomplete java home and should be avoided. Permanently installing an additional module could be done with a custom jlink image." (I havent tested if JLink works, BCProv is not yet modularized or service loader enabled. Classpath and programmatic registration works fine). Is that correct? Gruss Bernd
