As one knows, JCE framework allows to use jce providers loaded from signed jars only. As a matter of fact, this restriction is much more tough - jar has to be signed by Sun or IBM, both of certificates are hardcoded. If I have some provider I completely trust, signed by any trustee other than Sun, is it legal to work it around by reflection usage, like that?

Eugene Kuleshov

First of all you can use any 3rd party clean room JCE implementation.

JCSI, BouncyCastle, Cryptix all have JCE implementations and are also their own providers. And those implementations don't require to use signed providers. It will work fine unless you not going to use JRE 1.4 (JCE included in there and you will need to sign provider for that).