If I try to access the Bouncy Castle provide, it refers to the bundled jar which is not signed instead of any jar in the user/lib directory. Security.addProvider(new BouncyCastleProvider()); final Cipher cipher = Cipher.getInstance("DESede", "BC"); The error I get is that the bouncy castle in the service mix bundle is unsigned. Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC at javax.crypto.Cipher.getInstance(Cipher.java:642) at javax.crypto.Cipher.getInstance(Cipher.java:580) ... Caused by: java.util.jar.JarException: file:/C:/Program%20Files%20(x86)/Mendix/5.13.1/runtime/bundles/org.apache.servicemix.bundles.bcpg-jdk16.jar has unsigned entries - OSGI-INF/bundle.info at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:462) at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322) at javax.crypto.JarVerifier.verify(JarVerifier.java:250) at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:161) at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:187) at javax.crypto.Cipher.getInstance(Cipher.java:638) at javax.crypto.Cipher.getInstance(Cipher.java:580) ...