HARDENED
Return
openjdk21-jre-fips

openjdk21-jre-fips

latest

An OpenJDK 21 JRE FIPS image providing the Java 21 runtime environment for running Java applications with FIPS support

Getting Started

To pull the image:

docker pull registry.hardened.eu/library/openjdk21-jre-fips:latest

Example: Running a Pre-compiled Application

Here’s how to run a simple Java application using the Hardened B.V. openjdk21-jre-fips image:

cat >HelloWorld.java <<EOL
class HelloWorld {
    public static void main(String args[]) {
        System.out.println("Hello Hardened B.V. users!");
    }
}
EOL

Create a multi-stage Dockerfile, compile with the JDK-image:

cat >Dockerfile <<EOL
FROM registry.hardened.eu/library/openjdk21-jdk-fips:latest as dev
COPY HelloWorld.java HelloWorld.java
RUN javac HelloWorld.java

FROM registry.hardened.eu/library/openjdk21-jre-fips:latest
COPY --from=dev /home/hardenedeu/HelloWorld.class .
CMD ["java", "HelloWorld"]
EOL

Build and run the image:

docker build -t my-java-app .
docker run my-java-app

Expected output:

Hello Hardened B.V. users!

Verifying Image Signatures

All Hardened B.V. images are signed using cosign. You can verify the signature using the following steps:

Save the public key:

cat >hardened.pub <<EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbxhUFlXkIIbDzdRAR9rc6kDPNb+k
J48lhqqlOMyiq3jkbKXNj2sEFMduFlNh63MrZA59PKf4TjS1AiCrvaFXNA==
-----END PUBLIC KEY-----
EOL

Verify the image signature:

cosign verify --key hardened.pub registry.hardened.eu/library/openjdk21-jre-fips:latest

The verification will show the signature details and confirm the image’s authenticity.

To verify the SBOM, run the following command:

cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/openjdk21-jre-fips:latest

To download the SBOM, run the same command and decode it:

cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/openjdk21-jre-fips:latest | jq -r .payload | base64 -d | jq -r .predicate > openjdk21-jre-fips-spdx.json

Trademarks

This software is packaged by Hardened B.V. All trademarks are property of their respective owners. Use of these images does not imply any affiliation or endorsement.