java.security.NoSuchProviderException - no such provider: BC

1. Download the latest BouncyCastle library, e.g. bcprov-jdk15on-165.jar

2. Copy the JAR file to $JAVA_HOME/jre/lib/ext/.

3. Edit file $JAVA_HOME/jre/lib/security/java.security. Add the following:
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider

(Note: if you have 10 providers or more already, adjust the number 10 to a higher number accordingly.)

Ref: https://docs.oracle.com/cd/E19830-01/819-4712/ablsc/index.html

Java: AES encryption example

Encryption:

byte[] encrypt(byte[] plainText, String keySeed, byte[] iv) {
    if (plainText == null || iv == null)
        return null;

    try {
        SecretKey key = getSecretKey(keySeed);

        IvParameterSpec ivParm = new IvParameterSpec(iv);

        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
        cipher.init(Cipher.ENCRYPT_MODE, key, ivParm);
        byte[] cipherText = cipher.doFinal(plainText);
        return cipherText;
    } catch (NoSuchAlgorithmException ex) {
    } catch (NoSuchPaddingException ex) {
    } catch (InvalidKeyException ex) {
    } catch (BadPaddingException ex) {
    } catch (IllegalBlockSizeException ex) {
    } catch (InvalidAlgorithmParameterException ex) {
    }

    return null;
}

Decryption:

byte[] decrypt(byte[] cipherText, String keySeed, byte[] iv) {
    if (cipherText == null || iv == null)
        return null;
    
    try {
        SecretKey key = getSecretKey(keySeed);

        IvParameterSpec ivParm = new IvParameterSpec(iv);

        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
        cipher.init(Cipher.DECRYPT_MODE, key, ivParm);
        byte[] plaintext = cipher.doFinal(cipherText);
        return plaintext;
    } catch (NoSuchAlgorithmException ex) {
    } catch (NoSuchPaddingException ex) {
    } catch (InvalidKeyException ex) {
    } catch (BadPaddingException ex) {
    } catch (IllegalBlockSizeException ex) {
    } catch (InvalidAlgorithmParameterException ex) {
    }

    return null;
}

Helper methods:

byte[] generateIv() {
    SecureRandom random = new SecureRandom();
    byte bytes[] = new byte[16];
    random.nextBytes(bytes);

    return bytes;
}

SecretKey getSecretKey(String keySeed) throws NoSuchAlgorithmException {
    byte[] keySeedBytes = keySeed.getBytes();

    MessageDigest md = MessageDigest.getInstance("SHA-256");
    md.update(keySeedBytes);
    byte[] dgBytes = md.digest();   // generate a 32 bytes key

    SecretKey key = new SecretKeySpec(dgBytes, 0, dgBytes.length, "AES");
    return key;
}

Test code:

void test() {
    byte[] b = new byte[] { 1, 2, 3, 10, 20, 30, 100};
    String key = "mykey";

    byte[] iv = generateIv();

    byte[] enb = encrypt(b, key, iv);
    byte[] deb = decrypt(enb, key, iv);

    System.out.println(Arrays.equals(b, deb));
}

Output:
true

Encrypt connection string in web.config with aspnet_iisreg.exe

In the web.config file of the ASP.NET application, the Connection Strings may contain the user name and password that you want to hide from naked eyes. The ASP.NET IIS Registration Tool (aspnet_iisreg.exe) is a simple way of encrypting it or even the whole <appSettings> section in a web.config.

To encrypt the appSettings section of a web.config file, go to where web.config is located and run command:
aspnet_regiis -pef "appSettings" . -prov "DataProtectionConfigurationProvider"

To decrypt an encrypted appSettings section of a web.config file, go to where web.config is located and run command:
aspnet_regiis -pdf "appSettings" .

The encryption should be done on the same machine where the web site being served. If web.config is encrypted on a development machine and later uploaded to the production machine, the production machine wouldn't be able to decrypt the encrypted section in web.config because the keys for the encryption are specific to the development machine.