After adding JSafe JCE povider to java.security I get HTTP response code 401 and the message "Invalid signature for user or client '<chefClient>'" from chef server when trying to connect using jclouds-chef api. The reason is that this provider generates the signature using RSA algortihm with different mode and/or padding that is used for decryption on chef server (and standard SunJCE). The generated signature is then considered bad by the chef server. The problem is in method org.jclouds.chef.filters.SignedHeaderAuth#sign which uses org.jclouds.io.payloads.RSAEncryptingPayload from jcloud-core. This class does not specify the mode and padding of RSA transformation and thus provider defaults are used.