Adobe Experience Manager Sites & More

I'm running CQ5.6.1 on windows 7 sp1.

OK, I'm attempting to use JWT via NImbus which uses BouncyCastle in a filter.  My problem is with the BouncyCastle bundle.  It is signed.  When I install the bcprov-jdk15on-1.49.jar it appears that felix is re-bundling it and missing up the signature.  When running I get "java.lang.SecurityException: JCE cannot authenticate the provider BC" which means the signature is hosed.  Looking at the bundle in the console I can see that all the digest info is missing from the manifest headers that is contained in the original bundle.

Next I tried to add BouncyCastle to \jre6\lib\ext and update \jre6\lib\security\java.security to add BouncyCastle as a security provider.  I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)" which means it isn't finding the jar thru the java run time engine.

I tried adding the jar to the sling.properties "org.osgi.framework.system.packages.extra=org.bouncycastle.*" and/or "org.osgi.framework.bootdelegation=org.bouncycastle.*, ${org.apache.sling.launcher.bootdelegation}" in the \author\crx-quickstart directory.  Again I get "Unresolved constraint in bundle xxxxx: Unable to resolve 293.2: missing requirement [293.2] osgi.wiring.package; (osgi.wiring.package=org.bouncycastle.asn1)".

Can anyone point out what I am doing wrong or have a totally different solution to get BouncyCastle working inside of CQ?

Thanks!