Why do people use bouncycastle instead of Java Cryptography Extension? What is the difference?
3 Answers
BouncyCastle has many more cipher suites and algorithms than the default JCE provided by Sun.
In addition to that, BouncyCastle has lots of utilities for reading arcane formats like PEM and ASN.1 that no sane person would want to rewrite themselves.
Bouncy Castle is Australian in origin, and therefore is not subject to the Export of cryptography from the United States.
It is useful if you are outside the United States and you need to manage key sizes grater than permitted by such that restriction. In that case you are not permitted to use software from United States for that.
On server or desktop, I don't see any reason to use BC unless you have to deal with some legacy ciphers or formats not supported by Sun JCE.
However, many JREs don't come with a JCE provider, like on mobile or embedded environments. BC comes handy in such cases.
Not the answer you're looking for? Browse other questions tagged javacryptography or ask your own question.
I know the curve name (
secp256k1 ) and the X and Y coordinates of the EC public key.
How do I make a
org.bouncycastle.jce.interfaces.ECPublicKey out of them?
I've read https://stackoverflow.com/a/29355749/5453873 but the code there uses
java.security.. instead of org.bouncycastle.. and ECPublicKey is an interface in org.bouncycastle.. not an instantiable class.
Community♦
Thomas Von PanomThomas Von Panom
3 AnswersGenerating ECPublicKey using Bouncy Castle
This generates the EC public key as used in the JCE/JCA. The Bouncy Castle provider can directly use these software keys. Otherwise Bouncy is just used to generate the parameters required to generate the public key.
Generating Bouncy Castle ECPublicKeyParameters
Initially I thought that a Bouncy Castle specific key was required, so the following code generates the EC public key as used in the Bouncy Castle lightweight API.
This was mostly tricky because I didn't want to include any JCE specific code, and Maarten BodewesMaarten Bodewes
X9ECParameters is not a subclass of ECDomainParameters . So I used a conversion to ECNamedDomainParameters copied from elsewhere in the code base of Bouncy Castle.
65.5k1111 gold badges8888 silver badges180180 bronze badges
In the code which follows,
encoded contains 0x04 followed by 32 bytes of X, then 32 bytes of Y.
Alternatively, it can contain
0x02 or 0x03 (dependent on the sign of Y) followed by 32 bytes of X.
Bouncy Castle Java 11
Thomas Von PanomThomas Von Panom
小帅丶小帅丶
Not the answer you're looking for? Browse other questions tagged javacryptographybouncycastle or ask your own question.
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms, it was developed by the Legion of the Bouncy Castle, a registered Australian Charity, with a little help! The Legion, and the latest goings on with this package, can be found at https://www.bouncycastle.org.
The Legion also gratefully acknowledges the contributions made to this package by others (see here for the current list). If you would like to contribute to our efforts please feel free to get in touch with us or visit our donations page, sponsor some specific work, or purchase a support contract through Crypto Workshop.
The package is organised so that it contains a light-weight API suitable for use in any environment (including the newly released J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.
Except where otherwise stated, this software is distributed under a license based on the MIT X Consortium license. To view the license, see here. The OpenPGP library also includes a modified BZIP2 library which is licensed under the Apache Software License, Version 2.0.
Note: this source tree is not the FIPS version of the APIs - if you are interested in our FIPS version please contact us directly at [email protected].
Code Organisation
The clean room JCE, for use with JDK 1.1 to JDK 1.3 is in the jce/src/main/java directory. From JDK 1.4 and later the JCE ships with the JVM, the source for later JDKs follows the progress that was made in the later versions of the JCE. If you are using a later version of the JDK which comes with a JCE install please do not include the jce directory as a source file as it will clash with the JCE API installed with your JDK.
The core module provides all the functionality in the ligthweight APIs.
The prov module provides all the JCA/JCE provider functionality.
The pkix module is the home for code for X.509 certificate generation and the APIs for standards that rely on ASN.1 suchas CMS, TSP, PKCS#12, OCSP, CRMF, and CMP.
The mail module provides an S/MIME API built on top of CMS.
The pg module is the home for code used to support OpenPGP.
The tls module is the home for code used to a general TLS API and JSSE Provider.
The build scripts that come with the full distribution allow creation of the different releases by using the different source trees while excluding classes that are not appropriate and copying in the required compatibility classes from the directories containing compatibility classes appropriate for the distribution.
If you want to try create a build for yourself, using your own environment, the best way to do it is to start with the build for the distribution you are interested in, make sure that builds, and then modify your build scripts to do the required exclusions and file copies for your setup, otherwise you are likely to get class not found exceptions. The final caveat to this is that as the j2me distribution includes some compatibility classes starting in the java package, you need to use an obfuscator to change the package names before attempting to import a midlet using the BC API.
Examples and Tests
To view some examples, look at the test programs in the packages:
There are also some specific example programs for dealing with SMIME and OpenPGP. They can be found in:
Mailing Lists
For those who are interested, there are 2 mailing lists for participation in this project. To subscribe use the links below and include the word subscribe in the message body. (To unsubscribe, replace subscribe with unsubscribe in the message body)
**NOTE:**You need to be subscribed to send mail to the above mailing list.
Feedback and Contributions
If you want to provide feedback directly to the members of The Legion then please use [email protected], if you want to help this project survive please consider donating.
For bug reporting/requests you can report issues here on github, or via feedback-crypto if required. We will accept pull requests based on this repository as well, but only on the basis that any code included may be distributed under the Bouncy Castle License.
FinallyBouncy Castle Java Tutorial
Enjoy!
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |