3

I would like to find out if the Base64 encoding mechanism provided by BouncyCastle and the equivalent mechanism providing by Apache Commons Codec are totally compatible, or if there could be compatibility problems.

I am working on a library in Java which uses Base64 encoding on some inputs and outputs (it has to encode some inputs, and it encodes some of its outputs). This library uses the Base64 encoder from Bouncy Castle.

One of the applications that will use this library will use the Base64 encoder from Apache commons to perform the encoding and decoding on its side.

I believe that the implementation from Apache follows an RTC standard, however the implementation from Bouncy Castle does not follow this standard, although it largely follows the same standard. Could there be compatibility problems between this components?

Would it be wise to only use the same Base64 encoder in components that need to communicate with each other?

Duncan Jones
  • 67,400
  • 29
  • 193
  • 254
user3441604
  • 582
  • 7
  • 23
  • Won't your testing alleviate these concerns? – Duncan Jones Aug 12 '14 at 10:17
  • Hi, thanks for your comment. Testing will be useful, but I don't think we can test every possible input and output. We can write many tests, and obtain a high degree of confidence that these base64 encoders are compatible, but we still will have some concerns I think. – user3441604 Aug 12 '14 at 10:20
  • Is [this](http://www.bouncycastle.org/docs/docs1.5on/org/bouncycastle/util/encoders/Base64.html) the class you are using from BouncyCastle? – Duncan Jones Aug 12 '14 at 10:35
  • yes, we are using org.bouncycastle.util.encoders.Base64 – user3441604 Aug 12 '14 at 12:16

1 Answers1

4

Would it be wise to only use the same Base64 encoder in components that need to communicate with each other?

In short: Yes, Base64 in both of communicating components should be same.

Explaination:

Base64 content transfer encoding is a form of a description of any 8-bit byte sequence combinations, this form can not easily be directly identified. This algorithm is mainly given character to character encoding (such as ASCII code, UTF-8 code) corresponding to the decimal number as a reference, do the encoding operation.

Since Sun itself doesn't provide the Base64 algorithm to achieve, users have to use one of the open source implementations such as Commons Codec, Bouncy Castle etc.

The difference between algorithms of Bouncy Castle & Apache Commons is that Bouncy Castle interprets hash as series of hexadecimal values, whereas Apache Commons interprets the same hash as a string before base64-encoding it. In the former case, the resultant encode is shorter than the original string, while in the latter the resultant encode is longer than the original string.

Hence, there should be same Base64 encoder used between the communicating components.

Hope this helps you.

Shishir Kumar
  • 7,981
  • 3
  • 29
  • 45
  • "The difference between algorithms of Bouncy Castle & Apache Commons is that Bouncy Castle interprets hash as series of hexadecimal values, whereas Apache Commons interprets the same hash as a string before base64-encoding it." That's just utterly wrong. Bouncy Castle uses bytes, not hexadecimal values and the Apache codec isn't implementing cryptography at all, and certainly does not *interpret hashes*. – Maarten Bodewes Oct 14 '14 at 22:13