Stack Overflow
Stack Overflow

Questions tagged [bouncycastle]

Bouncy Castle is a cryptography API providing various cryptography, encryption, and security protocols. There are fairly similar libraries in both C# and Java that implement the API. Additionally, Bouncy Castle provides a JCE-compliant crypto provider for Java.

  • Generation and parsing of PKCS#12 files.
  • X.509: Generators and parsers for V1 and V3 certificates, V2 CRLs and attribute certificates.
  • PBE algorithms supported by PBEUtil: PBEwithMD2andDES-CBC, PBEwithMD2andRC2-CBC, PBEwithMD5andDES-CBC, PBEwithMD5andRC2-CBC, PBEwithSHA1andDES-CBC, PBEwithSHA1andRC2-CBC, PBEwithSHA-1and128bitRC4, PBEwithSHA-1and40bitRC4, PBEwithSHA-1and3-keyDESEDE-CBC, PBEwithSHA-1and2-keyDESEDE-CBC, PBEwithSHA-1and128bitRC2-CBC, PBEwithSHA-1and40bitRC2-CBC, PBEwithHmacSHA-1, PBEwithHmacSHA-224, PBEwithHmacSHA-256, PBEwithHmacRIPEMD128, PBEwithHmacRIPEMD160, and PBEwithHmacRIPEMD256.
  • Signature algorithms supported by SignerUtilities: MD2withRSA, MD4withRSA, MD5withRSA, RIPEMD128withRSA, RIPEMD160withRSA, RIPEMD256withRSA, SHA-1withRSA, SHA-224withRSA, SHA-256withRSAandMGF1, SHA-384withRSAandMGF1, SHA-512withRSAandMGF1, SHA-1withDSA, and SHA-1withECDSA.
  • Symmetric key algorithms: AES, Blowfish, Camellia, CAST5, CAST6, DESede, DES, GOST28147, HC-128, HC-256, IDEA, NaccacheStern, RC2, RC4, RC5-32, RC5-64, RC6, Rijndael, Serpent, Skipjack, TEA/XTEA, Twofish, and VMPC.
  • Symmetric key modes: CBC, CFB, CTS, GOFB, OFB, OpenPGPCFB, and SIC (or CTR).
  • Symmetric key paddings: ISO10126d2, ISO7816d4, PKCS#5/7, TBC, X.923, and Zero Byte.
  • Asymmetric key algorithms: RSA (with blinding), ElGamal, DSA, ECDSA.
  • Asymmetric key paddings/encodings: ISO9796d1, OAEP, and PKCS#1.
  • Digests: GOST3411, MD2, MD4, MD5, RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, Tiger, and Whirlpool.
  • Signer mechanisms: DSA, ECDSA, ECGOST3410, GOST3410, ISO9796d2, PSS, RSA.
  • Key Agreement: Diffie-Hellman and EC-DH.
  • Macs: CBCBlockCipher, CFBBlockCipher, GOST28147, HMac, and ISO9797 Alg. 3.
  • PBE generators: PKCS#12, and PKCS#5 - schemes 1 and 2.
  • OpenPGP (RFC 2440)
  • Cryptographic Message Syntax (CMS, RFC 3852), including streaming API.
  • Online Certificate Status Protocol (OCSP, RFC 2560).
  • Time Stamp Protocol (TSP, RFC 3161).
  • TLS/SSL Client with support for client side authentication.
3108 questions
1
vote
1 answer

How to verify a RFC3161 timestamp token that uses RSASSA-PSS

My timestamp provider recently changed from using rsaEncryption to sign the timestamp token to rsassaPss (see the diff of the asn1parse here). Before the change I used the following command in OpenSSL (v1.1.1a) to verify the timestamp token: $…
Victor
  • 23,172
  • 30
  • 86
  • 125
1
vote
1 answer

How to verify ECDSA signature in ASN.1 format and public key in DER using BouncyCastle?

I have a byte array that contains the public key, and a byte array that contains the ASN.1 formatted signature. Using ECDSA P-256. The following code loads the public key: var publicKey = PublicKeyFactory.CreateKey(publicKeyDERBytes); And the…
HelloWorld
  • 3,381
  • 5
  • 32
  • 58
1
vote
0 answers

Create/Convert to CMS/pkcs7 Certificate from Certificate collection and save it as p7b

I'm trying to convert/Create a PKCS7 "p7b" Certificate from signed certificate pem + chain using BouncyCastle or .net Cryptography class I tried to use only BC without success, so I use BC only to read pem certs and then transform it to an…
leo
  • 51
  • 2
1
vote
0 answers

How do you make TlsServer send session ID on ServerHello in BouncyCastle?

Basically my implementation already works. I have made my own "custom" PSKTlsServer class and handshake works well. However, I did notice that my ServerHello message does not contain a session ID and the session ID length is also 00. Looking at the…
Josh
  • 11
  • 2
1
vote
0 answers

Failure to instantiate KeyAgreement under IBM AIX 6.1

We need to deploy a standalone jar in an IBM AIX 6.1. This jar tries to connect to an SFTP server using hierynomus sshj and bouncycastle. When trying to instantiate the KeyAgreement, in execution time, it outputs the following: Exception in thread…
Hugo Laredo
  • 11
  • 2
1
vote
0 answers

Deploying two similar wars with WebPush Api causing InvalidKeySpecException: key spec not recognized

I am working on a project which requires to send a WebPush notification to a desktop.Currently I am using Martijn Dwars library. Now, I was able to make it work, and the notifications are being sent seamlessly. However, on my server (Amazon EC2…
Salim Shamim
  • 656
  • 10
  • 25
1
vote
1 answer

Can I use PKCS5Padding padding algorithm while decryption for already encrypted data using PKCS7Padding?

I'm replacing PKCS7Padding padding with PKCS5Padding for my AES encryptions. Can I use PKCS5Padding padding algorithm while decryption for already encrypted data using PKCS7Padding? I tried using a sample program on local and somehow it works and…
Akshay Kumar
  • 45
  • 5
1
vote
1 answer

How do I convert a PEM encoded X509 certificate to Org.BouncyCastle.X509.X509Certificate in C#

How do I convert a PEM encoded X509 certificate to a Bouncycastle X509Certificate? I receive the PEM encoded X509 certificate (defined in RFC 5280) that represents the issuer of the signing certificate. The PEM encoding format (defined in RFC 1421)…
Cerveser
  • 752
  • 8
  • 23
1
vote
1 answer

Is decoding of PKCS8 key from Base64 encoded ASN1 structure fault tolerant?

I'm using Spongy Castle library to encode my users private key (PKCS8) into an ASN1 entity and afterwards as Base64 encoded string into a QR code. One of my colleagues found out that it's possible to change some characters in the Base64 string…
Herbert Gerngroß
  • 21
  • 2
1
vote
1 answer

BouncyCastle validate secp256k1 public key generation

I have the following Java code using bounce castle library: byte[] privKey = new byte[32]; privKey[31] = 1; ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("secp256k1"); ECPoint pointQ = spec.getG().multiply(new BigInteger(1,…
Subby
  • 1,997
  • 4
  • 22
  • 38
1
vote
1 answer

How to debug code without debug information?

I come across unintended behavior while using the BouncyCastle Provider with the JCE. I thus want to see whats happening inside and have to debug the code of the BouncyCastle Library. Sadly the classes I have to take a look into…
whme
  • 4,908
  • 5
  • 15
  • 28
1
vote
1 answer

When should I use CryptoAPI vs System.Security.Cryptography vs Bouncycastle?

From what I can tell BouncyCastle & System.Security.Cryptography provides ability to do high level tasks while CryptoAPI is somewhat lower level. I'm told BouncyCastle is not FIPS compliant, while CryptoAPI allows for this. Is this true? When…
makerofthings7
  • 60,103
  • 53
  • 215
  • 448
1
vote
1 answer

Java security with Bouncy Castle API

I want to know whether Bouncy Castle API is good fit for asymmetric encryption in Java. Currently I am doing this with Java's JCE API. Will there be any advantages if I use Bouncy Castle API for asymmetric encryption?
jgg
  • 1,136
  • 4
  • 22
  • 46
1
vote
2 answers

Diffie Hellman Key Exchange using ECDSA x509 certificates

I am trying to perform a Diffie-Hellman key exchange using 2 ECDSA x509 certificates. Here is the method where I extract the keys from the certificates for computation of the derived key. private byte[] GetDerivedKey(X509Certificate2…
Josh
  • 16,286
  • 25
  • 113
  • 158
1
vote
3 answers

ECDSA KeyPairGenerator not available (but in JUnit works)

I am getting below Exception which I observed when running Android app - it does not occurs when I run the code below as JUnit. java.security.NoSuchAlgorithmException: ECDSA KeyPairGenerator not available at…
K.Os
  • 5,123
  • 8
  • 40
  • 95
1 2 3
99
100