BouncyCastle : Java Glossary

BouncyCastle

Legion of the Bouncy Castle is a JCE (Java Cryptography Extension)-compatible library that also handles PGP (Pretty Good Privacy). It is well regarded. The source is not well formatted or commented. The Javadoc in version 1.22 was sparse and inaccurate. version 1.41 is reputedly better. I don’t know how they do it, but everything is free. The specifications give a bird’s eye view of all the encryption algorithms supported.

BouncyCastle has the big advantage of being Australian, and hence immune to the silly American laws about exporting strong encryption. If Canadians use BouncyCastle they need not worry about that law, since the code is not American. If Americans use it, they can still get in trouble just for incorporating Australian encryption code even though it did not originate in America. If you are an American and have a product then implements or uses encryption, best talk to a lawyer. The laws are idiotic since encryption algorithms are public domain and widely disseminated. All the laws do is cripple American software company exports.

You will want to download the BouncyCastle jars for:

Put the jars in your ext directories:

ext directories :

in C:\Program Files\java\jre7\lib\ext in JRE 1.7.0 on your local hard disk.
in C:\Program Files (x86)\java\jre7\lib\ext in JRE 1.7.0 on your local hard disk.
in J:\Program Files\java\jdk1.7.0_21\jre\lib\ext in JDK 1.7.0 on your local hard disk.
in J:\Program Files (x86)\java\jdk1.7.0_21\jre\lib\ext in JDK 1.7.0 on your local hard disk.
in J:\Program Files (x86)\jet8.0-pro-x86\profile1.6.0_43\jre\lib\ext in Jet 8.0-pro-x86/1.6.0_43 on your local hard disk.
in J:\Program Files (x86)\JetBrains\IntelliJ IDEA 12.1\jre\jre\lib\ext in IntelliJ Idea 12.1 on your local hard disk.

Generating Keys

Generate

The public and private keys will appear as pub.bpg, and secret.bpg. You can generate ascii *.asc ascii armoured file instead by using

To generate variants look at the source code in bcpg-jdk14-122/src/org/bouncycastleopenpgp/examples/RSAKeyPairGenerator.java

Signing A Binary File

Resulting signed file will appear in anyfile.dat.bpg signed, but not encrypted.

Verifying a Signed Binary File

I’m told BouncyCastle does not support Sun’s proprietary JKS (Java Key Store) store format, but even that can be got around with Metastatic’s reverse engineered version.

With BouncyCastle you have the sources to look at. With keytool, all you have is -J-verbose:class to find out what classes it is using.

encryption
JCE
security

	available on the web at:	http://mindprod.com/jgloss/bouncycastle.html
	optional Replicator mirror of mindprod.com on local hard disk J:	J:\mindprod\jgloss\bouncycastle.html
	Please email your feedback for publication, letters to the editor, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to Roedy Green : . If you want your message, your name or email kept confidential, not considered for public posting, please explicitly specify that. Unless you state otherwise, I will treat your message as a letter to the editor that I may or may not publish in the feedback section. After that, it will be too late to retract it. If you disagree with something I said, especially when sending an ad-hominem attack, a rant composed mainly of obscenities or a death threat, please quote the offending passage and cite the web page where you found it, tell me why you think it is wrong, and, if possible, provide some supporting evidence. I can’t very well fix erroneous or ambiguous text if I can’t find it.
Blog	Canadian Mind Products IP:[65.110.21.43] Your face IP:[50.16.17.90]
Feedback	You are visitor number 33,311.