java,c#,encryption,rsa,bouncycastle
The output of RSA encryption, or any secure encryption method, outputs data that is indistinguishable from random to an attacker. This is performed by the IV for symmetric ciphers and by the padding method for RSA. If this wasn't the case then an attacker would be able to see similarities...
It appears to be the first block of output (16 bytes) that is wrong, which for CBC mode implies a different "initialization vector" (IV) was used for encryption and decryption. The Android code is actually generating a (random) IV automatically (when you call Cipher.init() with just a key), which you...
I guess this is just a padding issue. Bouncy-castle latest GIT version has the following code : nb: It was not fixed in the "Nuget" version (2011) public static RSAParameters ToRSAParameters(RsaPrivateCrtKeyParameters privKey) { RSAParameters rp = new RSAParameters(); rp.Modulus = privKey.Modulus.ToByteArrayUnsigned(); rp.Exponent = privKey.PublicExponent.ToByteArrayUnsigned(); rp.P = privKey.P.ToByteArrayUnsigned(); rp.Q = privKey.Q.ToByteArrayUnsigned();...
I found my mistake: SIV-AES uses AES in CMAC mode (S2V) and in counter mode (CTR). SIV- AES takes either a 256-, 384-, or 512-bit key (which is broken up into two equal-sized keys, one for S2V and the other for CTR) I should have used only the first 16...
java,encryption,bouncycastle,pkcs11
I found the problem, I hope this post will help those who may encounter this kind of exception. In my code I encrypted the message with a RecipientCertificate which is not the same as my Decryption Certificate in Recipient's Smart Token! I made this mistake and it takes me the...
The best solution I found so far is doing a manual padding with 236 zero bytes (padding) and another temporary file (hash). COPY padding hash openssl dgst -sha1 -binary msg.txt >>hash openssl pkeyutl -sign -in hash -inkey priv.pem -out signature -pkeyopt rsa_padding_mode:none I tried to use openssl dgst instead and...
In RFC 7292, section 4.1, page 41, details of AuthenticatedSafe is described. AutthenticatedSafe is sequence OF ContentInfo which could one of three types. AuthenticatedSafe ::= SEQUENCE OF ContentInfo -- Data if unencrypted -- EncryptedData if password-encrypted -- EnvelopedData if public key-encrypted Make your authenticatedSafe data as EncryptedData where you needs...
No, for the Secure Messaging they use the same algorithm, it's just that they don't pad data explicitly in the MuthualAuth example (because it's already of required length) and do that in the SM example. Try to compute MAC with your code of "887022120C06C2270CA4020C800000008709016375432908C044F6" (which is a SSC + M...
java,openssl,rsa,bouncycastle,chinese-remainder-theorem
I'm not sure if you want a BC-only (LWAPI?) solution, or if you'll take JCE which can use either Sun or BC provider. If the latter: RSA keypairs generated and written by openssl are always in CRT form unless you work hard to prevent it, and req doesn't. For openssl...
The Signer's identity is unknown because it has not been included in the list of your trusted certificates message is from adobe acrobat or from reader. To solve the problem you've to include the issuer CA of your certificate to acrobat configuration. You can do the following next steps: Validate...
I think that you mean that you are looking for encryption/decryption sample with bouncycastle instead of a signature/verification sample which you are referencing in your question. In order to do it you can use javax.crypto.Cipher class instead of java.security.Signature I give you a simple example using AES algorithm in ECB...
If you are using Java 8, then this might be caused by a bug in Java JCE that has recently been fixed. Upgrading to Java SE 8u45 (or higher) solves the issue. I verified that with 1.8.0_45, jsch-0.1.53 is actually able to successfully negotiate an SSH session with a server...
java,windows,x509certificate,bouncycastle,digital-certificate
Normally you generate a private key and a certificate signing request, you send the csr to the CA, and the CA issues the certificate. Finally you can generate a keystore and store the private key and the certificate together on it. So I don't understand how is your CA storing...
java,cryptography,digital-signature,bouncycastle,pgp
I don't have experience with PGPSignatures however to verify a signature in public key cryptography you need three things: The signature. The publicKey. The original message which is supposed to be signed. In your example the original message is missing, you need to provide the original message which was signed...
bouncycastle,javacard,elliptic-curve,diffie-hellman
There is a problem in your implementation of KeyAgreement.ALG_EC_SVDP_DH in the terminal side. The correct length of output of the this method of key agreement should always be 20 bytes since SHA-1 is being performed on the derived output. So in your terminal side, you should perform SHA-1 after generating...
I'm far from being an OpenSSL specialist but according to some documentation I found: X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) creates an X509 certificate with subject and issuer the same as the subject in the request r, with validity days, and pkey used to sign it (with md5 as the...
java,aes,android-gcm,bouncycastle
I'll answer the questions in order: AAD does not have to be used at all, the IV is already included in GCM mode encryption. For GCM you should always specify the AAD before any plaintext. Bouncy Castle does handle an update of AAD later on, but doing so requires modular...
Seems some wrapper code is missing from the der-data above: var bs = new MemoryStream(); var constructeddata = new DerSequenceGenerator(bs); constructeddata.AddObject(new DerObjectIdentifier("1.2.840.1.113549.1.7.3")); constructeddata.AddObject(new DerTaggedObject(true, 0, ed)); //constructeddata.AddObject(ed.ToAsn1Object()); constructeddata.Close(); var derdata = bs.ToArray(); var cms = new CmsEnvelopedData(derdata); So what I do is adding a top layer to the data. ed...
java,ssl,encryption,bouncycastle,aes-gcm
GCM mode computes MAC from message, associated data and public nonce, you covered it very well. I think you are using wrong length, it should be plaintext length before encrypting and appending MAC. Try 45 - 8 (explicit nonce) - 16 (MAC) = 21....
The OP clarified in a (meanwhile deleted) comment: I am asking for explanation of passing height width as parameter to getTop(),getLeft() etc functions. Its not being clear. Those methods are defined as: // Returns the lower left y-coordinate, considering a given margin. public float getBottom(final float margin) { return lly...
java,x509certificate,bouncycastle,wildfly-8,pfx
I solved my question using only java 8 api, as the follow: Collection<?> altNames = certificate.getSubjectAlternativeNames(); for (Object i : altNames) { List<Object> item = (java.util.List) i; Integer type = (Integer) item.get(0); try { if (type > 0) { continue; } String[] arr = StringEscapeUtils.escapeHtml(new String((byte[]) item.get(1))).split(";"); return Arrays.asList(arr) .stream()...
java,ssl,cryptography,bouncycastle
How can I edit the list of cipher suite in Java using Bouncy Castle See Which Cipher Suites to enable for SSL Socket? and use SSLSocketFactoryEx. Its a drop-in replacement for Java's SSLSocketFactory If you don't want to use SSLSocketFactoryEx, then rip the code to find the intersection of...
java,security,digital-signature,x509certificate,bouncycastle
You're missing to add the certificates to your signature data structure, this is probably why you're getting the signerInformation but you're not getting the certificates using Collection certs = certStore.getCertificates( s.getSID() );. To solve this add the certificates to your CMSSignedData using addCertificates() method: gen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) .build(sha1Signer,...
The issue had nothing to do with the class, but with how the ciphertext was being reading.
java,database,security,encryption,bouncycastle
One of the most important properties of good encryption is that similar plaintexts are encrypted into vastly different ciphertexts. Roughly half of the bits of two ciphertexts will match. This property makes it hard (impossible) to formulate any kind of query that looks for substrings through LIKE or determines whether...
java,scala,intellij-idea,compiler-errors,bouncycastle
I haven't been able to find the cause of the problem. However, I was able to work around it by adding Bouncy Castle as a Maven dependency in the Project Structure window. This fixed the issue and allowed me to use BC from Scala.
java,bouncycastle,javacard,apdu,elliptic-curve
The public key returned in JavaCard is formatted as follows: 04 x y. In the terminal side, first you must extract x and y coordinates. Then, KeyFactory kf = KeyFactory.getInstance("ECDSA", "BC"); ECPoint point = new ECPoint(x, y); ECParameterSpec domainparameters = new ECParameterSpec(...); // initialize your domain parameters ECPublicKeySpec spec =...
1.50 or sometimes 150 is the latest release. The deprecation notes: Deprecated. use classes in org.bouncycastle.pkcs. If you take a close look you will see that this class was moved to a different package: PKCS10CertificationRequest You will need the following dependency to access that class: <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk15on</artifactId> <version>1.50</version> </dependency>...
java,cryptography,bouncycastle
The first step to obtain allcertificate is to use a null selector ArrayList<X509CertificateHolder> listCertDatFirm = new ArrayList(store.getMatches(null)); Then you have a group of certificate; looping recoursively you can rebuild the correct chain....
c#,ssl,mono,xamarin,bouncycastle
Bouncy Castle is a very powerful library, however the lack of documentation makes it quite difficult to work with. After searching for much too long through all of the classes and methods I finally found what I was looking for. The following code will take the previously generated private key,...
android,noclassdeffounderror,bouncycastle,genymotion,verifyerror
Disclaimer: I work for Genymotion It is not an Emulator issue here, but an Android one. Old Android versions (Gingerbread is now 4 years old) were shipped with really really old BouncyCastle implementations. see (https://code.google.com/p/android/issues/detail?id=3280) Your emulator is really trying to warn you that your code probably will NOT work...
java,cryptography,digital-signature,bouncycastle,ntrusign
Currently, it's a bug, so there are two solutions: use another library - tbuktu's github project (bouncy-castle is using it with some modifications, as I see) download sources, catch the bug of this generation parameter, solve it and pack into library for a project ...
c#,encryption,cryptography,rsa,bouncycastle
I was using an incorrect Public Key.. and the test that proved the Private and Public keys matched was using the correct Public Key. The above code works perfectly as is, as long as you get the keys right!...
java,android,bouncycastle,spongycastle
i think it's in the line below: ks.load(cert,null); 'load' is used to load a KeyStore file. You're trying to load a certificate. The formats of these two are absolutely different and that's why you're getting an error....
android,proguard,bouncycastle,spongycastle,dexguard
For completeness' sake: we've worked out by e-mail that the problem was caused by the option "minifyEnabled true" in build.gradle, which is incompatible with the DexGuard plugin. DexGuard of course already provides shrinking, optimization, and obfuscation. (I am the developer of ProGuard and DexGuard)...
Problem was related to the grails-doc plugin. I found this by running grails dependency-report this showed an old iText dependency in grails-doc. Excluding this in the BuildConfig worked fine. Basically this... How to exclude grails global dependency...
java,encryption,cryptography,rsa,bouncycastle
byte[] input = new byte[] { (byte) 0xbe, (byte) 0xef , (byte) 0xef}; Cipher cipher = Cipher.getInstance("RSA"); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); String mod = "B390F7412F2554387597814A25BC11BFFD95DB2D1456F1B66CDF52BCC1D20C7FF24F3CCE7B2D66E143213F64247454782A377C79C74477A28AF6C317BE 68 BC 6E 8F F0 01 D3 75 F9 36 3B 5A 71 61 C2 DF BC 2E D0 85 06 97 A5 44...
encryption,cryptography,bouncycastle,pgp,secret-key
Quoting RFC 4880, OpenPGP, 5.5.1.3. Secret-Key Packet: A Secret-Key packet contains all the information that is found in a Public-Key packet, including the public-key material, but also includes the secret-key material after all the public-key fields. and 11.2. Transferable Secret Keys: [...] The format of a transferable secret key is...
java,encryption,mule,bouncycastle,pem
I'm no expert, but what you are showing does not look like a key in PEM format. Compare with: http://www.herongyang.com/Cryptography/Certificate-Format-PEM-on-Certificates.html This may help: https://sycure.wordpress.com/2008/05/15/tips-using-openssl-to-extract-private-key-pem-file-from-pfx-personal-information-exchange/...
c#,bouncycastle,portable-class-library
Try like this for HmacSha256 public class HmacSha256 { private readonly HMac _hmac; public HmacSha256(byte[] key) { _hmac = new HMac(new Sha256Digest()); _hmac.Init(new KeyParameter(key)); } public byte[] ComputeHash(byte[] value) { if (value == null) throw new ArgumentNullException("value"); byte[] resBuf = new byte[_hmac.GetMacSize()]; _hmac.BlockUpdate(value, 0, value.Length); _hmac.DoFinal(resBuf, 0); return resBuf; }...
In addition to the provider (a.k.a. bcprov) and lightweight API, you also need the PKIX API, which provides the openssl package. Either download bcpkix-jdk15on-150.jar from BC downloads page (direct link) and drop it in the same directory of bcprov or add it to your maven dependencies with its coordinates: <dependency>...
java,email,encryption,bouncycastle,pgp
I'll try to address these points one by one: Java bouncycastle keyring generation The Java code does work and produces a usable keyring pair. I have tested it with different emails and different pass codes with no problems. I have had a 3rd party send me an email using the...
The modulus doesn't match between public key and private key. It should match. The private key modulus is probably smaller (assuming big endian notation and same length hex strings) and that is why you're getting this error message. Since the private key contains the modulus and public exponent components, you...
I think you are adding the static registration into the wrong file. Use security.policy instead of java.policy within the same folder. See: https://www.bouncycastle.org/wiki/display/JA1/Provider+Installation...
I will speculate a bit, based on your description and without any experimentation, but I hope that it will help you satisfy your curiosity. Java security providers that implement Cipher and some other services from javax.crypto must sign their code. If any of the signed BouncyCastle classes (or resources) were...
RSAPrivateCrtKeySpec prvkeySpec = new RSAPrivateCrtKeySpec( modulus, publicExponent, privateExponent, primeP, primeQ, primeExponentP, primeExponentQ, crtCoefficient); Security.addProvider(new org.bouncycastle.jce .provider.BouncyCastleProvider()); KeyFactory kfact = KeyFactory.getInstance("RSA", "BC"); BCRSAPrivateCrtKey prk = (BCRSAPrivateCrtKey) kfact .generatePrivate(prvkeySpec); ...
java,encryption,cryptography,aes,bouncycastle
EJP makes a clear point when to use an external provider, but I'll expand the answer significantly here: if the functionality that you are looking for is not supplied by JCE; this can be because the algorithm - which can be a combination of cipher, mode and padding - is...
java,ssl,cryptography,bouncycastle,public-key
An X.509 certificate and an X509EncodedKeySpec are quite different structures, and trying to parse a cert as a key won't work. Java's X509EncodedKeySpec is actually X.509's SubjectPublicKeyInfo, which is a small part of a certificate. What you need to do is read and parse the cert and then extract the...
The workaround solution I have finally used was to convert key to PEM format and use the following: @Cleanup FileReader privateKeyReader = new FileReader(new File("key.pem")); @Cleanup PEMParser parser = new PEMParser(privateKeyReader); PEMKeyPair keyPair = (PEMKeyPair) parser.readObject(); AsymmetricKeyParameter privateKey = PrivateKeyFactory .createKey(keyPair.getPrivateKeyInfo()); AsymmetricKeyParameter publicKey = PublicKeyFactory .createKey(keyPair.getPublicKeyInfo()); ...
java,bouncycastle,privatekey,pem,elliptic-curve
The problem is not the PEMParser but JcaPEMKeyConverter which treats EC keys as keys for ECDSA: algorithms.put(X9ObjectIdentifiers.id_ecPublicKey, "ECDSA"); ... private KeyFactory getKeyFactory(AlgorithmIdentifier algId) throws NoSuchAlgorithmException, NoSuchProviderException { ASN1ObjectIdentifier algorithm = algId.getAlgorithm(); String algName = (String)algorithms.get(algorithm); ... The algorithm identifier is id-ecPublicKey, which is also used for ECDSA keys, so the...
java,bouncycastle,distinguishedname
If you use the following enum, you should be able to iterate every element possible for an X500Name or X509Name. public enum MyBCStyle { /** * country code - StringType(SIZE(2)) */ C(BCStyle.C), /** * organization - StringType(SIZE(1..64)) */ O(BCStyle.O ), /** * organizational unit name - StringType(SIZE(1..64)) */ OU(BCStyle.OU), /**...
java,android,encryption,cross-platform,bouncycastle
You are using serialization, which will only work if your implementations are as good as identical. You should not use serialization, use RSAPublicKey.getEncoded() instead. This should return a more canonical representation of the key, which can be retrieved again using X509EncodedKeySpec and a KeyFactory for "RSA" keys.
java,digital-signature,bouncycastle,ecdsa,gost3410
I'll answer in order: How detect curve used by Signature ecdsaSign = Signature.getInstance("SHA256withECDSA", "BC"); You can't because the public & private keys should contain the parameters, not the algorithm. However, only certain curve parameters will be supported by the underlying library. In the case of Bouncy Castle those are those...
java,apache,bouncycastle,pdfbox,jce
Use version 1.44 of the Bouncy Castle libs, as mentioned here: https://pdfbox.apache.org/dependencies.html The Bouncy Castle libs are often not backwards compatible, that is why....
java,encryption,cryptography,aes,bouncycastle
You are attempting to decode a lot of random bytes as UTF-8 encoded text. That won't work. Your cipher text becomes corrupted, because any byte sequences that don't form a valid UTF-8 encoding of a character will be replaced with the replacement character, 0+FFFD (�). Cipher text is not actually...
java,encryption,rsa,bouncycastle
Yes. NativeRSAEngine is implemented with a native library, while RSAEngine is written entirely in Java. As for which is faster, there is a comment on that NativeRSAEngine Javadoc that says this is much faster using jna-gmp.
java,android,encryption,aes,bouncycastle
Yes, there are ways to speed this up as the source code of winzipaes uses a rather inefficient way of decrypting: it decrypt each block by calculating the IV and initializing the cipher (for CTR mode decryption). This could mean that the key gets reinitialized too often. Furthermore, handling data...
java,hash,bouncycastle,trusted-timestamp
After hard testing, i have found the solution. The SHA-256 hash generated in javascript can be used directly in bouncyclaste after some type conversion as follows: byte[] decodedHex = Hex.decodeHex(digest.toCharArray()); so you can use it as a normal java.security.MessageDigest when they are both converted to byte[] full code here: //...
java,bouncycastle,signature,ecdsa
The expected ECDSA signature format that the BC (and other provider) implementations work with is a DER-encoded ASN.1 sequence containing two integer values r and s. This signature format has been specified in ANSI X9.62. This is the format in the first set of data you give (note that signature...
ssl,cryptography,ssl-certificate,bouncycastle,pkcs7
There is no such thing as a CMS certificate or PKCS#12 certificate. CMS is the cryptographic message syntax. It specifies a container format that may contain X5.09 compatible certificates of the signer. PKCS#12 is a container format for cryptographic objects, it is often used to store one or more certificate/private...
java,certificate,x509certificate,digital-signature,bouncycastle
You actually ask a number of questions. Thus, when I want to verify multiple signed file and provide info about signers can I make small optimization - extract info for all signatures but perform hash checking only in one randomly chosen signature? If you are sure (e.g. by organisational reasons)...
java,encoding,cryptography,bouncycastle
Well, despite the fact that someone has seen fit to down-vote the question, I'll post the answer here for posterity. At least for v1.52, org.bouncycastle.pkcs.PKCS10CertificationRequest#getEncoded() is implemented as: public byte[] More ...getEncoded() throws IOException { return certificationRequest.getEncoded(); } This calls org.bouncycastle.asn1.pkcs.CertificationRequest#getEncoded(), which results in the inherited method org.bouncycastle.asn1.ASN1Object#getEncoded(). This method...
java,encryption,bouncycastle,aes-gcm
Block ciphers [ed: in Bouncy Castle] have an internal buffer that they keep updating, and only when they have enough data for a full block, will the decrypt occur, and a chunk of the decrypted data be returned. You can see this if you try and decrypt it 1 byte...
java,encryption,cryptography,aes,bouncycastle
You cannot just treat ciphertext as characters. You will lose data if you do so. To convert ciphertext to a String you should use an codec - for instance base 64.
Here is a simple example showing one possible solution. using System; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; namespace ReadKeyFromCert { class MainClass { public static void Main (string[] args) { string base64X509Cert = @"-----BEGIN CERTIFICATE----- MIICnzCCAggCCQDbr9OvJHgzmDANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC RUUxETAPBgNVBAgMCEhhcmp1bWFhMRAwDgYDVQQHDAdUYWxsaW5uMREwDwYDVQQK DAhFZXRhc29mdDERMA8GA1UECwwIYmFua2xpbmsxFjAUBgNVBAMMDXBhbmdhbGlu...
android,encryption,cryptography,aes,bouncycastle
One thing that is making your code run slow is the size of your buffer: byte[] d = new byte[8]; You should bump it up by a few orders of magnitude if you want it to run fast. Given the size of your files I would suggest using at least...
I recommend to use a bouncy castle class: org.bouncycastle.jce.X509Principal which implements java.security.Principal. In order to get org.bouncycastle.jce.X509Principal instance you can use the method: public static org.bouncycastle.jce.X509Principal getSubjectX509Principal( java.security.cert.X509Certificate cert) throws CertificateEncodingException of the class org.bouncycastle.jce.PrincipalUtil. I give you a sample: import java.io.FileInputStream; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate;...
Solved this issue. The issue was because the BigInteger(byte[] array) constructor reads array in two's complement form. Because modulus byte array is not to be interpreted in two's complements form, using the above constructor can yield a negative integer. Therefore, using this constructor solves the problem BigInteger(int signum, byte[] array)....
java,encryption,bouncycastle,pgp,openpgp
ArmoedOutputStream uses an encoding similar to Base64, so that binary non-printable bytes are converted to something text friendly. You'd do this if you wanted to send the data over email, or post on a site, or some other text medium. It doesn't make a difference in terms of security. There...
java,encryption,aes,bouncycastle,jce
The code is indeed using PKCS#7 instead. The reason that "PKCS5Padding" is specified is very likely due to compatibility with the older DES and 3DES ciphers. Note that PKCS#5 padding is exactly 8 bytes, not less. Bouncy Castle usually follows the Sun/Oracle providers for the sake of compatibilty, although you...
java,cryptography,bouncycastle,elliptic-curve,key-pair
You need to get curve parameters in X9.62 format and convert them to JCE format X9ECParameters ecP = CustomNamedCurves.getByName("curve25519"); ECParameterSpec ecSpec=new ECParameterSpec(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed()); Then produce ECDSA key as normal Provider bcProvider = new BouncyCastleProvider(); KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", bcProvider); g.initialize(ecSpec, new SecureRandom()); KeyPair keyPair = g.generateKeyPair(); Assert.assertNotNull(keyPair);...
java,ssl,cryptography,bouncycastle
So, what's the problem with pairwise parameter checking? If certificate specifies public key of type “RSA”, then: Extract n, e from key file. Compare these values with those in certificate. If certificate specifies public key of type “DSA”, then: Extract p, q, g, y from key file. Compare these values...
java,encryption,cryptography,bouncycastle,ntruencrypt
Have your tried NTRUSigningKeyPairGenerator, and calling getEncoded() on the retrieved private key? NTRUSigningKeyPairGenerator ntruSigningKeyPairGenerator = new NTRUSigningKeyPairGenerator(); NTRUSigningKeyGenerationParameters ntruSigningKeyGenerationParameters = NTRUSigningKeyGenerationParameters.TEST157; ntruSigningKeyPairGenerator.init(ntruSigningKeyGenerationParameters); AsymmetricCipherKeyPair asymmetricCipherKeyPair = ntruSigningKeyPairGenerator.generateKeyPair(); NTRUSigningPrivateKeyParameters params =...