Difference between results with RSA Encryption with Bouncy Castle in Java and C#
java,c#,encryption,rsa,bouncycastle
The output of RSA encryption, or any secure encryption method, outputs data that is indistinguishable from random to an attacker. This is performed by the IV for symmetric ciphers and by the padding method for RSA. If this wasn't the case then an attacker would be able to see similarities...
Bouncycastle does not decrypt correctly in C#
It appears to be the first block of output (16 bytes) that is wrong, which for CBC mode implies a different "initialization vector" (IV) was used for encryption and decryption. The Android code is actually generating a (random) IV automatically (when you call Cipher.init() with just a key), which you...
Import RSA key from bouncycastle sometimes throws “Bad Data”
I guess this is just a padding issue. Bouncy-castle latest GIT version has the following code : nb: It was not fixed in the "Nuget" version (2011) public static RSAParameters ToRSAParameters(RsaPrivateCrtKeyParameters privKey) { RSAParameters rp = new RSAParameters(); rp.Modulus = privKey.Modulus.ToByteArrayUnsigned(); rp.Exponent = privKey.PublicExponent.ToByteArrayUnsigned(); rp.P = privKey.P.ToByteArrayUnsigned(); rp.Q = privKey.Q.ToByteArrayUnsigned();...
How to use Bouncycastle's CMac
I found my mistake: SIV-AES uses AES in CMAC mode (S2V) and in counter mode (CTR). SIV- AES takes either a 256-, 384-, or 512-bit key (which is broken up into two equal-sized keys, one for S2V and the other for CTR) I should have used only the first 16...
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_WRAPPED_KEY_INVALID
java,encryption,bouncycastle,pkcs11
I found the problem, I hope this post will help those who may encounter this kind of exception. In my code I encrypted the message with a RecipientCertificate which is not the same as my Decryption Certificate in Recipient's Smart Token! I made this mistake and it takes me the...
OpenSSL equivalent for Java/BouncyCastle signature
The best solution I found so far is doing a manual padding with 236 zero bytes (padding) and another temporary file (hash). COPY padding hash openssl dgst -sha1 -binary msg.txt >>hash openssl pkeyutl -sign -in hash -inkey priv.pem -out signature -pkeyopt rsa_padding_mode:none I tried to use openssl dgst instead and...
How can I import a .pfx file that was created without a password?
In RFC 7292, section 4.1, page 41, details of AuthenticatedSafe is described. AutthenticatedSafe is sequence OF ContentInfo which could one of three types. AuthenticatedSafe ::= SEQUENCE OF ContentInfo -- Data if unencrypted -- EncryptedData if password-encrypted -- EnvelopedData if public key-encrypted Make your authenticatedSafe data as EncryptedData where you needs...
ePassport Problems reagrding MAC creation in ICAO 9303 “worked examples” in Java/Clojure
No, for the Secure Messaging they use the same algorithm, it's just that they don't pad data explicitly in the MuthualAuth example (because it's already of required length) and do that in the SM example. Try to compute MAC with your code of "887022120C06C2270CA4020C800000008709016375432908C044F6" (which is a SSC + M...
PrivateKeyGenerated by OpenSSL to RSACRTPrivateKey object
java,openssl,rsa,bouncycastle,chinese-remainder-theorem
I'm not sure if you want a BC-only (LWAPI?) solution, or if you'll take JCE which can use either Sun or BC provider. If the latter: RSA keypairs generated and written by openssl are always in CRT form unless you work hard to prevent it, and req doesn't. For openssl...
Including a self signed keystore to list of trusted certificates
The Signer's identity is unknown because it has not been included in the list of your trusted certificates message is from adobe acrobat or from reader. To solve the problem you've to include the issuer CA of your certificate to acrobat configuration. You can do the following next steps: Validate...
Decrypt digital sign bouncycastle
I think that you mean that you are looking for encryption/decryption sample with bouncycastle instead of a signature/verification sample which you are referencing in your question. In order to do it you can use javax.crypto.Cipher class instead of java.security.Signature I give you a simple example using AES algorithm in ECB...
Jsch not working with certain sftp servers
If you are using Java 8, then this might be caused by a bug in Java JCE that has recently been fixed. Upgrading to Java SE 8u45 (or higher) solves the issue. I verified that with 1.8.0_45, jsch-0.1.53 is actually able to successfully negotiate an SSH session with a server...
BouncyCastle - Generate certificate file that MS Windows understands
java,windows,x509certificate,bouncycastle,digital-certificate
Normally you generate a private key and a certificate signing request, you send the csr to the CA, and the CA issues the certificate. Finally you can generate a keystore and store the private key and the certificate together on it. So I don't understand how is your CA storing...
PGP, verify signature on a certificate
java,cryptography,digital-signature,bouncycastle,pgp
I don't have experience with PGPSignatures however to verify a signature in public key cryptography you need three things: The signature. The publicKey. The original message which is supposed to be signed. In your example the original message is missing, you need to provide the original message which was signed...
Javacard KeyAgreement differs from BouncyCastle KeyAgreement
bouncycastle,javacard,elliptic-curve,diffie-hellman
There is a problem in your implementation of KeyAgreement.ALG_EC_SVDP_DH in the terminal side. The correct length of output of the this method of key agreement should always be 20 bytes since SHA-1 is being performed on the derived output. So in your terminal side, you should perform SHA-1 after generating...
Convert PKCS10CertificationRequest to X509 certificate
I'm far from being an OpenSSL specialist but according to some documentation I found: X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) creates an X509 certificate with subject and issuer the same as the subject in the request r, with validity days, and pkey used to sign it (with md5 as the...
Usage of additional authenticated data & authentication tag for AES-GCM using BouncyCastle
java,aes,android-gcm,bouncycastle
I'll answer the questions in order: AAD does not have to be used at all, the IV is already included in GCM mode encryption. For GCM you should always specify the AAD before any plaintext. Bouncy Castle does handle an update of AAD later on, but doing so requires modular...
Read PKCS#7 from ASN1 with PasswordRecipientInfo
Seems some wrapper code is missing from the der-data above: var bs = new MemoryStream(); var constructeddata = new DerSequenceGenerator(bs); constructeddata.AddObject(new DerObjectIdentifier("1.2.840.1.113549.1.7.3")); constructeddata.AddObject(new DerTaggedObject(true, 0, ed)); //constructeddata.AddObject(ed.ToAsn1Object()); constructeddata.Close(); var derdata = bs.ToArray(); var cms = new CmsEnvelopedData(derdata); So what I do is adding a top layer to the data. ed...
decrypt TLS 1.2 AES-GCM packet
java,ssl,encryption,bouncycastle,aes-gcm
GCM mode computes MAC from message, associated data and public nonce, you covered it very well. I think you are using wrong length, it should be plaintext length before encrypting and appending MAC. Try 45 - 8 (explicit nonce) - 16 (MAC) = 21....
Positioning digital signatures on pdfs using custom coordinates (using bouncy castle framework)
The OP clarified in a (meanwhile deleted) comment: I am asking for explanation of passing height width as parameter to getTop(),getLeft() etc functions. Its not being clear. Those methods are defined as: // Returns the lower left y-coordinate, considering a given margin. public float getBottom(final float margin) { return lly...
Working with bouncycastle provided by wildfly
java,x509certificate,bouncycastle,wildfly-8,pfx
I solved my question using only java 8 api, as the follow: Collection<?> altNames = certificate.getSubjectAlternativeNames(); for (Object i : altNames) { List<Object> item = (java.util.List) i; Integer type = (Integer) item.get(0); try { if (type > 0) { continue; } String[] arr = StringEscapeUtils.escapeHtml(new String((byte[]) item.get(1))).split(";"); return Arrays.asList(arr) .stream()...
How can I edit the list of cipher suite in Java using Bouncy Castle
java,ssl,cryptography,bouncycastle
How can I edit the list of cipher suite in Java using Bouncy Castle See Which Cipher Suites to enable for SSL Socket? and use SSLSocketFactoryEx. Its a drop-in replacement for Java's SSLSocketFactory If you don't want to use SSLSocketFactoryEx, then rip the code to find the intersection of...
Unable to get SignerCertificate from CMSSigned data
java,security,digital-signature,x509certificate,bouncycastle
You're missing to add the certificates to your signature data structure, this is probably why you're getting the signerInformation but you're not getting the certificates using Collection certs = certStore.getCertificates( s.getSID() );. To solve this add the certificates to your CMSSignedData using addCertificates() method: gen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) .build(sha1Signer,...
BouncyCastle: mac check in GCM failed
The issue had nothing to do with the class, but with how the ciphertext was being reading.
searchable row level encryption using java?
java,database,security,encryption,bouncycastle
One of the most important properties of good encryption is that similar plaintexts are encrypted into vastly different ciphertexts. Roughly half of the bits of two ciphertexts will match. This property makes it hard (impossible) to formulate any kind of query that looks for substrings through LIKE or determines whether...
Scala project won't compile with Bouncy Castle as dependency
java,scala,intellij-idea,compiler-errors,bouncycastle
I haven't been able to find the cause of the problem. However, I was able to work around it by adding Bouncy Castle as a Maven dependency in the Project Structure window. This fixed the issue and allowed me to use BC from Scala.
Recovering an ECPublicKey from JavaCard to Java
java,bouncycastle,javacard,apdu,elliptic-curve
The public key returned in JavaCard is formatted as follows: 04 x y. In the terminal side, first you must extract x and y coordinates. Then, KeyFactory kf = KeyFactory.getInstance("ECDSA", "BC"); ECPoint point = new ECPoint(x, y); ECParameterSpec domainparameters = new ECParameterSpec(...); // initialize your domain parameters ECPublicKeySpec spec =...
Bouncy Castle jar confusion?
1.50 or sometimes 150 is the latest release. The deprecation notes: Deprecated. use classes in org.bouncycastle.pkcs. If you take a close look you will see that this class was moved to a different package: PKCS10CertificationRequest You will need the following dependency to access that class: <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk15on</artifactId> <version>1.50</version> </dependency>...
Explore a bouncy castle store object
java,cryptography,bouncycastle
The first step to obtain allcertificate is to use a null selector ArrayList<X509CertificateHolder> listCertDatFirm = new ArrayList(store.getMatches(null)); Then you have a group of certificate; looping recoursively you can rebuild the correct chain....
How to import a signed SSL certificate using Bouncy Castle in C# (Mono/Xamarin)?
c#,ssl,mono,xamarin,bouncycastle
Bouncy Castle is a very powerful library, however the lack of documentation makes it quite difficult to work with. After searching for much too long through all of the classes and methods I finally found what I was looking for. The following code will take the previously generated private key,...
BouncyCastle PEMParser throws NoClassDefFound and VerifyError using GenyMotion Emulator
android,noclassdeffounderror,bouncycastle,genymotion,verifyerror
Disclaimer: I work for Genymotion It is not an Emulator issue here, but an Android one. Old Android versions (Gingerbread is now 4 years old) were shipped with really really old BouncyCastle implementations. see (https://code.google.com/p/android/issues/detail?id=3280) Your emulator is really trying to warn you that your code probably will NOT work...
bouncycastle fails NTRU generation
java,cryptography,digital-signature,bouncycastle,ntrusign
Currently, it's a bug, so there are two solutions: use another library - tbuktu's github project (bouncy-castle is using it with some modifications, as I see) download sources, catch the bug of this generation parameter, solve it and pack into library for a project ...
C# BouncyCastle - RSA Encryption with Public/Private keys
c#,encryption,cryptography,rsa,bouncycastle
I was using an incorrect Public Key.. and the test that proved the Private and Public keys matched was using the correct Public Key. The above code works perfectly as is, as long as you get the keys right!...
java.io.IOException: Wrong version of key store. using SpongyCastle
java,android,bouncycastle,spongycastle
i think it's in the line below: ks.load(cert,null); 'load' is used to load a KeyStore file. You're trying to load a certificate. The formats of these two are absolutely different and that's why you're getting an error....
Java NoClassDefFoundError with DexGuard and spongycastle
android,proguard,bouncycastle,spongycastle,dexguard
For completeness' sake: we've worked out by e-mail that the problem was caused by the option "minifyEnabled true" in build.gradle, which is incompatible with the DexGuard plugin. DexGuard of course already provides shrinking, optimization, and obfuscation. (I am the developer of ProGuard and DexGuard)...
class “org.bouncycastle.asn1.ASN1Primitive”'s signer information does not match signer information of other classes in the same package
Problem was related to the grails-doc plugin. I found this by running grails dependency-report this showed an old iText dependency in grails-doc. Excluding this in the BuildConfig worked fine. Basically this... How to exclude grails global dependency...
RSA encryption (modulus/exponent) gives “Message is larger than modulus”
java,encryption,cryptography,rsa,bouncycastle
byte[] input = new byte[] { (byte) 0xbe, (byte) 0xef , (byte) 0xef}; Cipher cipher = Cipher.getInstance("RSA"); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); String mod = "B390F7412F2554387597814A25BC11BFFD95DB2D1456F1B66CDF52BCC1D20C7FF24F3CCE7B2D66E143213F64247454782A377C79C74477A28AF6C317BE 68 BC 6E 8F F0 01 D3 75 F9 36 3B 5A 71 61 C2 DF BC 2E D0 85 06 97 A5 44...
What is a PGP Secret Key?
encryption,cryptography,bouncycastle,pgp,secret-key
Quoting RFC 4880, OpenPGP, 5.5.1.3. Secret-Key Packet: A Secret-Key packet contains all the information that is found in a Public-Key packet, including the public-key material, but also includes the secret-key material after all the public-key fields. and 11.2. Transferable Secret Keys: [...] The format of a transferable secret key is...
PEMParser hanging with no exception thrown [duplicate]
java,encryption,mule,bouncycastle,pem
I'm no expert, but what you are showing does not look like a key in PEM format. Compare with: http://www.herongyang.com/Cryptography/Certificate-Format-PEM-on-Certificates.html This may help: https://sycure.wordpress.com/2008/05/15/tips-using-openssl-to-extract-private-key-pem-file-from-pfx-personal-information-exchange/...
C# PCL HMACSHAX with BouncyCastle-PCL
c#,bouncycastle,portable-class-library
Try like this for HmacSha256 public class HmacSha256 { private readonly HMac _hmac; public HmacSha256(byte[] key) { _hmac = new HMac(new Sha256Digest()); _hmac.Init(new KeyParameter(key)); } public byte[] ComputeHash(byte[] value) { if (value == null) throw new ArgumentNullException("value"); byte[] resBuf = new byte[_hmac.GetMacSize()]; _hmac.BlockUpdate(value, 0, value.Length); _hmac.DoFinal(resBuf, 0); return resBuf; }...
BouncyCastle openssl cannot be resolved
In addition to the provider (a.k.a. bcprov) and lightweight API, you also need the PKIX API, which provides the openssl package. Either download bcpkix-jdk15on-150.jar from BC downloads page (direct link) and drop it in the same directory of bcprov or add it to your maven dependencies with its coordinates: <dependency>...
using bouncy castle to create public PGP key usable by Thunderbird
java,email,encryption,bouncycastle,pgp
I'll try to address these points one by one: Java bouncycastle keyring generation The Java code does work and produces a usable keyring pair. I have tested it with different emails and different pass codes with no problems. I have had a 3rd party send me an email using the...
RSA private Key decryption giving “InvalidCipherTextException” using bouncy castle
The modulus doesn't match between public key and private key. It should match. The private key modulus is probably smaller (assuming big endian notation and same length hex strings) and that is why you're getting this error message. Since the private key contains the modulus and public exponent components, you...
Provider-independent crypto in Java?
I think you are adding the static registration into the wrong file. Use security.policy instead of java.policy within the same folder. See: https://www.bouncycastle.org/wiki/display/JA1/Provider+Installation...
BouncyCastle SecurityException throws only when the *bcprov*.jar is packaged into the generated JAR
I will speculate a bit, based on your description and without any experimentation, but I hope that it will help you satisfy your curiosity. Java security providers that implement Cipher and some other services from javax.crypto must sign their code. If any of the signed BouncyCastle classes (or resources) were...
How to create a BCRSAPrivateCrtKey object using CRT parameters?
RSAPrivateCrtKeySpec prvkeySpec = new RSAPrivateCrtKeySpec( modulus, publicExponent, privateExponent, primeP, primeQ, primeExponentP, primeExponentQ, crtCoefficient); Security.addProvider(new org.bouncycastle.jce .provider.BouncyCastleProvider()); KeyFactory kfact = KeyFactory.getInstance("RSA", "BC"); BCRSAPrivateCrtKey prk = (BCRSAPrivateCrtKey) kfact .generatePrivate(prvkeySpec); ...
In what scenarios would I use non-default Java crypto providers?
java,encryption,cryptography,aes,bouncycastle
EJP makes a clear point when to use an external provider, but I'll expand the answer significantly here: if the functionality that you are looking for is not supplied by JCE; this can be because the algorithm - which can be a combination of cipher, mode and padding - is...
How to load public certificate from pem file..?
java,ssl,cryptography,bouncycastle,public-key
An X.509 certificate and an X509EncodedKeySpec are quite different structures, and trying to parse a cert as a key won't work. Java's X509EncodedKeySpec is actually X.509's SubjectPublicKeyInfo, which is a small part of a certificate. What you need to do is read and parse the cert and then extract the...
How to read DER DSA private key to AsymmetricKeyParameter in bouncy castle (Java)
The workaround solution I have finally used was to convert key to PEM format and use the following: @Cleanup FileReader privateKeyReader = new FileReader(new File("key.pem")); @Cleanup PEMParser parser = new PEMParser(privateKeyReader); PEMKeyPair keyPair = (PEMKeyPair) parser.readObject(); AsymmetricKeyParameter privateKey = PrivateKeyFactory .createKey(keyPair.getPrivateKeyInfo()); AsymmetricKeyParameter publicKey = PublicKeyFactory .createKey(keyPair.getPublicKeyInfo()); ...
EC private key recovery from PEM format with BouncyCastle
java,bouncycastle,privatekey,pem,elliptic-curve
The problem is not the PEMParser but JcaPEMKeyConverter which treats EC keys as keys for ECDSA: algorithms.put(X9ObjectIdentifiers.id_ecPublicKey, "ECDSA"); ... private KeyFactory getKeyFactory(AlgorithmIdentifier algId) throws NoSuchAlgorithmException, NoSuchProviderException { ASN1ObjectIdentifier algorithm = algId.getAlgorithm(); String algName = (String)algorithms.get(algorithm); ... The algorithm identifier is id-ecPublicKey, which is also used for ECDSA keys, so the...
How to validate Distinguish Name(DN) in Java?
java,bouncycastle,distinguishedname
If you use the following enum, you should be able to iterate every element possible for an X500Name or X509Name. public enum MyBCStyle { /** * country code - StringType(SIZE(2)) */ C(BCStyle.C), /** * organization - StringType(SIZE(1..64)) */ O(BCStyle.O ), /** * organizational unit name - StringType(SIZE(1..64)) */ OU(BCStyle.OU), /**...
Diffrence Between Android encryption and normal Java Applications (.jar) encryption
java,android,encryption,cross-platform,bouncycastle
You are using serialization, which will only work if your implementations are as good as identical. You should not use serialization, use RSAPublicKey.getEncoded() instead. This should return a more canonical representation of the key, which can be retrieved again using X509EncodedKeySpec and a KeyFactory for "RSA" keys.
Should elliptic curve for public key generation and signature computation be the same?
java,digital-signature,bouncycastle,ecdsa,gost3410
I'll answer in order: How detect curve used by Signature ecdsaSign = Signature.getInstance("SHA256withECDSA", "BC"); You can't because the public & private keys should contain the parameters, not the algorithm. However, only certain curve parameters will be supported by the underlying library. In the case of Bouncy Castle those are those...
PDFbox Exception - Exception in thread “main” java.lang.VerifyError
java,apache,bouncycastle,pdfbox,jce
Use version 1.44 of the Bouncy Castle libs, as mentioned here: https://pdfbox.apache.org/dependencies.html The Bouncy Castle libs are often not backwards compatible, that is why....
AES decryption with bouncy castle
java,encryption,cryptography,aes,bouncycastle
You are attempting to decode a lot of random bytes as UTF-8 encoded text. That won't work. Your cipher text becomes corrupted, because any byte sequences that don't form a valid UTF-8 encoding of a character will be replaced with the replacement character, 0+FFFD (�). Cipher text is not actually...
Bouncycastle - Native RSA vs. RSA
java,encryption,rsa,bouncycastle
Yes. NativeRSAEngine is implemented with a native library, while RSAEngine is written entirely in Java. As for which is faster, there is a comment on that NativeRSAEngine Javadoc that says this is much faster using jna-gmp.
winzipaes is slow to decrypt a 10 MB file on Android
java,android,encryption,aes,bouncycastle
Yes, there are ways to speed this up as the source code of winzipaes uses a rather inefficient way of decrypting: it decrypt each block by calculating the IV and initializing the cipher (for CTR mode decryption). This could mean that the key gets reinitialized too often. Furthermore, handling data...
Timestamp request with file hash already generated in client
java,hash,bouncycastle,trusted-timestamp
After hard testing, i have found the solution. The SHA-256 hash generated in javascript can be used directly in bouncyclaste after some type conversion as follows: byte[] decodedHex = Hex.decodeHex(digest.toCharArray()); so you can use it as a normal java.security.MessageDigest when they are both converted to byte[] full code here: //...
Error when verifying ECDSA signature in Java with BouncyCastle
java,bouncycastle,signature,ecdsa
The expected ECDSA signature format that the BC (and other provider) implementations work with is a DER-encoded ASN.1 sequence containing two integer values r and s. This signature format has been specified in ANSI X9.62. This is the format in the first set of data you give (note that signature...
Bouncy Castle: Creating CMS (a.k.a. PKCS7) certificate?
ssl,cryptography,ssl-certificate,bouncycastle,pkcs7
There is no such thing as a CMS certificate or PKCS#12 certificate. CMS is the cryptographic message syntax. It specifies a container format that may contain X5.09 compatible certificates of the signer. PKCS#12 is a container format for cryptographic objects, it is often used to store one or more certificate/private...
Is checking one randomly chosen digital signature is enough for verifying multiple signed file?
java,certificate,x509certificate,digital-signature,bouncycastle
You actually ask a number of questions. Thus, when I want to verify multiple signed file and provide info about signers can I make small optimization - extract info for all signatures but perform hash checking only in one randomly chosen signature? If you are sure (e.g. by organisational reasons)...
What encoding does [BouncyCastle] PKCS10CertificationRequest.getEncoded() return?
java,encoding,cryptography,bouncycastle
Well, despite the fact that someone has seen fit to down-vote the question, I'll post the answer here for posterity. At least for v1.52, org.bouncycastle.pkcs.PKCS10CertificationRequest#getEncoded() is implemented as: public byte[] More ...getEncoded() throws IOException { return certificationRequest.getEncoded(); } This calls org.bouncycastle.asn1.pkcs.CertificationRequest#getEncoded(), which results in the inherited method org.bouncycastle.asn1.ASN1Object#getEncoded(). This method...
Reading AES/GCM encoded data in chunks with BouncyCastle in Java
java,encryption,bouncycastle,aes-gcm
Block ciphers [ed: in Bouncy Castle] have an internal buffer that they keep updating, and only when they have enough data for a full block, will the decrypt occur, and a chunk of the decrypted data be returned. You can see this if you try and decrypt it 1 byte...
javax.crypto.BadPaddingException: pad block corrupted exception
java,encryption,cryptography,aes,bouncycastle
You cannot just treat ciphertext as characters. You will lose data if you do so. To convert ciphertext to a String you should use an codec - for instance base 64.
How to create public key from certificate
Here is a simple example showing one possible solution. using System; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; namespace ReadKeyFromCert { class MainClass { public static void Main (string[] args) { string base64X509Cert = @"-----BEGIN CERTIFICATE----- MIICnzCCAggCCQDbr9OvJHgzmDANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC RUUxETAPBgNVBAgMCEhhcmp1bWFhMRAwDgYDVQQHDAdUYWxsaW5uMREwDwYDVQQK DAhFZXRhc29mdDERMA8GA1UECwwIYmFua2xpbmsxFjAUBgNVBAMMDXBhbmdhbGlu...
Android AES-128 encryption/decryption of file is very slow. How can I increase the speed
android,encryption,cryptography,aes,bouncycastle
One thing that is making your code run slow is the size of your buffer: byte[] d = new byte[8]; You should bump it up by a few orders of magnitude if you want it to run fast. Given the size of your files I would suggest using at least...
X500Name to java.security.Principal
I recommend to use a bouncy castle class: org.bouncycastle.jce.X509Principal which implements java.security.Principal. In order to get org.bouncycastle.jce.X509Principal instance you can use the method: public static org.bouncycastle.jce.X509Principal getSubjectX509Principal( java.security.cert.X509Certificate cert) throws CertificateEncodingException of the class org.bouncycastle.jce.PrincipalUtil. I give you a sample: import java.io.FileInputStream; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate;...
Generating RSA public key from byte array
Solved this issue. The issue was because the BigInteger(byte[] array) constructor reads array in two's complement form. Because modulus byte array is not to be interpreted in two's complements form, using the above constructor can yield a negative integer. Therefore, using this constructor solves the problem BigInteger(int signum, byte[] array)....
When and why decorate OutputStream with ArmoredOutputStream when using BouncyCastle
java,encryption,bouncycastle,pgp,openpgp
ArmoedOutputStream uses an encoding similar to Base64, so that binary non-printable bytes are converted to something text friendly. You'd do this if you wanted to send the data over email, or post on a site, or some other text medium. It doesn't make a difference in terms of security. There...
AES with PKCS#5 padding
java,encryption,aes,bouncycastle,jce
The code is indeed using PKCS#7 instead. The reason that "PKCS5Padding" is specified is very likely due to compatibility with the older DES and 3DES ciphers. Note that PKCS#5 padding is exactly 8 bytes, not less. Bouncy Castle usually follows the Sun/Oracle providers for the sake of compatibilty, although you...
java.lang.IllegalArgumentException: string curve25519 not an OID bouncycastle 1.52
java,cryptography,bouncycastle,elliptic-curve,key-pair
You need to get curve parameters in X9.62 format and convert them to JCE format X9ECParameters ecP = CustomNamedCurves.getByName("curve25519"); ECParameterSpec ecSpec=new ECParameterSpec(ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed()); Then produce ECDSA key as normal Provider bcProvider = new BouncyCastleProvider(); KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", bcProvider); g.initialize(ecSpec, new SecureRandom()); KeyPair keyPair = g.generateKeyPair(); Assert.assertNotNull(keyPair);...
How to verify if the private key matches with the certificate..?
java,ssl,cryptography,bouncycastle
So, what's the problem with pairwise parameter checking? If certificate specifies public key of type “RSA”, then: Extract n, e from key file. Compare these values with those in certificate. If certificate specifies public key of type “DSA”, then: Extract p, q, g, y from key file. Compare these values...
Bouncy castle NTRU generation
java,encryption,cryptography,bouncycastle,ntruencrypt
Have your tried NTRUSigningKeyPairGenerator, and calling getEncoded() on the retrieved private key? NTRUSigningKeyPairGenerator ntruSigningKeyPairGenerator = new NTRUSigningKeyPairGenerator(); NTRUSigningKeyGenerationParameters ntruSigningKeyGenerationParameters = NTRUSigningKeyGenerationParameters.TEST157; ntruSigningKeyPairGenerator.init(ntruSigningKeyGenerationParameters); AsymmetricCipherKeyPair asymmetricCipherKeyPair = ntruSigningKeyPairGenerator.generateKeyPair(); NTRUSigningPrivateKeyParameters params =...