diff --git a/doc/CONTRIBUTORS.html b/doc/CONTRIBUTORS.html new file mode 100644 index 0000000..ba9ab62 --- /dev/null +++ b/doc/CONTRIBUTORS.html @@ -0,0 +1,569 @@ + + +The following organisations and people have contributed to the Bouncy Castle Cryptography Package. +

+Thanks, may your castles never deflate! +

+

+Donors +

+

+The following people and organisations donated financially to help with the release of Bouncy Castle: +
 
+AXL Software, Larry West (California), A-Sher (1.77). EduFer (1.72). Miguel, Rodolfo Hansen, and iterate GmbH (1.69). Encryptomatic.com (1.67). Denis Beurive, Ravi_02, and Manuel Corona (1.66). Christian Kahlo, Alexi Livshitz, and Denis Beurive (1.65). Joshua Hight (1.63). Bihari Babu (1.61). Jens Neuhalfen and perillamint (1.60). Brian Reid (1.59). Joop Kaashoek and Pexus LLC (1.57). DidiSoft, Cotiviti, Atanas Krachev, Encryptomatic LLC, LogicalAnswersIncSupporter (1.56). Digistamp, RAM NAG (1.55). Lobster GmbH (1.54). Sheba, Ishmal Bartley, and Li-Chang Johnny Lo (1.53). lecker@buetterchen.de, Charles Proxy, Gunny Mills, Morgan Le Douget, Ben Whitaker, and Emilio Navarrete Lineros (1.52). Gup & Boz @ Alki Seattle, Bytemine Gmbh, Ted Pennings, Atanas Krachev, PrimeKey Solutions AB, Martin Paljak, CorseraFri19980116, CPU Terminator, Lindsay Bradford, kares, Philius, and Aaron Anderson (1.51). +

+

+We also wish to acknowledge financial and collaborative support from CISCO and additional financial support from PrimeKey towards developing the EST API for RFC 7030 support. +

+

+Organisations +

+ +

+People +

+ + + diff --git a/doc/LICENSE.html b/doc/LICENSE.html new file mode 100644 index 0000000..c300d61 --- /dev/null +++ b/doc/LICENSE.html @@ -0,0 +1,22 @@ + + + +Copyright (c) 2000-2023 The Legion of the Bouncy Castle Inc. (https://www.bouncycastle.org) +

+Permission is hereby granted, free of charge, to any person obtaining a copy of this software +and associated documentation files (the "Software"), to deal in the Software without restriction, +including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: +

+The above copyright notice and this permission notice shall be included in all copies or substantial +portions of the Software. +

+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR +PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + + diff --git a/doc/index.html b/doc/index.html new file mode 100644 index 0000000..226cdc5 --- /dev/null +++ b/doc/index.html @@ -0,0 +1,110 @@ + + +The Bouncy Castle Crypto Package + + + + +

+

The Bouncy Castle Crypto Package

+ +
+
+ +
+The Bouncy Castle Crypto package is a Java implementation of +cryptographic algorithms, it was developed by the Legion of the +Bouncy Castle, a registered Australian Charity, with a little help! The Legion, and the latest +goings on with this package, can be found at +https://www.bouncycastle.org. +

+The Legion also gratefully acknowledges the contributions made to this +package by others (see here +for the current list). If you would like to contribute to our efforts please feel free to get in touch with us or visit our donations page, sponsor some specific work, or purchase a support contract through Crypto Workshop. +

+

+The package is organised so that it +contains a light-weight API suitable for use in any environment +(including the newly released J2ME) with the additional infrastructure +to conform the algorithms to the JCE framework. +

+

+Except where otherwise stated, this software is distributed under a license based on the MIT X Consortium license. To view the license, see here. The OpenPGP library also includes a modified BZIP2 library which is licensed under the Apache Software License, Version 2.0. +

+

+The current release notes for this package are +here. +

+

+The current specifications for this package are +here. +

+

+The current JavaDoc for the Bouncy Castle APIs can be found +here. +

+

+Additional documentation on use of the classes can also be found in the docs directory. +

+

Examples and Tests

+

+

To view some examples, look at the test programs in the packages: +

+

There are also some specific example programs for dealing with Attribute Certificates, PKCS12, SMIME and OpenPGP. They can be found in: +

+ +

Finally there are also code examples from Beginning Cryptography with Java which demonstrate both the use of the JCE/JCA and also some of the Bouncy Castle APIs.

+

+Note 1:The JCE classes are only distributed with the JDK 1.1, JDK 1.2, and JDK 1.3 JCE releases. The +JDK 1.0, J2ME, and the JDK 1.1, JDK 1.2, JDK 1.3, JDK 1.4, and JDK 1.5 lightweight releases only include the +Bouncy Castle lightweight cryptography API.
+Note 2:The regression test for Diffie-Hellman is quite slow. +

+The clean room JCE, which will compile with everything from JDK 1.1 and up is in the jce/src/main/java directory. +

+

+The build scripts that come with the full distribution allow creation of the different releases by using the tree under src and test/src, excluding classes that are not appropriate and copying in the required compatibility classes from the directories containing compatibility classes appropriate for the distribution. +

+

+If you want to try create a build for yourself, using your own environment, the best way to do it is to start with the build for the distribution you are interested in, make sure that builds, and then modify your build scripts to do the required exclusions and file copies for your setup, otherwise you are likely to get class not found exceptions. The final caveat to this is that as the j2me distribution includes some compatibility classes starting in the java package, you need to use an obfuscator to change the package names before attempting to import a midlet using the BC API. +

+

Mailing Lists

+

+For those who are interested, there are 2 mailing lists +for participation in this project. To subscribe use the +links below and include the word subscribe in the message body. (To unsubscribe, replace subscribe with +unsubscribe in the message body) +

+NOTE:You need to be subscribed to send mail to the above +mailing list. +

+If you want to provide feedback, directly to the members of The Legion then please use feedback-crypto@bouncycastle.org, if you want to help this project survive please consider donating or getting a support contract. +

+Enjoy! + + diff --git a/doc/releasenotes.html b/doc/releasenotes.html new file mode 100644 index 0000000..1b23f26 --- /dev/null +++ b/doc/releasenotes.html @@ -0,0 +1,2951 @@ + + +Bouncy Castle Crypto Package - Release Notes + + + + +

+

Bouncy Castle Crypto Package - Release Notes

+
+

1.0 Introduction

+

+The Bouncy Castle Crypto package is a Java implementation of +cryptographic algorithms. The package is organised so that it +contains a light-weight API suitable for use in any environment +(including the J2ME) with the additional infrastructure +to conform the algorithms to the JCE framework. +

+

2.0 Release History

+ +

2.1.1 Version

 +Release: 1.81
+Date:      2025, 4th June. +

2.1.2 Defects Fixed

+ +

2.1.3 Additional Features and Functionality

+ + +

2.2.1 Version

 +Release: 1.80
+Date:      2025, 14th January. +

2.2.2 Defects Fixed

+ +

2.2.3 Additional Features and Functionality

+ + +

2.3.1 Version

 +Release: 1.79
+Date:      2024, 30th October. +

2.3.2 Defects Fixed

+ +

2.3.3 Additional Features and Functionality

+ + +

2.4.1 Version

 +Release: 1.78.1
+Date:      2024, 18th April. +

2.4.2 Defects Fixed

+ + +

2.5.1 Version

 +Release: 1.78
+Date:      2024, 7th April. +

2.5.2 Defects Fixed

+ +

2.5.3 Additional Features and Functionality

+ +

2.5.4 Notes.

+ +

2.5.5 Security Advisories.

+

+Release 1.78 deals with the following CVEs: +

+ + +

2.6.1 Version

 +Release: 1.77
+Date:      2023, November 13th +

2.6.2 Defects Fixed

+ +

2.6.3 Additional Features and Functionality

+ +

2.6.4 Notes.

+ + +

2.7.1 Version

 +Release: 1.76
+Date:      2023, July 29th +

2.7.2 Defects Fixed

+ +

2.7.3 Additional Features and Functionality

+ + +

2.8.1 Version

 +Release: 1.75
+Date:      2023, June 21st +

2.8.2 Defects Fixed

+ +

2.8.3 Notes.

+ + +

2.9.1 Version

 +Release: 1.74
+Date:      2023, June 12th +

2.9.2 Defects Fixed

+ +

2.9.3 Additional Features and Functionality

+ +

2.9.4 Notes.

+ +

2.9.5 Security Advisories.

+ + +

2.10.1 Version

 +Release: 1.73
+Date:      2023, April 8th +

2.10.2 Defects Fixed

+ +

2.10.3 Additional Features and Functionality

+ +

2.10.4 Security Advisories.

+ +

2.10.5 Notes.

+ + +

2.11.1 Version

 +Release: 1.72.2, 1.72.3
+Date:      2022, November 20th +

2.11.2 Defects Fixed

+ + + +

2.12.1 Version

 +Release: 1.72.1
+Date:      2022, October 25th +

2.12.2 Defects Fixed

+ + +

2.13.1 Version

 +Release: 1.72
+Date:      2022, September 25th +

2.13.2 Defects Fixed

+ +

2.13.3 Additional Features and Functionality

+ +

2.13.4 Notes

+

+Keep in mind the PQC algorithms are still under development and we are still at least a year and a half away from published standards. This means the algorithms may still change so by all means experiment, but do not use the PQC algoritms for anything long term. +

+

+The legacy "Rainbow" and "McEliece" implementations have been removed from the BCPQC provider. The underlying classes are still present if required. Other legacy algorithm implementations can be found under the org.bouncycastle.pqc.legacy package. +

+

2.13.5 Security Notes

+

+The PQC SIKE algorithm is provided for research purposes only. It should now be regarded as broken. The SIKE implementation will be withdrawn in BC 1.73. +

+ +

2.14.1 Version

 +Release: 1.71
+Date:      2022, March 31st. +

2.14.2 Defects Fixed

+ +

2.14.3 Additional Features and Functionality

+ +

2.14.4 Notes

+ + +

2.15.1 Version

 +Release: 1.70
+Date:      2021, November 29th. +

2.15.2 Defects Fixed

+ +

2.15.3 Additional Features and Functionality

+ +

2.15.4 Notes.

+ + +

2.16.1 Version

 +Release: 1.69
+Date:      2021, June 7th. +

2.16.2 Defects Fixed

+ +

2.16.3 Additional Features and Functionality

+ +

2.16.4 Notes

+ + +

2.17.1 Version

 +Release: 1.68
+Date:      2020, December 21st. +

2.17.2 Defects Fixed

+ +

2.17.3 Additional Features and Functionality

+ + + +

2.18.1 Version

 +Release: 1.67
+Date:      2020, November 1st. +

2.18.2 Defects Fixed

+ +

2.18.3 Additional Features and Functionality

+ +

2.18.4 Security Advisory

+ + +

2.19.1 Version

 +Release: 1.66
+Date:      2020, July 4th. +

2.19.2 Defects Fixed

+ +

2.19.3 Additional Features and Functionality

+ +

2.19.4 Notes

+

+The qTESLA update breaks compatibility with previous versions. Private keys now include a hash of the public key at the end, and signatures are no longer interoperable with previous versions. +

+ +

2.20.1 Version

 +Release: 1.65
+Date:      2020, March 31st. +

2.20.2 Defects Fixed

+ +

2.20.3 Additional Features and Functionality

+ + +

2.21.1 Version

 +Release: 1.64
+Date:      2019, October 7th. +

2.21.2 Defects Fixed

+ +

2.21.3 Additional Features and Functionality

+ + +

2.21.4 Removed Features and Functionality

+ + +

2.21.5 Security Advisory

+ + +

2.22.1 Version

 +Release: 1.63
+Date:      2019, September 10th. +

2.22.2 Defects Fixed

+ + +

2.22.3 Additional Features and Functionality

+ + +

2.23.1 Version

 +Release: 1.62
+Date:      2019, June 3rd. +

2.23.2 Defects Fixed

+ +

2.23.3 Additional Features and Functionality

+ + +

2.24.1 Version

 +Release: 1.61
+Date:      2019, February 4th. +

2.24.2 Defects Fixed

+ +

2.24.3 Additional Features and Functionality

+ +

2.24.4 Removed Features and Functionality

+ + +

2.25.1 Version

 +Release: 1.60
+Date:      2018, June 30 +

2.25.2 Defects Fixed

+ +

2.25.3 Additional Features and Functionality

+ +

2.25.4 Security Related Changes and CVE's Addressed by this Release

+ + +

2.26.1 Version

 +Release: 1.59
+Date:      2017, December 28 +

2.26.2 Defects Fixed

+ +

2.26.3 Additional Features and Functionality

+ +

2.26.4 Security Related Changes and CVE's Addressed by this Release

+ + +

2.27.1 Version

 +Release: 1.58
+Date:      2017, August 18 +

2.27.2 Defects Fixed

+ +

2.27.3 Additional Features and Functionality

+ +

2.27.4 Removed Features and Functionality

+ + +

2.28.1 Version

 +Release: 1.57
+Date:      2017, May 11 +

2.28.2 Defects Fixed

+ +

2.28.3 Additional Features and Functionality

+ +

2.28.4 Security Related Changes

+ + +

2.29.1 Version

 +Release: 1.56
+Date:      2016, December 23 +

2.29.2 Defects Fixed

+ +

2.29.3 Additional Features and Functionality

+ +

2.29.4 Security Related Changes and CVE's Addressed by this Release

 + +

2.29.5 Security Advisory

+ + +

2.30.1 Version

 +Release: 1.55
+Date:      2016, August 18 +

2.30.2 Defects Fixed

+ +

2.30.3 Additional Features and Functionality

+ + +

2.31.1 Version

 +Release: 1.54
+Date:      2015, December 29 +

2.31.2 Defects Fixed

+ +

2.31.3 Additional Features and Functionality

+ +

2.31.4 Security Advisory

+ +

2.31.5 Notes

+

+If you have been using Serpent, you will need to either change to Tnepres, or take into account the fact that Serpent is now byte-swapped compared to what it was before. +

+ +

2.32.1 Version

 +Release: 1.53
+Date:      2015, October 10 +

2.32.2 Defects Fixed

+ +

2.32.3 Additional Features and Functionality

+ +

2.32.4 Notes

+

+It turns out there was a similar, but different, issue in Crypto++ to the BC issue with ECIES. Crypto++ 6.0 now offers a corrected version of ECIES which is compatible with that which is now in BC. +

+ +

2.33.1 Version

 +Release: 1.52
+Date:      2015, March 2 +

2.33.2 Defects Fixed

+ +

2.33.3 Additional Features and Functionality

+ +

2.33.4 Security Advisory

+ + +

2.34.1 Version

 +Release: 1.51
+Date:      2014, July 28 +

2.34.2 Defects Fixed

+ +

2.34.3 Additional Features and Functionality

+ +

2.34.4 Notes

+ + +

2.35.1 Version

 +Release: 1.50
+Date:      2013, December 3 +

2.35.2 Defects Fixed

+ +

2.35.3 Additional Features and Functionality

+ +

2.35.4 Notes

+ + +

2.36.1 Version

 +Release: 1.49
+Date:      2013, May 31 +

2.36.2 Defects Fixed

+ +

2.36.3 Additional Features and Functionality

+ +

2.36.4 Notes

+ + +

2.37.1 Version

 +Release: 1.48
+Date:      2013, February 10 +

2.37.2 Defects Fixed

+ +

2.37.3 Additional Features and Functionality

+ + +

2.38.1 Version

 +Release: 1.47
+Date:      2012, March 30 +

2.38.2 Defects Fixed

+ + +

2.38.3 Additional Features and Functionality

+ + +

2.38.4 Other notes

+

+Okay, so we have had to do another release. The issue we have run into is that we probably didn't go far enough in 1.46, but we are now confident that moving from this release to 2.0 should be largely just getting rid of deprecated methods. While this release does change a lot it is relatively straight forward to do a port and we have a porting guide which explains the important ones. The area there has been the most change in is the ASN.1 library which was in bad need of a rewrite after 10 years of patching. On the bright side the rewrite did allow us to eliminate a few problems and bugs in the ASN.1 library, so we have some hope anyone porting to it will also have similar benefits. As with 1.46 the other point of emphasis has been making sure interface support is available for operations across the major APIs, so the lightweight API or some local role your own methods can be used instead for doing encryption and signing. +

+ +

2.39.1 Version

 +Release: 1.46
+Date:      2011, February 23 +

2.39.2 Defects Fixed

+ +

2.39.3 Additional Features and Functionality

+ +

2.39.4 Other notes

+

+Baring security patches we expect 1.46 will be the last of the 1.* releases. The next release of +BC will be version 2.0. For this reason a lot of things in 1.46 that relate to CMS have been deprecated and +new methods have been added to the CMS and certificate handling APIs which provide greater flexibility +in how digest and signature algorithms get used. It is now possible to use the lightweight API or a simple +custom API with CMS and for certificate generation. In addition a lot of methods and some classes that were +deprecated for reasons of been confusing, or in some cases just plan wrong, have been removed. +

+

+So there are four things useful to know about this release: +

+

2.40.1 Version

 +Release: 1.45
+Date:      2010, January 12 +

2.40.2 Defects Fixed

+ +

2.40.3 Additional Features and Functionality

+ +

2.40.4 Security Advisory

+ + +

2.41.1 Version

 +Release: 1.44
+Date:      2009, October 9 +

2.41.2 Defects Fixed

+ +

2.41.3 Additional Features and Functionality

+ + +

2.42.1 Version

 +Release: 1.43
+Date:      2009, April 13 +

2.42.2 Defects Fixed

+ +

2.42.3 Security Advisory

+ + +

2.43.1 Version

 +Release: 1.42
+Date:      2009, March 16 +

2.43.2 Defects Fixed

+ +

2.43.3 Additional Features and Functionality

+ + +

2.44.1 Version

 +Release: 1.41
+Date:      2008, October 1 +

2.44.2 Defects Fixed

+ +

2.44.3 Additional Features and Functionality

+ + +

2.45.1 Version

 +Release: 1.40
+Date:      2008, July 12 +

2.45.2 Defects Fixed

+ +

2.45.3 Additional Features and Functionality

+ +

2.45.4 Additional Notes

+ + +

2.46.1 Version

 +Release: 1.39
+Date:      2008, March 29 +

2.46.2 Defects Fixed

+ +

2.46.3 Additional Features and Functionality

+ + +

2.47.1 Version

 +Release: 1.38
+Date:      2007, November 7 +

2.47.2 Defects Fixed

+ +

2.47.3 Additional Features and Functionality

+ +

2.48.1 Version

 +Release: 1.37
+Date:      2007, June 15 +

2.48.2 Defects Fixed

+ +

2.48.3 Additional Features and Functionality

+ + +

2.49.1 Version

 +Release: 1.36
+Date:      2007, March 16 +

2.49.2 Defects Fixed

+ +

2.49.3 Additional Features and Functionality

+ + +

2.50.1 Version

 +Release: 1.35
+Date:      2006, December 16 +

2.50.2 Defects Fixed

+ +

2.50.3 Additional Features and Functionality

+ + +

2.51.1 Version

 +Release: 1.34
+Date:      2006, October 2 +

2.51.2 Defects Fixed

+ +

2.51.3 Additional Features and Functionality

+ +

2.51.4 Security Advisory

+ + +

2.52.1 Version

 +Release: 1.33
+Date:      2006, May 3 +

2.52.2 Defects Fixed

+ +

2.52.3 Additional Features and Functionality

+ + +

2.53.1 Version

 +Release: 1.32
+Date:      2006, March 27 +

2.53.2 Defects Fixed

+ + +

2.53.3 Additional Features and Functionality

+ +

2.53.4 Possible compatibility issue

+ + +

2.54.1 Version

 +Release: 1.31
+Date:      2005, December 29 +

2.54.2 Defects Fixed

+ +

2.54.3 Additional Features and Functionality

+ + +

2.55.1 Version

 +Release: 1.30
+Date:      2005, September 18 +

2.55.2 Defects Fixed

+ +

2.55.3 Additional Features and Functionality

+ + +

2.56.1 Version

 +Release: 1.29
+Date:      2005, June 27 +

2.56.2 Defects Fixed

+ +

2.56.3 Additional Features and Functionality

+ +

2.56.4 Notes

+ + +

2.57.1 Version

 +Release: 1.28
+Date:      2005, April 20 +

2.57.2 Defects Fixed

+ +

2.57.3 Additional Features and Functionality

+ +

2.57.4 Notes

+ + +

2.58.1 Version

 +Release: 1.27
+Date:      2005, February 20 +

2.58.2 Defects Fixed

+ +

2.58.3 Additional Features and Functionality

+ +

2.58.4 Changes that may affect compatibility

+ + +

2.59.1 Version

 +Release: 1.26
+Date:      2005, January 15 +

2.59.2 Defects Fixed

+ +

2.59.3 Additional Features and Functionality

+ +

2.59.4 JDK 1.5 Changes

+ + +

2.60.1 Version

 +Release: 1.25
+Date:      2004, October 1 +

2.60.2 Defects Fixed

+ +

2.60.3 Additional Features and Functionality

+ + +

2.61.1 Version

 +Release: 1.24
+Date:      2004, June 12 +

2.61.2 Defects Fixed

+ +

2.61.3 Additional Features and Functionality

+ + +

2.62.1 Version

 +Release: 1.23
+Date:      2004, April 10 +

2.62.2 Defects Fixed

+ +

2.62.3 Additional Features and Functionality

+ + +

2.63.1 Version

 +Release: 1.22
+Date:      2004, February 7 +

2.63.2 Defects Fixed

+ +

2.63.3 Additional Features and Functionality

+ + +

2.64.1 Version

 +Release: 1.21
+Date:      2003, December 6 +

2.64.2 Defects Fixed

+ +

2.64.3 Additional Features and Functionality

+ + +

2.65.1 Version

 +Release: 1.20
+Date:      2003, October 8 +

2.65.2 Defects Fixed

+ +

2.65.3 Additional Features and Functionality

+ + +

2.66.1 Version

 +Release: 1.19
+Date:      2003, June 7 +

2.66.2 Defects Fixed

+ +

2.66.3 Additional Features and Functionality

+ + +

2.67.1 Version

 +Release: 1.18
+Date:      2003, February 8 +

2.67.2 Defects Fixed

+ +

2.67.3 Additional Features and Functionality

+ + +

2.68.1 Version

 +Release: 1.17
+Date:      2003, January 8 +

2.68.2 Defects Fixed

+ +

2.68.3 Additional Functionality and Features

+ + +

2.69.1 Version

 +Release: 1.16
+Date:      2002, November 30 +

2.69.2 Defects Fixed

+ +

2.69.3 Additional Functionality and Features

+ + +

2.70.1 Version

 +Release: 1.15
+Date:      2002, September 6 +

2.70.2 Defects Fixed

+ +

2.70.3 Additional Functionality and Features

+ + +

2.71.1 Version

 +Release: 1.14
+Date:      2002, June 17 +

2.71.2 Defects Fixed

+ +

2.71.3 Additional Functionality and Features

+ + +

2.72.1 Version

 +Release: 1.13
+Date:      2002, April 19 +

2.72.2 Defects Fixed

+ +

2.72.3 Additional Functionality and Features

+ + +

2.73.1 Version

 +Release: 1.12
+Date:      2002, February 8 +

2.73.2 Defects Fixed

+ +

2.73.3 Additional Functionality and Features

+ + +

2.74.1 Version

 +Release: 1.11
+Date:      2001, December 10 +

2.74.2 Defects Fixed

+ +

2.74.3 Additional Functionality and Features

+ +

2.74.4 Other changes

+ + +

2.75.1 Version

 +Release: 1.10
+Date:      2001, October 20 +

2.75.2 Defects Fixed

+ +

2.75.3 Additional Functionality and Features

+ + +

2.76.1 Version

 +Release: 1.09
+Date:      2001, October 6 +

2.76.2 Defects Fixed

+ +

2.76.3 Additional Functionality and Features

+ + +

2.77.1 Version

 +Release: 1.08
+Date:      2001, September 9 +

2.77.2 Defects Fixed

+ +

2.77.3 Additional Functionality and Features

+ + +

2.78.1 Version

 +Release: 1.07
+Date:      2001, July 9 +

2.78.2 Defects Fixed

+ + +

2.79.1 Version

 +Release: 1.06
+Date:      2001, July 2 +

2.79.2 Defects Fixed

+ +

2.79.3 Additional Functionality

+ + +

2.80.1 Version

 +Release: 1.05
+Date:      2001, April 17 +

2.80.2 Defects Fixed

+ +

2.80.3 Additional Functionality

+ +

2.80.4 Additional Notes

+

+Concerning the PKCS12 fix: in a few cases this may cause some backward +compatibility issues - if this happens to you, drop us a line at +feedback-crypto@bouncycastle.org +and we will help you get it sorted out. +

+

2.81.1 Version

 +Release: 1.04
+Date:      2001, March 11 +

2.81.2 Defects Fixed

+ + +

2.81.3 Additional Functionality

+ + +

2.82.1 Version

 +Release: 1.03
+Date:      2001, January 7 +

2.82.2 Defects Fixed

+ + +

2.83.1 Version

 +Release: 1.02
+Date:      2000, November 7 +

2.83.2 Defects Fixed

+ + +

2.84.1 Version

 +Release: 1.01
+Date:      2000, October 15 +

2.84.2 Defects Fixed

+ + + +

2.85.1 Version

 +Release: 1.00
+Date:      2000, October 13 +

2.85.2 Defects Fixed

+

+

+ +

2.85.3 Additional functionality

+

+

+ +

3.0 Notes

+

+The J2ME is only supported under Windows. +

+If you are trying to use the lightweight provider in a JDK 1.0 applet, you +need to change the package names for java.math.BigInteger, java.lang.IllegalStateException, and java.security.SecureRandom +

+The RSA test under JDK 1.0 and J2ME takes a while to run... + + diff --git a/doc/specifications.html b/doc/specifications.html new file mode 100644 index 0000000..6b7c989 --- /dev/null +++ b/doc/specifications.html @@ -0,0 +1,1189 @@ + + +Bouncy Castle Crypto Package + + + + +

+

Bouncy Castle Crypto Package

+ +
+
+ +
+

1.0 Introduction

+The Bouncy Castle Crypto package is a Java implementation of +cryptographic algorithms. The package is organised so that it +contains a light-weight API suitable for use in any environment +(including the newly released J2ME) with the additional infrastructure +to conform the algorithms to the JCE framework. +

+Except where otherwise stated, this software is distributed under a license +based on the MIT X +Consortium license. To view the license, see here. +The OpenPGP library also includes a modified BZIP2 library which +is licensed under the Apache Software License, Version 2.0. + +

+If you have the full package you will have six jar files, bcprov*.jar +which contains the BC provider, jce-*.jar which contains +the JCE provider, clean room API, and bcmail*.jar which contains the +mail API. +

+Note: if you are using JDK 1.0, you will just find a class hierarchy in +the classes directory. +

+To view examples, look at the test programs in the packages: +

+

+To verify the packages, run the following Java programs with the +appropriate classpath: +

+ + +

2.0 Patents

+

+Some of the algorithms in the Bouncy Castle APIs are patented in some +places. It is upon the user of the library to be aware of what the +legal situation is in their own situation, however we have been asked +to specifically mention the patents below, in the following terms, at +the request of the patent holder. +

+The BC distribution contains implementations of EC MQV as described in RFC 5753, "Use of ECC Algorithms in CMS". In line with the conditions in: +

+https://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf
+
+We state, where EC MQV has not otherwise been disabled or removed:
+ +"The use of this product or service is subject to the reasonable, non-discriminatory terms in the Intellectual Property Rights (IPR) Disclosures of Certicom Corp. at the IETF for Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) implemented in the product or service." +

+ +

3.0 System Properties

+The Bouncy Castle provider can make use of the following two system properties: + +

4.0 Specifications

+ + + +

5.0 Light-weight API

+ +

+This API has been specifically developed for those circumstances +where the rich API and integration requirements of the JCE are +not required. +

+However as a result, the light-weight API requires more effort +and understanding on the part of a developer to initialise and +utilise the algorithms. + +

5.1 Example

+ +

To utilise the light-weight API in a program, the fundamentals +are as follows; + +

+
+	/*
+	 * This will use a supplied key, and encrypt the data
+	 * This is the equivalent of DES/CBC/PKCS5Padding
+	 */
+	BlockCipher engine = new DESEngine();
+	BufferedBlockCipher cipher = new PaddedBlockCipher(new CBCCipher(engine));
+
+	byte[] key = keyString.getBytes();
+	byte[] input = inputString.getBytes();
+
+	cipher.init(true, new KeyParameter(key));
+
+	byte[] cipherText = new byte[cipher.getOutputSize(input.length)];
+	
+	int outputLen = cipher.processBytes(input, 0, input.length, cipherText, 0);
+	try
+	{
+		cipher.doFinal(cipherText, outputLen);
+	}
+	catch (CryptoException ce)
+	{
+		System.err.println(ce);
+		System.exit(1);
+	}
+
+
+ +

5.2 Algorithms

+ +

The light-weight API has built in support for the following: + +

Symmetric (Block)

+ +

+The base interface is BlockCipher and has the following +implementations which match the modes the block cipher can +be operated in. +

+ + + + + + + + + + + + + +
NameConstructorNotes
BufferedBlockCipherBlockCipher 
CBCBlockCipherBlockCipher 
CFBBlockCipherBlockCipher, block size (in bits) 
GCFBlockCipherBlockCipherGOST CFB mode with CryptoPro key meshing.
EAXBlockCipherBlockCipher 
OCBBlockCipherBlockCipher 
OFBBlockCipherBlockCipher, block size (in bits) 
SICBlockCipherBlockCipher, block size (in bits)Also known as CTR mode
KCTRBlockCipherBlockCipher, block size (in bits)DSTU7624 CTR mode
OpenPGPCFBBlockCipherBlockCipher 
GOFBBlockCipherBlockCipherGOST OFB mode
+ +

+The base interface for AEAD (Authenticated Encryption Associated Data) modes is AEADBlockCipher +and has the following implemenations. +

+ + + + + + + + + + +
NameConstructorNotes
CCMBlockCipherBlockCipherPacket mode - requires all data up front.
EAXBlockCipherBlockCipher 
CCMBlockCipherBlockCipherPacket mode - requires all data up front.
GCMBlockCipherBlockCipherPacket mode - NIST SP 800-38D.
GCMSIVBlockCipherBlockCipherPacket mode - RFC 8452.
KCCMBlockCipherBlockCipherDSTU 7624 Packet mode - requires all data up front.
OCBBlockCipherBlockCipher 
ChaCha20Poly1305AEADCipher 
+

+ +

+BufferedBlockCipher has a further sub-classes +

+ + + + + +
NameConstructorNotes
PaddedBufferedBlockCipherBlockCiphera buffered block cipher that can use padding - default PKCS5/7 padding
CTSBlockCipherBlockCipherCipher Text Stealing
NISTCTSBlockCipherBlockCipherCipher Text Stealing - NIST mode set.
+ +

The following paddings can be used with the PaddedBufferedBlockCipher. +

+ + + + + + + +
NameDescription
PKCS7PaddingPKCS7/PKCS5 padding
ISO10126d2PaddingISO 10126-2 padding
X932PaddingX9.23 padding
ISO7816d4PaddingISO 7816-4 padding (ISO 9797-1 scheme 2)
ZeroBytePaddingPad with Zeros (not recommended)
+ +

The following cipher engines are implemented that can be +used with the above modes. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameKeySizes (in bits) Block SizeNotes
AESEngine0 .. 256 128 bit 
AESWrapEngine0 .. 256 128 bitImplements FIPS AES key wrapping
AsconEngine128128 bitAEAD Cipher
BlowfishEngine0 .. 448 64 bit 
CamelliaEngine128, 192, 256128 bit 
CamelliaWrapEngine128, 192, 256128 bit 
CAST5Engine0 .. 128 64 bit 
CAST6Engine0 .. 256 128 bit 
DESEngine6464 bit 
DESedeEngine128, 19264 bit 
DESedeWrapEngine128, 19264 bitImplements Draft IETF DESede key wrapping
DSTU7624Engine128, 256, 512128/256/512 bitDSTU7624 Block Cipher
DSTU7624WrapEngine128, 256, 512128/256/512 bitDSTU7624 key wrapper
ElephantEngine128128 bitAEAD Cipher
GOST28147Engine25664 bitHas a range of S-boxes
GOST3412_2015Engine256128 bit 
IDEAEngine12864 bit 
ISAPEngine128128 bitAEAD Cipher
LEAEngine128128/192/256 bit 
NoekeonEngine128128 bit 
PhotonBeetleEngine128128 bitAEAD Cipher
RC2Engine0 .. 1024 64 bit 
RC532Engine0 .. 128 64 bitUses a 32 bit word
RC564Engine0 .. 128 128 bitUses a 64 bit word
RC6Engine0 .. 256 128 bit 
RijndaelEngine0 .. 256 128 bit, 160 bit, 192 bit, 224 bit, 256 bit 
SEEDEngine128128 bit 
SEEDWrapEngine128128 bit 
Shacal2Engine512256 bit 
SerpentEngine128, 192, 256 128 bit 
SkipjackEngine0 .. 128 64 bit 
SM4Engine128128 bit 
SparkleEngine128128 bitAEAD Cipher
TEAEngine12864 bit 
ThreefishEngine256/512/1024 256 bit/512 bit/1024 bitTweakable block cipher
TwofishEngine128, 192, 256 128 bit 
XoodyakEngine128128 bitAEAD Cipher
XTEAEngine12864 bit 
+ +

The following additional key wrapping algorithms are also available: RFC3211WrapEngine, RFC3394WrapEngine, and RFC5649WrapEngine.

+ +

Symmetric (Stream)

+ +

+The base interface is StreamCipher and has the following +implementations which match the modes the stream cipher can +be operated in. + +

+ + + +
NameConstructorNotes
BlockStreamCipherBlockCipher 
+

The following cipher engines are implemented that can be +used with the above modes. +

+ + + + + + + + + + + + + + + +
NameKeySizes (in bits) Notes
RC4Engine40 .. 2048 
HC128Engine128 
HC256Engine256 
ChaChaEngine128/25664 bit IV
Salsa20Engine128/25664 bit IV
XSalsa20Engine256192 bit IV
ISAACEngine32 .. 8192 
VMPCEngine8 .. 6144 
Grainv1Engine8064 bit IV
Grain128Engine12896 bit IV
Zuc128Engine128128 bit IV
Zuc256Engine256200 bit IV
+ +

Block Asymmetric

+ +

+The base interface is AsymmetricBlockCipher and has the following +implementations which match the modes the cipher can be operated in. +

+

+ + + + + + +
NameConstructorNotes
BufferedAsymmetricBlockCipherAsymmetricBlockCipher 
OAEPEncodingAsymmetricBlockCipher 
PKCS1EncodingAsymmetricBlockCipher 
ISO9796d1EncodingAsymmetricBlockCipherISO9796-1
+ +

The following cipher engines are implemented that can be +used with the above modes. +

+ + + + + +
NameKeySizes (in bits)Notes
RSAEngineany multiple of 8 large enough for the encoding. 
ElGamalEngineany multiple of 8 large enough for the encoding. 
NTRUEngineany multiple of 8 large enough for the encoding. 
+

The following asymmetric ciphers are also supported and allow variable block sizes: +

+

+ +

Digest

+ +

+The base interface is Digest and has the following +implementations +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameOutput (in bits)Notes
AsconDigest256
AsconXofXOF
Blake2bDigest224, 256, 384, 512
Blake3Digest224, 256, 384, 512
CSHAKEDigestXOFSP 800-185, based on SHAKE128/SHAKE256
DSTU7564Digest256, 384, 512
ISAPDigest256
KangarooXOFBuilt on Keccak-p
KeccakDigest224, 256, 288, 384, 512
MD2Digest128 
MD4Digest128 
MD5Digest128 
ParallelHashXOFXOF based on cSHAKE (SP 800-185).
PhotonBeetleDigest256
RipeMD128Digest128basic RipeMD
RipeMD160Digest160enhanced version of RipeMD
RipeMD256Digest256expanded version of RipeMD128
RipeMD320Digest320expanded version of RipeMD160
SHA1Digest160 
SHA224Digest224FIPS 180-2
SHA256Digest256FIPS 180-2
SHA384Digest384FIPS 180-2
SHA512Digest512FIPS 180-2
SHA3Digest224, 256, 384, 512
SHAKEDigest128, 256cSHAKE primitive also supported.
SkeinDigestany byte length256 bit, 512 bit and 1024 state sizes. Additional parameterisation using SkeinParameters.
SM3Digest256The SM3 Digest.
SparkleDigest256
TigerDigest192The Tiger Digest.
TupleHashXOFXOF based on cSHAKE (SP 800-185).
GOST3411Digest256The GOST-3411 Digest.
GOST3411_2012_256Digest256The GOST-3411-2012-256 Digest.
GOST3411_2012_512Digest512The GOST-3411-2012-512 Digest.
WhirlpoolDigest512The Whirlpool Digest.
Haraka256Digest256Haraka V2 - 256 bit input version.
Haraka512Digest256Haraka V2 - 512 bit input version.
XoodyakDigest256
+ +

MAC

+ +

+The base interface is Mac and has the following +implementations +

+ + + + + + + + + + + + + + + + + + +
NameOutput (in bits)Notes
CBCBlockCipherMacblocksize/2 unless specified 
CFBBlockCipherMacblocksize/2, in CFB 8 mode, unless specified 
CMac24 to cipher block size bitsUsable with block ciphers, NIST SP 800-38B.
GMac32 to 128 bitsUsable with GCM mode ciphers, defined for AES, NIST SP 800-38D.
GOST28147Mac32 bits 
ISO9797Alg3Macmultiple of 8 bits up to underlying cipher size. 
HMacdigest length 
DSTU7564256, 384, 512 bits 
DSTU7624128, 256, 512 bits 
Poly1305128 bitsUsable with 128 bit block ciphers. Use Poly1305KeyGenerator to generate keys.
SkeinMacany byte length256 bit, 512 bit and 1024 state size variants. Additional parameterisation using SkeinParameters.
SipHash64 bits 
SipHash128128 bits 
VMPCMac160 bits 
Zuc128Mac32 bits 
Zuc256Mac32, 64, 128 bits 
+ +

PBE and Password Hashing

+ +

+The base class is PBEParametersGenerator and has the following +sub-classes +

+ + + + + + +
NameConstructorNotes
PKCS5S1ParametersGeneratorDigest 
PKCS5S2ParametersGenerator Uses SHA1/Hmac as defined
PKCS12ParametersGeneratorDigest 
OpenSSLPBEParametersGenerator Uses MD5 as defined
+

+The following password hashing schemes are supported: +

+ + + + + + +
NameConstructorNotes
Argon2  
BCrypt  
OpenBSDBcyrpt  
SCrypt  
+ +

IESCipher

+

+The IES cipher is based on the one described in IEEE P1363a (draft 10), for +use with either traditional Diffie-Hellman or Elliptic Curve Diffie-Hellman. +

+Note: At the moment this is still a draft, don't use it for anything +that may be subject to long term storage, the key values produced may well +change as the draft is finalised. +

+ +

Commitments

+

+The base class is Committer and has the following +sub-classes +

+ + + +
NameNotes
HashCommitterHash commitment algorithm described in Usenix RPC MixNet Paper (2002)
+ +

Key Agreement

+

+Two versions of Diffie-Hellman key agreement are supported, the basic +version, and one for use with long term public keys. Two versions of +key agreement using Elliptic Curve cryptography are also supported, +standard Diffie-Hellman key agreement and standard key agreement with +co-factors. +

+

+The agreement APIs are in the org.bouncycastle.crypto.agreement package. +Classes for generating Diffie-Hellman parameters can be found in the +org.bouncycastle.crypto.params and org.bouncycastle.crypto.generators packages. +

+ +

Key Encapsulation Mechanisms

+

+The first non-post-quantum set use the EncapsulatedSecretGenerator and EncapsulatedSecretGenerator interfaces. +

+ + + + + + + + +
NameNotes
RSARSA-KEM from ISO 18033-2, implemented in RSAKEMExtractor and RSAKEMGenerator
ECIESECIES-KEM from ISO 18033-2, implemented in ECIESKEMExtractor and ECIESKEMGenerator
+

+The second, post-quantum set use EncapsulatedSecretGenerator and EncapsulatedSecretGenerator. +

+ + + + + + + + + + + + + +
NameSecurity Strength (in bits)ImplementationsNotes
BIKE128-256.BIKEKEMGenerator, BIKEKEMExtractorRound 4
Classic McEliece128-256.CMCEKEMGenerator, CMCEKEMExtractorRound 4
FrodoKEM128-256.FrodoKEMGenerator, FrodoKEMExtractor
HQC128-256.HQCKEMGenerator, HQCKEMExtractorRound 4
ML-KEM128-256.MLKEMGenerator, MLKEMExtractorFinalist
NTRU128-256.NTRUKEMGenerator, NTRUKEMExtractor
NTRU Prime128-256.NTRULPRimeKEMGenerator, NTRULPRimeKEMExtractor
SNTRUPrimeKEMGenerator, SNTRUPrimeKEMExtractor
SABER128-256.SABERKEMGenerator, SABERKEMExtractor
+ +

+ +

Signers

+

+DSA, ECDSA, ISO-9796-2, GOST-3410-94, GOST-3410-2001, GOST-3410-2012, DSTU-4145-2002, and RSA-PSS are supported by the org.bouncycastle.crypto.signers +package. Note: as these are light weight classes, if you need to use SHA1 or GOST-3411 +(as defined in the relevant standards) you'll also need to make use of the appropriate +digest class in conjunction with these. +Classes for generating DSA and ECDSA parameters can be found in the +org.bouncycastle.crypto.params and org.bouncycastle.crypto.generators packages. +

+ +

5.4 Elliptic Curve Transforms.

+ +

+The org.bouncycastle.crypto.ec package contains implementations for a variety of EC cryptographic transforms such as EC ElGamal. +

+ +

5.5 TLS/DTLS

+ +

+The org.bouncycastle.crypto.tls package contains implementations for TLS 1.1, 1.2 and DTLS 1.0, 1.2. +

+ +

5.6 Deterministic Random Bit Generators (DRBG) and SecureRandom wrappers

+ +

+The org.bouncycastle.crypto.prng package contains implementations for a variety of bit generators including those from SP 800-90A and X9.31, as well as builders for SecureRandom objects based around them. +

+

5.7 ASN.1 package

+ +

The light-weight API has direct interfaces into a package capable of +reading and writing DER-encoded ASN.1 objects and for the generation +of X.509 V3 certificate objects and PKCS12 files. BER InputStream and +OutputStream classes are provided as well. + +

6.0 Bouncy Castle Provider

+ +

The Bouncy Castle provider is a JCE compliant provider that +is a wrapper built on top of the light-weight API. The main provider is referred to with the name "BC", the post quantum provider is indicated by "BCPQC".

+

+The advantage for writing application code that uses the +provider interface to cryptographic algorithms is that the +actual provider used can be selected at run time. This +is extremely valuable for applications that may wish to +make use of a provider that has underlying hardware for +cryptographic computation, or where an application may have +been developed in an environment with cryptographic export +controls. +

+ +

6.1 Example

+ +

To utilise the JCE provider in a program, the fundamentals +are as follows; + +

+
+	/*
+	 * This will generate a random key, and encrypt the data
+	 */
+	Key		key;
+	KeyGenerator	keyGen;
+	Cipher		encrypt;
+
+	Security.addProvider(new BouncyCastleProvider());
+
+	try
+	{
+		// "BC" is the name of the BouncyCastle provider
+		keyGen = KeyGenerator.getInstance("DES", "BC");
+		keyGen.init(new SecureRandom());
+
+		key = keyGen.generateKey();
+
+		encrypt = Cipher.getInstance("DES/CBC/PKCS5Padding", "BC");
+	}
+	catch (Exception e)
+	{
+		System.err.println(e);
+		System.exit(1);
+	}
+
+	encrypt.init(Cipher.ENCRYPT_MODE, key);
+
+	bOut = new ByteArrayOutputStream();
+	cOut = new CipherOutputStream(bOut, encrypt);
+
+	cOut.write("plaintext".getBytes());
+	cOut.close();
+
+	// bOut now contains the cipher text
+
+
+

+The provider can also be configured as part of your environment via static registration +by adding an entry to the java.security properties file (found in $JAVA_HOME/jre/lib/security/java.security, where $JAVA_HOME is the location of your JDK/JRE distribution). You'll find detailed +instructions in the file but basically it comes down to adding a line: +

+
+    security.provider.<n>=org.bouncycastle.jce.provider.BouncyCastleProvider
+
+
+

Where <n> is the preference you want the provider at (1 being the most prefered). +

Where you put the jar is up to mostly up to you, although with jdk1.3 and +jdk1.4 the best (and in some cases only) place to have it is in $JAVA_HOME/jre/lib/ext. Note: under Windows there will normally be a JRE and a JDK install of Java if you think you have installed it correctly and it still doesn't work chances are you have added the provider to the installation not being used. +

+Note: with JDK 1.4 and later you will need to have installed the unrestricted policy +files to take full advantage of the provider. If you do not install the policy files you are likely +to get something like the following: + +

+        java.lang.SecurityException: Unsupported keysize or algorithm parameters
+                at javax.crypto.Cipher.init(DashoA6275)
+
+ +The policy files can be found at the same place you downloaded the JDK. +

+

6.2 Algorithms

+ +

Symmetric (Block)

+ +

Modes: +

+ +

+Where (n) is a multiple of 8 that gives the blocksize in bits, +eg, OFB8. Note that OFB and CFB mode can be used with plain text that +is not an exact multiple of the block size if NoPadding has been specified. +

+All AEAD (Authenticated Encryption Associated Data) modes support +Additional Authentication Data (AAD) using the Cipher.updateAAD() +methods added in Java SE 7.
+On Java 7 and later, AEAD modes will throw javax.crypto.AEADBadTagException on an authentication failure. +On earlier version of Java, javax.crypto.BadPaddingException is thrown. +

+ + +Padding Schemes: +

+ +

+When placed together this gives a specification for an algorithm +as; +

+ +

+Note: default key sizes are in bold. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameKeySizes (in bits) Block SizeNotes
AES0 .. 256 (192)128 bit 
AESWrap0 .. 256 (192)128 bitA FIPS AES key wrapper
ARIA0 .. 256 (192)128 bit 
ARIAWrap0 .. 256 (192)128 bitAn ARIA key wrapper (based on RFC 5649)
Blowfish0 .. 448 (448)64 bit 
Camellia128, 192, 256128 bit 
CamelliaWrap128, 192, 256128 bit 
CAST50 .. 128(128)64 bit 
CAST60 .. 256(256)128 bit 
DES6464 bit 
DESede128, 19264 bit 
DESedeWrap128, 192128 bitA Draft IETF DESede key wrapper
DSTU7624128, 256, 512128/256/512 bitDSTU7624 Block Cipher
DSTU7624Wrap128, 256, 512128/256/512 bitDSTU7624 key wrapper
GCM128, 192, 256(192)AEAD Mode CipherGalois/Counter Mode, as defined in NIST Special Publication SP 800-38D.
GOST2814725664 bit 
IDEA128 (128)64 bit 
Noekeon128(128)128 bit 
RC20 .. 1024 (128)64 bit 
RC50 .. 128 (128)64 bitUses a 32 bit word
RC5-640 .. 256 (256)128 bitUses a 64 bit word
RC60 .. 256 (128)128 bit 
Rijndael0 .. 256 (192)128 bit 
SEED128(128)128 bit 
SEEDWrap128(128)128 bit 
Serpent128, 192, 256 (256)128 bit 
Skipjack0 .. 128 (128)64 bit 
SM4128(128)128 bit 
TEA128 (128)64 bit 
Threefish-256256256 bit 
Threefish-512512512 bit 
Threefish-102410241024 bit 
Twofish128, 192, 256 (256)128 bit 
XTEA128 (128)64 bit 
+ +

Symmetric (Stream)

+ +

+Note: default key sizes are in bold. +

+ + + + + + + + + + + + + + +
NameKeySizes (in bits)Notes
RC440 .. 2048 bits (128) 
HC128(128) 
HC256(256) 
ChaCha128/25664 bit IV
Salsa20128/25664 bit IV
XSalsa20256182 bit IV
VMPC128/6144(128) 
Grainv18064 bit IV
Grain12812896 bit IV
Grain128AEAD12896 bit IV
Zuc128128128 bit IV
Zuc256256200 bit IV
+ +

Block Asymmetric

+ +

Encoding: +

+

Note: except as indicated in PKCS 1v2 we recommend you use OAEP, as +mandated in X9.44. + +

+When placed together with RSA this gives a specification for an algorithm +as; +

+ + + + + +
NameKeySizes (in bits)Notes
RSAany multiple of 8 bits large enough for the encryption(2048) 
ElGamalany multiple of 8 bits large enough for the encryption(1024) 
+ +

Key Agreement

+ +

+Diffie-Hellman key agreement is supported using the "DH", "DHU" (Diffie-Hellman Unified", "ECDH", +"ECCDH" (EC Cofactor DH), "ECKAEG" (BSI EC KAEG key agreement"), "ECMQV" and "ECCDHU" (EC Cofactor DH Unified) key agreement instances and their variations. Key exchange, which also uses the KeyAgreement API is supported by "NH" (the NewHope algorithm (BCPQC)). SM2 key exchange is currently supported in the lightweight API. +

+

+Support is provided for the standard SEC algorithm set for EC. Names appear +in the form of [Agreement]with[KDF PRF Digest][KDF type]. For example: +

+

+Note: with basic "DH" only the basic algorithm fits in with the JCE API, if +you're using long-term public keys you may want to look at the light-weight +API, there are also additional JCE support classes for UserKeyingMaterial and MQVParameters in the org.bouncycastle.jcajce.spec package. +

+

Key Encapsulation Mechanisms

+ + + + + + + + + + +
NameParameterSpec ClassNotes
CMCECMCEParameterSpecClass McEliece (NIST Alternate Candidate)
FrodoFrodoParameterSpecFrodoKEM (NIST Alternate Candidate)
SABERSABERParameterSpecSABER (NIST Finalist)
+

+If used for key wrapping via the Cipher class, you will also need to make use of the KEMParameterSpec class to specify a symmetric wrapping algorithm. +

+

+If access to the shared secret is required, KeyGenerator implementations can also be used in conjuction with the KEMGenerateSpec and the KEMExtractSpec which return the shared secret directly. +

+

ECIES

+

+An implementation of ECIES (stream mode) as described in IEEE P 1363a. This now based more formally on Victor Shoup's paper and should be compatible with the implementation in Crypto++ (version 6 onwards). +

+

Digest

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameOutput (in bits)Notes
Blake2b-160160 
Blake2b-256256 
Blake2b-384384 
Blake2b-512512 
Blake2s-128128 
Blake2s-160160 
Blake2s-224224 
Blake2s-256256 
Blake3-256256 
DSTU7564-256256 
DSTU7564-384384 
DSTU7564-512512 
GOST3411256 
GOST3411-2012-256256 
GOST3411-2012-512512 
Haraka-256256 
Haraka-512256 
Keccak-224224 
Keccak-288288 
Keccak-256256 
Keccak-384384 
Keccak-512512 
MD2128 
MD4128 
MD5128 
RipeMD128128basic RipeMD
RipeMD160160enhanced version of RipeMD
RipeMD256256expanded version of RipeMD128
RipeMD320320expanded version of RipeMD160
SHA1160 
SHA-224224FIPS 180-2
SHA-256256FIPS 180-2
SHA-384384FIPS 180-2
SHA-512512FIPS 180-2
SHA3-224224FIPS 202
SHA3-256256FIPS 202
SHA3-384384FIPS 202
SHA3-512512FIPS 202
Skein-256-*128, 160, 224, 256e.g. Skein-256-160
Skein-512-*128, 160, 224, 256, 384, 512e.g. Skein-512-256
Skein-1024-*384, 512, 1024e.g. Skein-1024-1024
SM3256 
Tiger192 
Whirlpool512 
+

+ +

MAC

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameOutput (in bits)Notes
Any MAC based on a block cipher, CBC (the default) and CFB modes.half the cipher's block size (usually 32 bits) 
*-GMAC32 to 128 bitsUsable with GCM mode ciphers, defined for AES, NIST SP 800-38D. e.g. AES-GMAC.
VMPC-MAC128 
HMac-GOST3411256 
HMac-GOST3411-2012-256256 
HMac-GOST3411-2012-512512 
HMac-KECCAK224224 
HMac-KECCAK256256 
HMac-KECCAK288288 
HMac-KECCAK384384 
HMac-KECCAK512512 
HMac-MD2128 
HMac-MD4128 
HMac-MD5128 
HMac-RipeMD128128 
HMac-RipeMD160160 
HMac-SHA1160 
HMac-SHA224224 
HMac-SHA256256 
HMac-SHA384384 
HMac-SHA512512 
HMac-SHA3-224224 
HMac-SHA3-256256 
HMac-SHA3-384384 
HMac-SHA3-512512 
HMAC-Skein-256-*128, 160, 224, 256e.g. HMAC-Skein-256-160
HMAC-Skein-512-*128, 160, 224, 256, 384, 512e.g. HMAC-Skein-512-256
HMAC-Skein-1024-*384, 512, 1024e.g. HMAC-Skein-1024-1024
Siphash-2-4 (SipHash)64
Siphash-4-864
Siphash128-2-4 (SipHash128)128
Skein-MAC-256-*128, 160, 224, 256e.g. Skein-MAC-256-160
Skein-MAC-512-*128, 160, 224, 256, 384, 512e.g. Skein-MAC-512-256
Skein-MAC-1024-*384, 512, 1024e.g. Skein-MAC-1024-1024
HMac-Tiger192 
Poly1305-*128Defined for recent 128 bit block ciphers, e.g. Poly1305-AES, Poly1305-Serpent
ZUC-12832
ZUC-256-3232
ZUC-256-6464
ZUC-256-128128
+ +

Examples: +

+ + +

Signature Algorithms

+ +

Schemes: +

+ +

Password Hashing and PBE

+ +

Schemes: +

+ +

+Defined in Bouncy Castle JCE Provider + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameKey Generation SchemeKey Length (in bits)Char to Byte conversion
PBEWithMD2AndDESPKCS5 Scheme 1648 bit chars
PBEWithMD2AndRC2PKCS5 Scheme 11288 bit chars
PBEWithMD5AndDESPKCS5 Scheme 1648 bit chars
PBEWithMD5AndRC2PKCS5 Scheme 11288 bit chars
PBEWithSHA1AndDESPKCS5 Scheme 1648 bit chars
PBEWithSHA1AndRC2PKCS5 Scheme 11288 bit chars
PBKDF2WithHmacSHA1PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacSHA1AndUTF8PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacSHA1And8bitPKCS5 Scheme 2variable8 bit chars
PBKDF2WithHmacSHA224PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacSHA256PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacSHA384PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacSHA512PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacSHA3-224PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacSHA3-256PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacSHA3-384PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacSHA3-512PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacGOST3411PKCS5 Scheme 2variableUTF-8 chars
PBKDF2WithHmacSM3PKCS5 Scheme 2variableUTF-8 chars
PBEWithSHAAnd2-KeyTripleDES-CBCPKCS1212816 bit chars
PBEWithSHAAnd3-KeyTripleDES-CBCPKCS1219216 bit chars
PBEWithSHAAnd128BitRC2-CBCPKCS1212816 bit chars
PBEWithSHAAnd40BitRC2-CBCPKCS124016 bit chars
PBEWithSHAAnd128BitRC4PKCS1212816 bit chars
PBEWithSHAAnd40BitRC4PKCS124016 bit chars
PBEWithSHAAndTwofish-CBCPKCS1225616 bit chars
PBEWithSHAAndIDEA-CBCPKCS1212816 bit chars
+ +

6.3 Certificates

+

+The Bouncy Castle provider will read X.509 certficates (v2 or v3) as per the examples in +the java.security.cert.CertificateFactory class. They can be provided either +in the normal PEM encoded format, or as DER binaries. +

+The CertificateFactory will also read X.509 CRLs (v2) from either PEM or DER encodings. +

+In addition to the classes in the org.bouncycastle.asn1.x509 package for certificate, CRLs, and OCSP, CRMF, and CMP message +generation a more JCE "friendly" class is provided in the package org.bouncycastle.cert. The JCE "friendly" classes found in the jcajce + subpackages support RSA, DSA, GOST, DTSU, and EC-DSA. +

+

6.4 Keystore

+

+The Bouncy Castle package has four implementation of a keystore. +

+The first "BKS" is a keystore that will work with the keytool in the same +fashion as the Sun "JKS" keystore. The keystore is resistent to tampering +but not inspection. +

+The second, Keystore.BouncyCastle, or Keystore.UBER will only work with the keytool +if the password is provided on the command line, as the entire keystore +is encrypted +with a PBE based on SHA1 and Twofish. PBEWithSHAAndTwofish-CBC. +This makes the entire keystore resistant to tampering and inspection, +and forces verification. +The Sun JDK provided keytool will attempt to load a keystore even if no +password is given, +this is impossible for this version. (One might wonder about going to all +this trouble and then having the password on the command line! New keytool +anyone?). +

+In the first case, the keys are encrypted with 3-Key-TripleDES. +

+The third is a PKCS12 compatible keystore. PKCS12 provides a slightly +different situation from the regular key store, the keystore password is +currently the only password used for storing keys. Otherwise it supports +all the functionality required for it to be used with the keytool. In some +situations other libraries always expect to be dealing with Sun certificates, +if this is the case use PKCS12-DEF, and the certificates produced by the +key store will be made using the default provider. In the default case PKCS12 uses 3DES for key protection and 40 bit RC2 for protecting the certificates. It is also possible to use 3DES for both by using PKCS12-3DES-3DES or PKCS12-DEF-3DES-3DES as the KeyStore type. +

+There is an example program that produces PKCS12 files suitable for +loading into browsers. It is in the package +org.bouncycastle.jce.examples. +

+The fourth is the BCFKS key store which is a FIPS compliant key store which is also designed for general key storage and based on ASN.1. This key store type is encrypted and supports the use of SCRYPT and the storage of some symmetric key types. +

+

6.5 Additional support classes for Elliptic Curve.

+

+There are no classes for supporting EC in the JDK prior to JDK 1.5. If you are using +an earlier JDK you can find classes for using EC in the following +packages: +

+ +

7.0 BouncyCastle S/MIME

+ +To be able to fully compile and utilise the BouncyCastle S/MIME +package (including the test classes) you need the jar files for +the following APIs. + + +

7.1 Setting up BouncyCastle S/MIME in JavaMail

+ +The BouncyCastle S/MIME handlers may be set in JavaMail two ways. + + + +