The Bouncy Castle Crypto APIs is a set of implementations of cryptographic concepts and algorithms. Bouncy Castle APIs are developed in both Java and C#. These APIs can be freely downloaded from the Bouncy Castle home page.
Let us have a glance at some of the important type of implementations and algorithms provided by BC APIs -
Digests
Digests are the hash values which are generated after applying a hash algorithm on message. Digests are also known as Hash Value, fingerprints, checksums, etc.
Bouncy castle APIs provide us, implementation of following hash algorithms –
X509 is a standard, which specifies the standard format for public key certificates, Certificate revocation list and attribute certificates. Bouncy Castle APIs include the implementation for generators, parsers for Version1 and Version3 certificates, Version 2 CRLs and attribute certificates.
It provides the classes for X509 formats, also, e.g. PEM, p12, pfx etc.
Following are some of the important X509 related classes, provided by Bouncy Castle –
There are many instances when data should be encrypted by the passphrase or password provided by the user. This secret password selected by the user acts like the encryption key. This is unlike the situation in which the keys are generated by the system itself. However, there are steps to be followed for generating or deriving the key from the password selected by the user.
Signature are applied to digital data to verify that the data is not tampered during transmission and also, that the data has been sent by the correct authority or person.
In signature mechanism, the hash value of the message is computed, using the Hash algorithms like MD2, MD5 etc. This hashed value is used by the signature algorithm to generate the digital signature. Note: - for signing, the private key is needed by the algorithm. The digital signature is sent along with the message.
Following implementation are provided by the Bouncy castle apis-
Following secret key algorithm are implemented –
Following asymmetric key algorithm are implemented -
In my next article, we will discuss the RSA implementation provided by Bouncy castle.
Let us have a glance at some of the important type of implementations and algorithms provided by BC APIs -
Digests
Digests are the hash values which are generated after applying a hash algorithm on message. Digests are also known as Hash Value, fingerprints, checksums, etc.
Bouncy castle APIs provide us, implementation of following hash algorithms –
- GOST3411
- MD2, MD4, MD5
- RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320
- SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
- Tiger
- Whirlpool.
X509 is a standard, which specifies the standard format for public key certificates, Certificate revocation list and attribute certificates. Bouncy Castle APIs include the implementation for generators, parsers for Version1 and Version3 certificates, Version 2 CRLs and attribute certificates.
It provides the classes for X509 formats, also, e.g. PEM, p12, pfx etc.
Following are some of the important X509 related classes, provided by Bouncy Castle –
- PEMParser
- X509 certficate
- X509 certficate parser
- X509 crl
- X509 signature util
- X509 v1 generator
- X509 v2 generator
- X509 v3 generator
There are many instances when data should be encrypted by the passphrase or password provided by the user. This secret password selected by the user acts like the encryption key. This is unlike the situation in which the keys are generated by the system itself. However, there are steps to be followed for generating or deriving the key from the password selected by the user.
- A hash value of the password text is computed. This is done by using the hash algorithms like SHA1. To make the derived key strong, salt is appended in the password. (Salts are the extra random bytes added in the message during encryption. Salt is different and random for every input, thus the output produced by the hash algorithms also differ every time and hence dictionary attacks are prevented.
- A DES or AES key is generated from the password and salt.
- SHA1 and DES-CBC,
- SHA1 and RC2-CBC,
- SHA-1 and 128bit RC4,
- SHA-1 and 40bit RC4,
- SHA-1 and 3-key DESEDE-CBC,
- SHA-1 and 2-key DESEDE-CBC,
- SHA-1 and 128bitRC2-CBC,
- SHA-1 and 40bit RC2-CBC,
- HmacSHA-1,
- Hmac SHA-224,
- HmacSHA-256,
- HmacRIPEMD128,
- HmacRIPEMD160,
- HmacRIPEMD256.
Signature are applied to digital data to verify that the data is not tampered during transmission and also, that the data has been sent by the correct authority or person.
In signature mechanism, the hash value of the message is computed, using the Hash algorithms like MD2, MD5 etc. This hashed value is used by the signature algorithm to generate the digital signature. Note: - for signing, the private key is needed by the algorithm. The digital signature is sent along with the message.
Following implementation are provided by the Bouncy castle apis-
- MD2withRSA,
- MD4withRSA,
- MD5withRSA,
- RIPEMD128withRSA,
- RIPEMD160withRSA,
- RIPEMD256withRSA,
- SHA-1withRSA,
- SHA-224withRSA,
- SHA-256 with RSA and MGF1,
- SHA-384 with RSA and MGF1,
- SHA-512 with RSA and MGF1,
- SHA-1 with DSA,
- SHA-1 with ECDSA.
Following secret key algorithm are implemented –
- AES
- Blowfish
- Camellia
- CAST5, CAST6
- DESede, DES
- GOST28147
- HC-128, HC-256
- IDEA
- NaccacheStern
- RC2, RC4, RC5-32, RC5-64, RC6,
- Rijndael, Serpent, Skipjack, TEA/XTEA, Twofish, and VMPC.
Following asymmetric key algorithm are implemented -
- RSA (with blinding)
- ElGamal
- DSA
- ECDSA.
In my next article, we will discuss the RSA implementation provided by Bouncy castle.