1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Introduction to Bouncy Castle APIs

Discussion in 'Engineering Concepts' started by sbh, Jan 24, 2011.

  1. sbh

    sbh New Member

    Jan 5, 2011
    Likes Received:
    Trophy Points:
    Database R&D
    The Bouncy Castle Crypto APIs is a set of implementations of cryptographic concepts and algorithms. Bouncy Castle APIs are developed in both Java and C#. These APIs can be freely downloaded from the Bouncy Castle home page.

    Let us have a glance at some of the important type of implementations and algorithms provided by BC APIs -


    Digests are the hash values which are generated after applying a hash algorithm on message. Digests are also known as Hash Value, fingerprints, checksums, etc.

    Bouncy castle APIs provide us, implementation of following hash algorithms –
    • GOST3411
    • MD2, MD4, MD5
    • RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320
    • SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
    • Tiger
    • Whirlpool.

    X509 is a standard, which specifies the standard format for public key certificates, Certificate revocation list and attribute certificates. Bouncy Castle APIs include the implementation for generators, parsers for Version1 and Version3 certificates, Version 2 CRLs and attribute certificates.

    It provides the classes for X509 formats, also, e.g. PEM, p12, pfx etc.

    Following are some of the important X509 related classes, provided by Bouncy Castle –
    • PEMParser
    • X509 certficate
    • X509 certficate parser
    • X509 crl
    • X509 signature util
    • X509 v1 generator
    • X509 v2 generator
    • X509 v3 generator
    Password Based Encryption

    There are many instances when data should be encrypted by the passphrase or password provided by the user. This secret password selected by the user acts like the encryption key. This is unlike the situation in which the keys are generated by the system itself. However, there are steps to be followed for generating or deriving the key from the password selected by the user.
    • A hash value of the password text is computed. This is done by using the hash algorithms like SHA1. To make the derived key strong, salt is appended in the password. (Salts are the extra random bytes added in the message during encryption. Salt is different and random for every input, thus the output produced by the hash algorithms also differ every time and hence dictionary attacks are prevented.
    • A DES or AES key is generated from the password and salt.
    Bouncy castle provides the following PBE algorithms –
    • SHA1 and DES-CBC,
    • SHA1 and RC2-CBC,
    • SHA-1 and 128bit RC4,
    • SHA-1 and 40bit RC4,
    • SHA-1 and 3-key DESEDE-CBC,
    • SHA-1 and 2-key DESEDE-CBC,
    • SHA-1 and 128bitRC2-CBC,
    • SHA-1 and 40bit RC2-CBC,
    • HmacSHA-1,
    • Hmac SHA-224,
    • HmacSHA-256,
    • HmacRIPEMD128,
    • HmacRIPEMD160,
    • HmacRIPEMD256.
    Signature algorithms

    Signature are applied to digital data to verify that the data is not tampered during transmission and also, that the data has been sent by the correct authority or person.

    In signature mechanism, the hash value of the message is computed, using the Hash algorithms like MD2, MD5 etc. This hashed value is used by the signature algorithm to generate the digital signature. Note: - for signing, the private key is needed by the algorithm. The digital signature is sent along with the message.

    Following implementation are provided by the Bouncy castle apis-
    • MD2withRSA,
    • MD4withRSA,
    • MD5withRSA,
    • RIPEMD128withRSA,
    • RIPEMD160withRSA,
    • RIPEMD256withRSA,
    • SHA-1withRSA,
    • SHA-224withRSA,
    • SHA-256 with RSA and MGF1,
    • SHA-384 with RSA and MGF1,
    • SHA-512 with RSA and MGF1,
    • SHA-1 with DSA,
    • SHA-1 with ECDSA.
    Symmetric key algorithms:

    Following secret key algorithm are implemented –
    • AES
    • Blowfish
    • Camellia
    • CAST5, CAST6
    • DESede, DES
    • GOST28147
    • HC-128, HC-256
    • IDEA
    • NaccacheStern
    • RC2, RC4, RC5-32, RC5-64, RC6,
    • Rijndael, Serpent, Skipjack, TEA/XTEA, Twofish, and VMPC.
    Asymmetric key algorithms:

    Following asymmetric key algorithm are implemented -
    • RSA (with blinding)
    • ElGamal
    • DSA
    • ECDSA.
    Apart from the above listed algorithms, Bouncy Castle provides implementation for PGP (Pretty good Privacy, Online Certificate Status Protocol. Time Stamp Protocol etc.

    In my next article, we will discuss the RSA implementation provided by Bouncy castle.
  2. WolFSharp

    WolFSharp New Member

    Mar 2, 2011
    Likes Received:
    Trophy Points:
    Hi Sbh, i really appreciate your tutorials about the Bouncy Castle API. You really saved my life Man =)
    In my C# project i have to use external cryptographic library, so i found the OpennSSL(crypto) and BouncyCastle but they quickly caused me headaches lol.
    Please, i need to hash a byte[] with md5 and SHA, can you show me how ? thanks for any help man =) i really appreciate your articles.
  3. WolFSharp

    WolFSharp New Member

    Mar 2, 2011
    Likes Received:
    Trophy Points:
    Could you make an example about importing RSA keys from file and how to save them, thx

Share This Page