/usr/share/doc/libbcprov-java/specifications.html is in libbcprov-java-doc 1.59-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 | <html>
<head>
<title>Bouncy Castle Crypto Package</title>
</head>
<body bgcolor="#ffffff" text="#000000#">
<center>
<h1>Bouncy Castle Crypto Package</h1>
<font size=1>
<pre>
</pre>
</font>
</center>
<h2>1.0 Introduction</h2>
The Bouncy Castle Crypto package is a Java implementation of
cryptographic algorithms. The package is organised so that it
contains a light-weight API suitable for use in any environment
(including the newly released J2ME) with the additional infrastructure
to conform the algorithms to the JCE framework.
<p>
Except where otherwise stated, this software is distributed under a license
based on the MIT X
Consortium license. To view the license, see <a href="./LICENSE.html">here</a>.
The OpenPGP library also includes a modified BZIP2 library which
is licensed under the <a href="http://www.apache.org/licenses/">Apache Software License, Version 2.0</a>.
<p>
If you have the full package you will have six jar files, bcprov*.jar
which contains the BC provider, jce-*.jar which contains
the JCE provider, clean room API, and bcmail*.jar which contains the
mail API.
<p>
Note: if you are using JDK 1.0, you will just find a class hierarchy in
the classes directory.
<p>
To view examples, look at the test programs in the packages:
<ul>
<li><b>org.bouncycastle.crypto.test</b>
<li><b>org.bouncycastle.jce.provider.test</b>
</ul>
<p>
To verify the packages, run the following Java programs with the
appropriate classpath:
<ul>
<li><b>java org.bouncycastle.crypto.test.RegressionTest</b>
<li><b>java org.bouncycastle.jce.provider.test.RegressionTest</b>
</ul>
<h2>2.0 Patents</h2>
<p>
Some of the algorithms in the Bouncy Castle APIs are patented in some
places. It is upon the user of the library to be aware of what the
legal situation is in their own situation, however we have been asked
to specifically mention the patents below, in the following terms, at
the request of the patent holder.
<p>
The BC distribution contains implementations of EC MQV as described in RFC 5753, "Use of ECC Algorithms in CMS". In line with the conditions in:
<pre>
<a href="http://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf">http://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf</a>
</pre>
We state, where EC MQV has not otherwise been disabled or removed:</br />
"The use of this product or service is subject to the reasonable, non-discriminatory terms in the Intellectual Property Rights (IPR) Disclosures of Certicom Corp. at the IETF for Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) implemented in the product or service."
</p>
<h2>3.0 System Properties</h2>
The Bouncy Castle provider can make use of the following two system properties:
<ul>
<li><b>org.bouncycastle.ec.disable_mqv</b> - setting this property to true will disable support for EC MQV in the provider.</li>
<li><b>org.bouncycastle.pkcs1.not_strict</b> - some other providers of cryptography services fail to produce PKCS1 encoded block that are the correct length. Setting this property to true will relax the conformance check on the block length.</li>
</ul>
<h2>4.0 Specifications</h2>
<ul>
<li> clean room implementation of the JCE API </li>
<li> light-weight cryptographic API consisting of support for
<ul>
<li>BlockCipher</li>
<li>BufferedBlockCipher</li>
<li>AsymmetricBlockCipher</li>
<li>BufferedAsymmetricBlockCipher</li>
<li>StreamCipher</li>
<li>BufferedStreamCipher</li>
<li>KeyAgreement</li>
<li>IESCipher</li>
<li>Digest</li>
<li>Mac</li>
<li>PBE</li>
<li>Signers</li>
</ul></li>
<li> JCE compatible framework for a Bouncy Castle provider "BC".</li>
<li> JCE compatible framework for a Bouncy Castle post-quantum provider "BCPQC".</li>
</ul>
<h2>5.0 Light-weight API</h2>
<p>
This API has been specifically developed for those circumstances
where the rich API and integration requirements of the JCE are
not required.
<p>
However as a result, the light-weight API requires more effort
and understanding on the part of a developer to initialise and
utilise the algorithms.
<h3>5.1 Example</h3>
<p>To utilise the light-weight API in a program, the fundamentals
are as follows;
<pre>
<code>
/*
* This will use a supplied key, and encrypt the data
* This is the equivalent of DES/CBC/PKCS5Padding
*/
BlockCipher engine = new DESEngine();
BufferedBlockCipher cipher = new PaddedBlockCipher(new CBCCipher(engine));
byte[] key = keyString.getBytes();
byte[] input = inputString.getBytes();
cipher.init(true, new KeyParameter(key));
byte[] cipherText = new byte[cipher.getOutputSize(input.length)];
int outputLen = cipher.processBytes(input, 0, input.length, cipherText, 0);
try
{
cipher.doFinal(cipherText, outputLen);
}
catch (CryptoException ce)
{
System.err.println(ce);
System.exit(1);
}
</code>
</pre>
<h3>5.2 Algorithms</h3>
<p>The light-weight API has built in support for the following:
<h4>Symmetric (Block)</h4>
<p>
The base interface is <b>BlockCipher</b> and has the following
implementations which match the modes the block cipher can
be operated in.
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Constructor</th><th>Notes</th></tr>
<tr><td><b>BufferedBlockCipher</b></td><td>BlockCipher</td><td> </td></tr>
<tr><td><b>CBCBlockCipher</b></td><td>BlockCipher</td><td> </td></tr>
<tr><td><b>CFBBlockCipher</b></td><td>BlockCipher, block size (in bits)</td><td> </td></tr>
<tr><td><b>GCFBlockCipher</b></td><td>BlockCipher</td><td>GOST CFB mode with CryptoPro key meshing.</td></tr>
<tr><td><b>EAXBlockCipher</b></td><td>BlockCipher</td><td> </td></tr>
<tr><td><b>OCBBlockCipher</b></td><td>BlockCipher</td><td> </td></tr>
<tr><td><b>OFBBlockCipher</b></td><td>BlockCipher, block size (in bits)</td><td> </td></tr>
<tr><td><b>SICBlockCipher</b></td><td>BlockCipher, block size (in bits)</td><td>Also known as CTR mode</td></tr>
<tr><td><b>KCTRBlockCipher</b></td><td>BlockCipher, block size (in bits)</td><td>DSTU7624 CTR mode</td></tr>
<tr><td><b>OpenPGPCFBBlockCipher</b></td><td>BlockCipher</td><td> </td></tr>
<tr><td><b>GOFBBlockCipher</b></td><td>BlockCipher</td><td>GOST OFB mode</td></tr>
</table>
<p>
The base interface for AEAD (Authenticated Encryption Associated Data) modes is <b>AEADBlockCipher</b>
and has the following implemenations.
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Constructor</th><th>Notes</th></tr>
<tr><td><b>CCMBlockCipher</b></td><td>BlockCipher</td><td>Packet mode - requires all data up front.</td></tr>
<tr><td><b>EAXBlockCipher</b></td><td>BlockCipher</td><td> </td></tr>
<tr><td><b>CCMBlockCipher</b></td><td>BlockCipher</td><td>Packet mode - requires all data up front.</td></tr>
<tr><td><b>GCMBlockCipher</b></td><td>BlockCipher</td><td>Packet mode - NIST SP 800-38D.</td></tr>
<tr><td><b>KCCMBlockCipher</b></td><td>BlockCipher</td><td>DSTU 7624 Packet mode - requires all data up front.</td></tr>
<tr><td><b>OCBBlockCipher</b></td><td>BlockCipher</td><td> </td></tr>
</table>
</p>
<p>
<b>BufferedBlockCipher</b> has a further sub-classes
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Constructor</th><th>Notes</th></tr>
<tr><td><b>PaddedBufferedBlockCipher</b></td><td>BlockCipher</td><td>a buffered block cipher that can use padding - default PKCS5/7 padding</td></tr>
<tr><td><b>CTSBlockCipher</b></td><td>BlockCipher</td><td>Cipher Text Stealing</td></tr>
<tr><td><b>NISTCTSBlockCipher</b></td><td>BlockCipher</td><td>Cipher Text Stealing - NIST mode set.</td></tr>
</table>
<p>The following paddings can be used with the PaddedBufferedBlockCipher.
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Description</th></tr>
<tr><td>PKCS7Padding</td><td>PKCS7/PKCS5 padding</td></tr>
<tr><td>ISO10126d2Padding</td><td>ISO 10126-2 padding</td></tr>
<tr><td>X932Padding</td><td>X9.23 padding</td></tr>
<tr><td>ISO7816d4Padding</td><td>ISO 7816-4 padding (ISO 9797-1 scheme 2)</td></tr>
<tr><td>ZeroBytePadding</td><td>Pad with Zeros (not recommended)</td></tr>
</table>
<p>The following cipher engines are implemented that can be
used with the above modes.
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>KeySizes (in bits) </th><th>Block Size</th><th>Notes</th></tr>
<tr><td><b>AESEngine</b></td><td>0 .. 256 </td><td>128 bit</td><td> </td></tr>
<tr><td><b>AESWrapEngine</b></td><td>0 .. 256 </td><td>128 bit</td><td>Implements FIPS AES key wrapping</td></tr>
<tr><td><b>BlowfishEngine</b></td><td>0 .. 448 </b></td><td>64 bit</td><td> </td></tr>
<tr><td><b>CamelliaEngine</b></td><td>128, 192, 256</td><td>128 bit</td><td> </td></tr>
<tr><td><b>CamelliaWrapEngine</b></td><td>128, 192, 256</td><td>128 bit</td><td> </td></tr>
<tr><td><b>CAST5Engine</b></td><td>0 .. 128 </b></td><td>64 bit</td><td> </td></tr>
<tr><td><b>CAST6Engine</b></td><td>0 .. 256 </b></td><td>128 bit</td><td> </td></tr>
<tr><td><b>DESEngine</b></td><td>64</td><td>64 bit</td><td> </td></tr>
<tr><td><b>DESedeEngine</b></td><td>128, 192</td><td>64 bit</td><td> </td></tr>
<tr><td><b>DESedeWrapEngine</b></td><td>128, 192</td><td>64 bit</td><td>Implements Draft IETF DESede key wrapping</td></tr>
<tr><td><b>DSTU7624Engine</b></td><td>128, 256, 512</td><td>128/256/512 bit</td><td>DSTU7624 Block Cipher</td></tr>
<tr><td><b>DSTU7624WrapEngine</b></td><td>128, 256, 512</td><td>128/256/512 bit</td><td>DSTU7624 key wrapper</td></tr>
<tr><td><b>GOST28147Engine</b></td><td>256</td><td>64 bit</td><td>Has a range of S-boxes</td></tr>
<tr><td><b>GOST3412_2015Engine</b></td><td>256</td><td>128 bit</td><td> </td></tr>
<tr><td><b>IDEAEngine</b></td><td>128</td><td>64 bit</td><td> </td></tr>
<tr><td><b>NoekeonEngine</b></td><td>128</td><td>128 bit</td><td> </td></tr>
<tr><td><b>RC2Engine</b></td><td>0 .. 1024 </td><td>64 bit</td><td> </td></tr>
<tr><td><b>RC532Engine</b></td><td>0 .. 128 </td><td>64 bit</td><td>Uses a 32 bit word</td></tr>
<tr><td><b>RC564Engine</b></td><td>0 .. 128 </td><td>128 bit</td><td>Uses a 64 bit word</td></tr>
<tr><td><b>RC6Engine</b></td><td>0 .. 256 </td><td>128 bit</td><td> </td></tr>
<tr><td><b>RijndaelEngine</b></td><td>0 .. 256 </td><td>128 bit, 160 bit, 192 bit, 224 bit, 256 bit</td><td> </td></tr>
<tr><td><b>SEEDEngine</b></td><td>128</td><td>128 bit</td><td> </td></tr>
<tr><td><b>SEEDWrapEngine</b></td><td>128</td><td>128 bit</td><td> </td></tr>
<tr><td><b>Shacal2Engine</b></td><td>512</td><td>256 bit</td><td> </td></tr>
<tr><td><b>SerpentEngine</b></td><td>128, 192, 256 </td><td>128 bit</td><td> </td></tr>
<tr><td><b>SkipjackEngine</b></td><td>0 .. 128 </td><td>64 bit</td><td> </td></tr>
<tr><td><b>SM4Engine</b></td><td>128</td><td>128 bit</td><td> </td></tr>
<tr><td><b>TEAEngine</b></td><td>128</td><td>64 bit</td><td> </td></tr>
<tr><td><b>ThreefishEngine</b></td><td>256/512/1024 </td><td>256 bit/512 bit/1024 bit</td><td>Tweakable block cipher</td></tr>
<tr><td><b>TwofishEngine</b></td><td>128, 192, 256 </td><td>128 bit</td><td> </td></tr>
<tr><td><b>XTEAEngine</b></td><td>128</td><td>64 bit</td><td> </td></tr>
</table>
<p>The following additional key wrapping algorithms are also available: RFC3211WrapEngine, RFC3394WrapEngine, and RFC5649WrapEngine.</p>
<h4>Symmetric (Stream)</h4>
<p>
The base interface is <b>StreamCipher</b> and has the following
implementations which match the modes the stream cipher can
be operated in.
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Constructor</th><th>Notes</th></tr>
<tr><td><b>BlockStreamCipher</b></td><td>BlockCipher</td><td> </td></tr>
</table>
<p>The following cipher engines are implemented that can be
used with the above modes.
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>KeySizes (in bits) </th><th>Notes</th></tr>
<tr><td><b>RC4Engine</b></td><td>40 .. 2048</td><td> </td></tr>
<tr><td><b>HC128Engine</b></td><td>128</td><td> </td></tr>
<tr><td><b>HC256Engine</b></td><td>256</td><td> </td></tr>
<tr><td><b>ChaChaEngine</b></td><td>128/256</td><td>64 bit IV</td></tr>
<tr><td><b>Salsa20Engine</b></td><td>128/256</td><td>64 bit IV</td></tr>
<tr><td><b>XSalsa20Engine</b></td><td>256</td><td>192 bit IV</td></tr>
<tr><td><b>ISAACEngine</b></td><td>32 .. 8192</td><td> </td></tr>
<tr><td><b>VMPCEngine</b></td><td>8 .. 6144</td><td> </td></tr>
<tr><td><b>Grainv1Engine</b></td><td>80</td><td>64 bit IV</td></tr>
<tr><td><b>Grain128Engine</b></td><td>128</td><td>96 bit IV</td></tr>
</table>
<h4>Block Asymmetric</h4>
<p>
The base interface is <b>AsymmetricBlockCipher</b> and has the following
implementations which match the modes the cipher can be operated in.
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Constructor</th><th>Notes</th></tr>
<tr><td><b>BufferedAsymmetricBlockCipher</b></td><td>AsymmetricBlockCipher</td><td> </td></tr>
<tr><td><b>OAEPEncoding</b></td><td>AsymmetricBlockCipher</td><td> </td></tr>
<tr><td><b>PKCS1Encoding</b></td><td>AsymmetricBlockCipher</td><td> </td></tr>
<tr><td><b>ISO9796d1Encoding</b></td><td>AsymmetricBlockCipher</td><td>ISO9796-1</td></tr>
</table>
<p>The following cipher engines are implemented that can be
used with the above modes.
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>KeySizes (in bits)</th><th>Notes</th></tr>
<tr><td><b>RSAEngine</b></td><td>any multiple of 8 large enough for the encoding.</td><td> </td></tr>
<tr><td><b>ElGamalEngine</b></td><td>any multiple of 8 large enough for the encoding.</td><td> </td></tr>
<tr><td><b>NTRUEngine</b></td><td>any multiple of 8 large enough for the encoding.</td><td> </td></tr>
</table>
<p>The following asymmetric ciphers are also supported and allow variable block sizes:
<ul>
<li>IESEngine</li>
<li>SM2Engine</li>
</ul>
</p>
<h4>Digest</h4>
<p>
The base interface is <b>Digest</b> and has the following
implementations
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Output (in bits)</th><th>Notes</th></tr>
<tr><td><b>Blake2sDigest</b></td><td>128, 160, 224, 256</td><td></td></tr>
<tr><td><b>Blake2bDigest</b></td><td>224, 256, 384, 512</td><td></td></tr>
<tr><td><b>DSTU7564Digest</b></td><td>256, 384, 512</td><td></td></tr>
<tr><td><b>KeccakDigest</b></td><td>224, 256, 288, 384, 512</td><td></td></tr>
<tr><td><b>MD2Digest</b></td><td>128</td><td> </td></tr>
<tr><td><b>MD4Digest</b></td><td>128</td><td> </td></tr>
<tr><td><b>MD5Digest</b></td><td>128</td><td> </td></tr>
<tr><td><b>RipeMD128Digest</b></td><td>128</td><td>basic RipeMD</td></tr>
<tr><td><b>RipeMD160Digest</b></td><td>160</td><td>enhanced version of RipeMD</td></tr>
<tr><td><b>RipeMD256Digest</b></td><td>256</td><td>expanded version of RipeMD128</td></tr>
<tr><td><b>RipeMD320Digest</b></td><td>320</td><td>expanded version of RipeMD160</td></tr>
<tr><td><b>SHA1Digest</b></td><td>160</td><td> </td></tr>
<tr><td><b>SHA224Digest</b></td><td>224</td><td>FIPS 180-2</td></tr>
<tr><td><b>SHA256Digest</b></td><td>256</td><td>FIPS 180-2</td></tr>
<tr><td><b>SHA384Digest</b></td><td>384</td><td>FIPS 180-2</td></tr>
<tr><td><b>SHA512Digest</b></td><td>512</td><td>FIPS 180-2</td></tr>
<tr><td><b>SHA3Digest</b></td><td>224, 256, 384, 512</td><td></td></tr>
<tr><td><b>SHAKEDigest</b></td><td>128, 256</td><td></td></tr>
<tr><td><b>SkeinDigest</b></td><td>any byte length</td><td>256 bit, 512 bit and 1024 state sizes. Additional parameterisation using SkeinParameters.</td></tr>
<tr><td><b>SM3Digest</b></td><td>256</td><td>The SM3 Digest.</td></tr>
<tr><td><b>TigerDigest</b></td><td>192</td><td>The Tiger Digest.</td></tr>
<tr><td><b>GOST3411Digest</b></td><td>256</td><td>The GOST-3411 Digest.</td></tr>
<tr><td><b>GOST3411_2012_256Digest</b></td><td>256</td><td>The GOST-3411-2012-256 Digest.</td></tr>
<tr><td><b>GOST3411_2012_512Digest</b></td><td>512</td><td>The GOST-3411-2012-512 Digest.</td></tr>
<tr><td><b>WhirlpoolDigest</b></td><td>512</td><td>The Whirlpool Digest.</td></tr>
</table>
<h4>MAC</h4>
<p>
The base interface is <b>Mac</b> and has the following
implementations
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Output (in bits)</th><th>Notes</th></tr>
<tr><td><b>CBCBlockCipherMac</b></td><td>blocksize/2 unless specified</td><td> </td></tr>
<tr><td><b>CFBBlockCipherMac</b></td><td>blocksize/2, in CFB 8 mode, unless specified</td><td> </td></tr>
<tr><td><b>CMac</b></td><td>24 to cipher block size bits</td><td>Usable with block ciphers, NIST SP 800-38B.</td></tr>
<tr><td><b>GMac</b></td><td>32 to 128 bits</td><td>Usable with GCM mode ciphers, defined for AES, NIST SP 800-38D.</td></tr>
<tr><td><b>GOST28147Mac</b></td><td>32 bits</td><td> </td></tr>
<tr><td><b>ISO9797Alg3Mac</b></td><td>multiple of 8 bits up to underlying cipher size.</td><td> </td></tr>
<tr><td><b>HMac</b></td><td>digest length</td><td> </td></tr>
<tr><td><b>DSTU7564</b></td><td>256, 384, 512 bits</td><td> </td></tr>
<tr><td><b>DSTU7624</b></td><td>128, 256, 512 bits</td><td> </td></tr>
<tr><td><b>Poly1305</b></td><td>128 bits</td><td>Usable with 128 bit block ciphers. Use Poly1305KeyGenerator to generate keys.</td></tr>
<tr><td><b>SkeinMac</b></td><td>any byte length</td><td>256 bit, 512 bit and 1024 state size variants. Additional parameterisation using SkeinParameters.</td></tr>
<tr><td><b>SipHash</b></td><td>64 bits</td><td> </td></tr>
<tr><td><b>VMPCMac</b></td><td>160 bits</td><td> </td></tr>
</table>
<h4>PBE and Password Hashing</h4>
<p>
The base class is <b>PBEParametersGenerator</b> and has the following
sub-classes
</p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Constructor</th><th>Notes</th></tr>
<tr><td><b>PKCS5S1ParametersGenerator</b></td><td>Digest</td><td> </td></tr>
<tr><td><b>PKCS5S2ParametersGenerator</b></td><td> </td><td>Uses SHA1/Hmac as defined</td></tr>
<tr><td><b>PKCS12ParametersGenerator</b></td><td>Digest</td><td> </td></tr>
<tr><td><b>OpenSSLPBEParametersGenerator</b></td><td> </td><td>Uses MD5 as defined</td></tr>
</table>
<p>
The following password hashing schemes are supported:
</p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Constructor</th><th>Notes</th></tr>
<tr><td><b>BCrypt</b></td><td> </td><td> </td></tr>
<tr><td><b>OpenBSDBcyrpt</b></td><td> </td><td> </td></tr>
<tr><td><b>SCrypt</b></td><td> </td><td> </td></tr>
</table>
<h4>IESCipher</h4>
<p>
The IES cipher is based on the one described in IEEE P1363a (draft 10), for
use with either traditional Diffie-Hellman or Elliptic Curve Diffie-Hellman.
</p>
<b>Note:</b> At the moment this is still a draft, don't use it for anything
that may be subject to long term storage, the key values produced may well
change as the draft is finalised.
</p>
<h4>Commitments</h4>
<p>
The base class is <b>Committer</b> and has the following
sub-classes
</p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Notes</th></tr>
<tr><td><b>HashCommitter</b></td><td>Hash commitment algorithm described in Usenix RPC MixNet Paper (2002)</td></tr>
</table>
<h4>Key Agreement</h4>
<p>
Two versions of Diffie-Hellman key agreement are supported, the basic
version, and one for use with long term public keys. Two versions of
key agreement using Elliptic Curve cryptography are also supported,
standard Diffie-Hellman key agreement and standard key agreement with
co-factors.
</p>
<p>
The agreement APIs are in the <b>org.bouncycastle.crypto.agreement</b> package.
Classes for generating Diffie-Hellman parameters can be found in the
<b>org.bouncycastle.crypto.params</b> and <b>org.bouncycastle.crypto.generators</b> packages.
</p>
<h4>Key Encapsulation Mechanisms</h4>
<p>
The base class is <b>KeyEncapsulation</b> and has the following
sub-classes
</p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Notes</th></tr>
<tr><td><b>RSAKeyEncapsulation</b></td><td>RSA-KEM from ISO 18033-2</td></tr>
<tr><td><b>PKCS5S2ParametersGenerator</b></td><td>ECIES-KEM from ISO 18033-2</td></tr>
</table>
<h4>Signers</h4>
<p>
DSA, ECDSA, ISO-9796-2, GOST-3410-94, GOST-3410-2001, GOST-3410-2012, DSTU-4145-2002, and RSA-PSS are supported by the <b>org.bouncycastle.crypto.signers</b>
package. Note: as these are light weight classes, if you need to use SHA1 or GOST-3411
(as defined in the relevant standards) you'll also need to make use of the appropriate
digest class in conjunction with these.
Classes for generating DSA and ECDSA parameters can be found in the
<b>org.bouncycastle.crypto.params</b> and <b>org.bouncycastle.crypto.generators</b> packages.
<p>
<h3>5.4 Elliptic Curve Transforms.</h3>
<p>
The org.bouncycastle.crypto.ec package contains implementations for a variety of EC cryptographic transforms such as EC ElGamal.
</p>
<h3>5.5 TLS/DTLS</h3>
<p>
The org.bouncycastle.crypto.tls package contains implementations for TLS 1.1, 1.2 and DTLS 1.0, 1.2.
</p>
<h3>5.6 Deterministic Random Bit Generators (DRBG) and SecureRandom wrappers</h3>
<p>
The org.bouncycastle.crypto.prng package contains implementations for a variety of bit generators including those from SP 800-90A and X9.31, as well as builders for SecureRandom objects based around them.
</p>
<h3>5.7 ASN.1 package</h3>
<p>The light-weight API has direct interfaces into a package capable of
reading and writing DER-encoded ASN.1 objects and for the generation
of X.509 V3 certificate objects and PKCS12 files. BER InputStream and
OutputStream classes are provided as well.
<h2>6.0 Bouncy Castle Provider</h2>
<p>The Bouncy Castle provider is a JCE compliant provider that
is a wrapper built on top of the light-weight API. The main provider is referred to with the name "BC", the post quantum provider is indicated by "BCPQC".</p>
<p>
The advantage for writing application code that uses the
provider interface to cryptographic algorithms is that the
actual provider used can be selected at run time. This
is extremely valuable for applications that may wish to
make use of a provider that has underlying hardware for
cryptographic computation, or where an application may have
been developed in an environment with cryptographic export
controls.
</p>
<h3>6.1 Example</h3>
<p>To utilise the JCE provider in a program, the fundamentals
are as follows;
<pre>
<code>
/*
* This will generate a random key, and encrypt the data
*/
Key key;
KeyGenerator keyGen;
Cipher encrypt;
Security.addProvider(new BouncyCastleProvider());
try
{
// "BC" is the name of the BouncyCastle provider
keyGen = KeyGenerator.getInstance("DES", "BC");
keyGen.init(new SecureRandom());
key = keyGen.generateKey();
encrypt = Cipher.getInstance("DES/CBC/PKCS5Padding", "BC");
}
catch (Exception e)
{
System.err.println(e);
System.exit(1);
}
encrypt.init(Cipher.ENCRYPT_MODE, key);
bOut = new ByteArrayOutputStream();
cOut = new CipherOutputStream(bOut, encrypt);
cOut.write("plaintext".getBytes());
cOut.close();
// bOut now contains the cipher text
</code>
</pre>
<p>
The provider can also be configured as part of your environment via static registration
by adding an entry to the java.security properties file (found in $JAVA_HOME/jre/lib/security/java.security, where $JAVA_HOME is the location of your JDK/JRE distribution). You'll find detailed
instructions in the file but basically it comes down to adding a line:
<pre>
<code>
security.provider.<n>=org.bouncycastle.jce.provider.BouncyCastleProvider
</code>
</pre>
<p>Where <n> is the preference you want the provider at (1 being the most prefered).
<p>Where you put the jar is up to mostly up to you, although with jdk1.3 and
jdk1.4 the best (and in some cases only) place to have it is in $JAVA_HOME/jre/lib/ext. Note: under Windows there will normally be a JRE and a JDK install of Java if you think you have installed it correctly and it still doesn't work chances are you have added the provider to the installation not being used.
<p>
<b>Note</b>: with JDK 1.4 and later you will need to have installed the unrestricted policy
files to take full advantage of the provider. If you do not install the policy files you are likely
to get something like the following:
<b>
<pre>
java.lang.SecurityException: Unsupported keysize or algorithm parameters
at javax.crypto.Cipher.init(DashoA6275)
</pre>
</b>
The policy files can be found at the same place you downloaded the JDK.
<p>
<h3>6.2 Algorithms</h3>
<h4>Symmetric (Block)</h4>
<p>Modes:
<ul>
<li>ECB
<li>CBC
<li>OFB(n)
<li>CFB(n)
<li>SIC (also known as CTR)
<li>OpenPGPCFB
<li>CTS (equivalent to CBC/WithCTS)
<li>GOFB
<li>GCFB
<li>CCM (AEAD)
<li>EAX (AEAD)
<li>GCM (AEAD)
<li>OCB (AEAD)
</ul>
<p>
Where <i>(n)</i> is a multiple of 8 that gives the blocksize in bits,
eg, OFB8. Note that OFB and CFB mode can be used with plain text that
is not an exact multiple of the block size if NoPadding has been specified.
<p>
All <i>AEAD</i> (Authenticated Encryption Associated Data) modes support
Additional Authentication Data (AAD) using the <code>Cipher.updateAAD()</code>
methods added in Java SE 7. <br>
On Java 7 and later, AEAD modes will throw <code>javax.crypto.AEADBadTagException</code> on an authentication failure.
On earlier version of Java, <code>javax.crypto.BadPaddingException</code> is thrown.
<p>
Padding Schemes:
<ul>
<li>No padding
<li>PKCS5/7
<li>ISO10126/ISO10126-2
<li>ISO7816-4/ISO9797-1
<li>X9.23/X923
<li>TBC
<li>ZeroByte
<li>withCTS (if used with ECB mode)
</ul>
<p>
When placed together this gives a specification for an algorithm
as;
<ul>
<li>DES/CBC/X9.23Padding
<li>DES/OFB8/NoPadding
<li>IDEA/CBC/ISO10126Padding
<li>IDEA/CBC/ISO7816-4Padding
<li>SKIPJACK/ECB/PKCS7Padding
<li>DES/ECB/WithCTS
</ul>
<p>
Note: default key sizes are in bold.
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>KeySizes (in bits) </th><th>Block Size</th><th>Notes</th></tr>
<tr><td>AES</td><td>0 .. 256 <b>(192)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>AESWrap</td><td>0 .. 256 <b>(192)</b></td><td>128 bit</td><td>A FIPS AES key wrapper</td></tr>
<tr><td>ARIA</td><td>0 .. 256 <b>(192)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>ARIAWrap</td><td>0 .. 256 <b>(192)</b></td><td>128 bit</td><td>An ARIA key wrapper (based on RFC 5649)</td></tr>
<tr><td>Blowfish</td><td>0 .. 448 <b>(448)</b></td><td>64 bit</td><td> </td></tr>
<tr><td>Camellia</td><td>128, 192, 256</td><td>128 bit</td><td> </td></tr>
<tr><td>CamelliaWrap</td><td>128, 192, 256</td><td>128 bit</td><td> </td></tr>
<tr><td>CAST5</td><td>0 .. 128<b>(128)</b></td><td>64 bit</td><td> </td></tr>
<tr><td>CAST6</td><td>0 .. 256<b>(256)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>DES</td><td>64</td><td>64 bit</td><td> </td></tr>
<tr><td>DESede</td><td>128, 192</td><td>64 bit</td><td> </td></tr>
<tr><td>DESedeWrap</td><td>128, 192</td><td>128 bit</td><td>A Draft IETF DESede key wrapper</td></tr>
<tr><td>DSTU7624</td><td>128, 256, 512</td><td>128/256/512 bit</td><td>DSTU7624 Block Cipher</td></tr>
<tr><td>DSTU7624Wrap</td><td>128, 256, 512</td><td>128/256/512 bit</td><td>DSTU7624 key wrapper</td></tr>
<tr><td>GCM</td><td>128, 192, 256<b>(192)</b></td><td>AEAD Mode Cipher</td><td>Galois/Counter Mode, as defined in NIST Special Publication SP 800-38D.</td></tr>
<tr><td>GOST28147</td><td>256</td><td>64 bit</td><td> </td></tr>
<tr><td>IDEA</td><td>128 <b>(128)</b></td><td>64 bit</td><td> </td></tr>
<tr><td>Noekeon</td><td>128<b>(128)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>RC2</td><td>0 .. 1024 <b>(128)</b></td><td>64 bit</td><td> </td></tr>
<tr><td>RC5</td><td>0 .. 128 <b>(128)</b></td><td>64 bit</td><td>Uses a 32 bit word</td></tr>
<tr><td>RC5-64</td><td>0 .. 256 <b>(256)</b></td><td>128 bit</td><td>Uses a 64 bit word</td></tr>
<tr><td>RC6</td><td>0 .. 256 <b>(128)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>Rijndael</td><td>0 .. 256 <b>(192)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>SEED</td><td>128<b>(128)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>SEEDWrap</td><td>128<b>(128)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>Serpent</td><td>128, 192, 256 <b>(256)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>Skipjack</td><td>0 .. 128 <b>(128)</b></td><td>64 bit</td><td> </td></tr>
<tr><td>SM4</td><td>128<b>(128)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>TEA</td><td>128 <b>(128)</b></td><td>64 bit</td><td> </td></tr>
<tr><td>Threefish-256</td><td>256</td><td>256 bit</td><td> </td></tr>
<tr><td>Threefish-512</td><td>512</td><td>512 bit</td><td> </td></tr>
<tr><td>Threefish-1024</td><td>1024</td><td>1024 bit</td><td> </td></tr>
<tr><td>Twofish</td><td>128, 192, 256 <b>(256)</b></td><td>128 bit</td><td> </td></tr>
<tr><td>XTEA</td><td>128 <b>(128)</b></td><td>64 bit</td><td> </td></tr>
</table>
<h4>Symmetric (Stream)</h4>
<p>
Note: default key sizes are in bold.
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>KeySizes (in bits)</th><th>Notes</th></tr>
<tr><td>RC4</td><td>40 .. 2048 bits <b>(128)</b></td><td> </td></tr>
<tr><td>HC128</td><td>(128)</td><td> </td></tr>
<tr><td>HC256</td><td>(256)</td><td> </td></tr>
<tr><td>ChaCha</td><td><b>128</b>/256</td><td>64 bit IV</td></tr>
<tr><td>Salsa20</td><td><b>128</b>/256</td><td>64 bit IV</td></tr>
<tr><td>XSalsa20</td><td>256</td><td>182 bit IV</td></tr>
<tr><td>VMPC</td><td>128/6144<b>(128)</b></td><td> </td></tr>
<tr><td>Grainv1</b></td><td>80</td><td>64 bit IV</td></tr>
<tr><td>Grain128</b></td><td>128</td><td>96 bit IV</td></tr>
</table>
<h4>Block Asymmetric</h4>
<p>Encoding:
<ul>
<li>OAEP - Optimal Asymmetric Encryption Padding
<li>PCKS1 - PKCS v1.5 Padding
<li>ISO9796-1 - ISO9796-1 edition 1 Padding
</ul>
<p>Note: except as indicated in PKCS 1v2 we recommend you use OAEP, as
mandated in X9.44.
<p>
When placed together with RSA this gives a specification for an algorithm
as;
<ul>
<li>RSA/NONE/NoPadding
<li>RSA/NONE/PKCS1Padding
<li>RSA/NONE/OAEPWithMD5AndMGF1Padding
<li>RSA/NONE/OAEPWithSHA1AndMGF1Padding
<li>RSA/NONE/OAEPWithSHA224AndMGF1Padding
<li>RSA/NONE/OAEPWithSHA256AndMGF1Padding
<li>RSA/NONE/OAEPWithSHA384AndMGF1Padding
<li>RSA/NONE/OAEPWithSHA512AndMGF1Padding
<li>RSA/NONE/OAEPWithSHA3-224AndMGF1Padding
<li>RSA/NONE/OAEPWithSHA3-256AndMGF1Padding
<li>RSA/NONE/OAEPWithSHA3-384AndMGF1Padding
<li>RSA/NONE/OAEPWithSHA3-512AndMGF1Padding
<li>RSA/NONE/ISO9796-1Padding
</ul>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>KeySizes (in bits)</th><th>Notes</th></tr>
<tr><td>RSA</td><td>any multiple of 8 bits large enough for the encryption<b>(2048)</b></td><td> </td></tr>
<tr><td>ElGamal</td><td>any multiple of 8 bits large enough for the encryption<b>(1024)</b></td><td> </td></tr>
</table>
<h4>Key Agreement</h4>
<p>
Diffie-Hellman key agreement is supported using the "DH", "ECDH",
"ECCDH" (EC Cofactor DH), "ECMQV" and "ECCDHU" (EC Cofactor DH Unified) key agreement instances and their variations. Key exchange, which also uses the KeyAgreement API is supported by "NH" (the NewHope algorithm (BCPQC)). SM2 key exchange is currently supported in the lightweight API.
</p>
<p>
Support is provided for the standard SEC algorithm set for EC. Names appear
in the form of [Agreement]with[KDF PRF Digest][KDF type]. For example:
<ul>
<li>"ECCDHwithSHA256KDF" which represents EC cofactor DH using the X9.63 KDF with SHA256 as the PRF</li>
<li>"ECMQVwithSHA1CKDF" which represents EC MQV using the concetantion KDF with SHA1 as the PRF</li>
</ul>
</p><p>
Note: with basic "DH" only the basic algorithm fits in with the JCE API, if
you're using long-term public keys you may want to look at the light-weight
API, there are also additional JCE support classes for UserKeyingMaterial and MQVParameters in the <b>org.bouncycastle.jcajce.spec</b> package.
</p>
<h4>ECIES</h4>
<p>
An implementation of ECIES (stream mode) as described in IEEE P 1363a. This now based more formally on Victor Shoup's paper and should be compatible with the implementation in Crypto++ (version 6 onwards).
</p>
<h4>Digest</h4>
<p>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Output (in bits)</th><th>Notes</th></tr>
<tr><td>GOST3411</td><td>256</td><td> </td></tr>
<tr><td>GOST3411-2012-256</td><td>256</td><td> </td></tr>
<tr><td>GOST3411-2012-512</td><td>512</td><td> </td></tr>
<tr><td>MD2</td><td>128</td><td> </td></tr>
<tr><td>MD4</td><td>128</td><td> </td></tr>
<tr><td>MD5</td><td>128</td><td> </td></tr>
<tr><td>RipeMD128</td><td>128</td><td>basic RipeMD</td></tr>
<tr><td>RipeMD160</td><td>160</td><td>enhanced version of RipeMD</td></tr>
<tr><td>RipeMD256</td><td>256</td><td>expanded version of RipeMD128</td></tr>
<tr><td>RipeMD320</td><td>320</td><td>expanded version of RipeMD160</td></tr>
<tr><td>SHA1</td><td>160</td><td> </td></tr>
<tr><td>SHA-224</td><td>224</td><td>FIPS 180-2</td></tr>
<tr><td>SHA-256</td><td>256</td><td>FIPS 180-2</td></tr>
<tr><td>SHA-384</td><td>384</td><td>FIPS 180-2</td></tr>
<tr><td>SHA-512</td><td>512</td><td>FIPS 180-2</td></tr>
<tr><td>SHA3-224</td><td>224</td><td> </td></tr>
<tr><td>SHA3-256</td><td>256</td><td> </td></tr>
<tr><td>SHA3-384</td><td>384</td><td> </td></tr>
<tr><td>SHA3-512</td><td>512</td><td> </td></tr>
<tr><td>Skein-256-*</td><td>128, 160, 224, 256</td><td>e.g. Skein-256-160</td></tr>
<tr><td>Skein-512-*</td><td>128, 160, 224, 256, 384, 512</td><td>e.g. Skein-512-256</td></tr>
<tr><td>Skein-1024-*</td><td>384, 512, 1024</td><td>e.g. Skein-1024-1024</td></tr>
<tr><td>Tiger</td><td>192</td><td> </td></tr>
<tr><td>Whirlpool</td><td>512</td><td> </td></tr>
</table>
</p>
<h4>MAC</h4>
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Output (in bits)</th><th>Notes</th></tr>
<tr><td>Any MAC based on a block cipher, CBC (the default) and CFB modes.</td><td>half the cipher's block size (usually 32 bits)</td><td> </td></tr>
<tr><td>*-GMAC</td><td>32 to 128 bits</td><td>Usable with GCM mode ciphers, defined for AES, NIST SP 800-38D. e.g. AES-GMAC.</td></tr>
<tr><td>VMPC-MAC</td><td>128</td><td> </td></tr>
<tr><td>HMac-GOST3411</td><td>256</td><td> </td></tr>
<tr><td>HMac-GOST3411-2012-256</td><td>256</td><td> </td></tr>
<tr><td>HMac-GOST3411-2012-512</td><td>512</td><td> </td></tr>
<tr><td>HMac-KECCAK224</td><td>224</td><td> </td></tr>
<tr><td>HMac-KECCAK256</td><td>256</td><td> </td></tr>
<tr><td>HMac-KECCAK288</td><td>288</td><td> </td></tr>
<tr><td>HMac-KECCAK384</td><td>384</td><td> </td></tr>
<tr><td>HMac-KECCAK512</td><td>512</td><td> </td></tr>
<tr><td>HMac-MD2</td><td>128</td><td> </td></tr>
<tr><td>HMac-MD4</td><td>128</td><td> </td></tr>
<tr><td>HMac-MD5</td><td>128</td><td> </td></tr>
<tr><td>HMac-RipeMD128</td><td>128</td><td> </td></tr>
<tr><td>HMac-RipeMD160</td><td>160</td><td> </td></tr>
<tr><td>HMac-SHA1</td><td>160</td><td> </td></tr>
<tr><td>HMac-SHA224</td><td>224</td><td> </td></tr>
<tr><td>HMac-SHA256</td><td>256</td><td> </td></tr>
<tr><td>HMac-SHA384</td><td>384</td><td> </td></tr>
<tr><td>HMac-SHA512</td><td>512</td><td> </td></tr>
<tr><td>HMac-SHA3-224</td><td>224</td><td> </td></tr>
<tr><td>HMac-SHA3-256</td><td>256</td><td> </td></tr>
<tr><td>HMac-SHA3-384</td><td>384</td><td> </td></tr>
<tr><td>HMac-SHA3-512</td><td>512</td><td> </td></tr>
<tr><td>HMAC-Skein-256-*</td><td>128, 160, 224, 256</td><td>e.g. HMAC-Skein-256-160</td></tr>
<tr><td>HMAC-Skein-512-*</td><td>128, 160, 224, 256, 384, 512</td><td>e.g. HMAC-Skein-512-256</td></tr>
<tr><td>HMAC-Skein-1024-*</td><td>384, 512, 1024</td><td>e.g. HMAC-Skein-1024-1024</td></tr>
<tr><td>Siphash-2-4 (SipHash)</td><td>64</td><td></td></tr>
<tr><td>Siphash-4-8</td><td>64</td><td></td></tr>
<tr><td>Skein-MAC-256-*</td><td>128, 160, 224, 256</td><td>e.g. Skein-MAC-256-160</td></tr>
<tr><td>Skein-MAC-512-*</td><td>128, 160, 224, 256, 384, 512</td><td>e.g. Skein-MAC-512-256</td></tr>
<tr><td>Skein-MAC-1024-*</td><td>384, 512, 1024</td><td>e.g. Skein-MAC-1024-1024</td></tr>
<tr><td>HMac-Tiger</td><td>192</td><td> </td></tr>
<tr><td>Poly1305-*</td><td>128</td><td>Defined for recent 128 bit block ciphers, e.g. Poly1305-AES, Poly1305-Serpent</td></tr>
</table>
<p>Examples:
<ul>
<li>DESMac</li>
<li>DESMac/CFB8</li>
<li>DESedeMac</li>
<li>DESedeMac/CFB8</li>
<li>DESedeMac64</li>
<li>SKIPJACKMac</li>
<li>SKIPJACKMac/CFB8</li>
<li>IDEAMac</li>
<li>IDEAMac/CFB8</li>
<li>RC2Mac</li>
<li>RC2Mac/CFB8</li>
<li>RC5Mac</li>
<li>RC5Mac/CFB8</li>
<li>ISO9797ALG3Mac</li>
</ul>
<h4>Signature Algorithms</h4>
<p>Schemes:
<ul>
<li>DSTU4145</li>
<li>GOST3411withGOST3410 (GOST3411withGOST3410-94)</li>
<li>GOST3411withECGOST3410 (GOST3411withGOST3410-2001)</li>
<li>MD2withRSA</li>
<li>MD5withRSA</li>
<li>SHA1withRSA</li>
<li>RIPEMD128withRSA</li>
<li>RIPEMD160withRSA</li>
<li>RIPEMD160withECDSA</li>
<li>RIPEMD256withRSA</li>
<li>SHA1withDSA</li>
<li>SHA224withDSA</li>
<li>SHA256withDSA</li>
<li>SHA384withDSA</li>
<li>SHA512withDSA</li>
<li>SHA3-224withDSA</li>
<li>SHA3-256withDSA</li>
<li>SHA3-384withDSA</li>
<li>SHA3-512withDSA</li>
<li>SHA1withDDSA</li>
<li>SHA224withDDSA</li>
<li>SHA256withDDSA</li>
<li>SHA384withDDSA</li>
<li>SHA512withDDSA</li>
<li>SHA3-224withDDSA</li>
<li>SHA3-256withDDSA</li>
<li>SHA3-384withDDSA</li>
<li>SHA3-512withDDSA</li>
<li>NONEwithDSA</li>
<li>SHA1withDetECDSA</li>
<li>SHA224withECDDSA</li>
<li>SHA256withECDDSA</li>
<li>SHA384withECDDSA</li>
<li>SHA512withECDDSA</li>
<li>SHA1withECDSA</li>
<li>NONEwithECDSA</li>
<li>SHA224withECDSA</li>
<li>SHA256withECDSA</li>
<li>SHA384withECDSA</li>
<li>SHA512withECDSA</li>
<li>SHA3-224withECDSA</li>
<li>SHA3-256withECDSA</li>
<li>SHA3-384withECDSA</li>
<li>SHA3-512withECDSA</li>
<li>SHA1withECNR</li>
<li>SHA224withECNR</li>
<li>SHA256withECNR</li>
<li>SHA384withECNR</li>
<li>SHA512withECNR</li>
<li>SHA224withRSA</li>
<li>SHA256withRSA</li>
<li>SHA384withRSA</li>
<li>SHA512withRSA</li>
<li>SHA512(224)withRSA</li>
<li>SHA512(256)withRSA</li>
<li>SHA3-224withRSA</li>
<li>SHA3-256withRSA</li>
<li>SHA3-384withRSA</li>
<li>SHA3-512withRSA</li>
<li>SHA1withRSAandMGF1</li>
<li>SHA256withRSAandMGF1</li>
<li>SHA384withRSAandMGF1</li>
<li>SHA512withRSAandMGF1</li>
<li>SHA512(224)withRSAandMGF1</li>
<li>SHA512(256)withRSAandMGF1</li>
<li>SHA1withRSA/ISO9796-2</li>
<li>RIPEMD160withRSA/ISO9796-2</li>
<li>SHA1withRSA/X9.31</li>
<li>SHA224withRSA/X9.31</li>
<li>SHA256withRSA/X9.31</li>
<li>SHA384withRSA/X9.31</li>
<li>SHA512withRSA/X9.31</li>
<li>SHA512(224)withRSA/X9.31</li>
<li>SHA512(256)withRSA/X9.31</li>
<li>RIPEMD128withRSA/X9.31</li>
<li>RIPEMD160withRSA/X9.31</li>
<li>WHIRLPOOLwithRSA/X9.31</li>
<li>SHA512withSPHINCS256 (BCPQC)</li>
<li>SHA3-512withSPHINCS256 (BCPQC)</li>
<li>SM3withSM2</li>
<li>SHA256withXMSS</li>
<li>SHA512withXMSS</li>
<li>SHAKE128withXMSS</li>
<li>SHAKE256withXMSS</li>
<li>SHA256withXMSSMT</li>
<li>SHA512withXMSSMT</li>
<li>SHAKE128withXMSSMT</li>
<li>SHAKE256withXMSSMT</li>
</ul>
<h4>Password Hashing and PBE</h4>
<p>Schemes:
<ul>
<li>BCrypt</li>
<li>OpenBSDBcyrpt</li>
<li>SCrypt</li>
<li>PKCS5S1, any Digest, any symmetric Cipher, ASCII </li>
<li>PKCS5S2, any HMac, any symmetric Cipher, ASCII, UTF8</li>
<li>PKCS12, any Digest, any symmetric Cipher, Unicode </li>
</ul>
<p>
Defined in Bouncy Castle JCE Provider
<table cellpadding=5 cellspacing=0 border=1 width=80%>
<tr><th>Name</th><th>Key Generation Scheme</th><th>Key Length (in bits)</th><th>Char to Byte conversion</th></tr>
<tr><td>PBEWithMD2AndDES</td><td>PKCS5 Scheme 1</td><td>64</td><td>8 bit chars</td></tr>
<tr><td>PBEWithMD2AndRC2</td><td>PKCS5 Scheme 1</td><td>128</td><td>8 bit chars</td></tr>
<tr><td>PBEWithMD5AndDES</td><td>PKCS5 Scheme 1</td><td>64</td><td>8 bit chars</td></tr>
<tr><td>PBEWithMD5AndRC2</td><td>PKCS5 Scheme 1</td><td>128</td><td>8 bit chars</td></tr>
<tr><td>PBEWithSHA1AndDES</td><td>PKCS5 Scheme 1</td><td>64</td><td>8 bit chars</td></tr>
<tr><td>PBEWithSHA1AndRC2</td><td>PKCS5 Scheme 1</td><td>128</td><td>8 bit chars</td></tr>
<tr><td>PBKDF2WithHmacSHA1</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBKDF2WithHmacSHA1AndUTF8</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBKDF2WithHmacSHA1And8bit</td><td>PKCS5 Scheme 2</td><td>variable</td><td>8 bit chars</td></tr>
<tr><td>PBKDF2WithHmacSHA224</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBKDF2WithHmacSHA256</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBKDF2WithHmacSHA384</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBKDF2WithHmacSHA512</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBKDF2WithHmacSHA3-224</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBKDF2WithHmacSHA3-256</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBKDF2WithHmacSHA3-384</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBKDF2WithHmacSHA3-512</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBKDF2WithHmacGOST3411</td><td>PKCS5 Scheme 2</td><td>variable</td><td>UTF-8 chars</td></tr>
<tr><td>PBEWithSHAAnd2-KeyTripleDES-CBC</td><td>PKCS12</td><td>128</td><td>16 bit chars</td></tr>
<tr><td>PBEWithSHAAnd3-KeyTripleDES-CBC</td><td>PKCS12</td><td>192</td><td>16 bit chars</td></tr>
<tr><td>PBEWithSHAAnd128BitRC2-CBC</td><td>PKCS12</td><td>128</td><td>16 bit chars</td></tr>
<tr><td>PBEWithSHAAnd40BitRC2-CBC</td><td>PKCS12</td><td>40</td><td>16 bit chars</td></tr>
<tr><td>PBEWithSHAAnd128BitRC4</td><td>PKCS12</td><td>128</td><td>16 bit chars</td></tr>
<tr><td>PBEWithSHAAnd40BitRC4</td><td>PKCS12</td><td>40</td><td>16 bit chars</td></tr>
<tr><td>PBEWithSHAAndTwofish-CBC</td><td>PKCS12</td><td>256</td><td>16 bit chars</td></tr>
<tr><td>PBEWithSHAAndIDEA-CBC</td><td>PKCS12</td><td>128</td><td>16 bit chars</td></tr>
</table>
<h3>6.3 Certificates</h3>
<p>
The Bouncy Castle provider will read X.509 certficates (v2 or v3) as per the examples in
the java.security.cert.CertificateFactory class. They can be provided either
in the normal PEM encoded format, or as DER binaries.
<p>
The CertificateFactory will also read X.509 CRLs (v2) from either PEM or DER encodings.
<p>
In addition to the classes in the org.bouncycastle.asn1.x509 package for certificate, CRLs, and OCSP, CRMF, and CMP message
generation a more JCE "friendly" class is provided in the package org.bouncycastle.cert. The JCE "friendly" classes found in the jcajce
subpackages support RSA, DSA, GOST, DTSU, and EC-DSA.
<p>
<h3>6.4 Keystore</h3>
<p>
The Bouncy Castle package has three implementation of a keystore.
<p>
The first "BKS" is a keystore that will work with the keytool in the same
fashion as the Sun "JKS" keystore. The keystore is resistent to tampering
but not inspection.
<p>
The second, <b>Keystore.BouncyCastle</b>, or <b>Keystore.UBER</b> will only work with the keytool
if the password is provided on the command line, as the entire keystore
is encrypted
with a PBE based on SHA1 and Twofish. <b>PBEWithSHAAndTwofish-CBC</b>.
This makes the entire keystore resistant to tampering and inspection,
and forces verification.
The Sun JDK provided keytool will attempt to load a keystore even if no
password is given,
this is impossible for this version. (One might wonder about going to all
this trouble and then having the password on the command line! New keytool
anyone?).
<p>
In the first case, the keys are encrypted with 3-Key-TripleDES.
<p>
The third is a PKCS12 compatible keystore. PKCS12 provides a slightly
different situation from the regular key store, the keystore password is
currently the only password used for storing keys. Otherwise it supports
all the functionality required for it to be used with the keytool. In some
situations other libraries always expect to be dealing with Sun certificates,
if this is the case use PKCS12-DEF, and the certificates produced by the
key store will be made using the default provider. In the default case PKCS12 uses 3DES for key protection and 40 bit RC2 for protecting the certificates. It is also possible to use 3DES for both by using PKCS12-3DES-3DES or PKCS12-DEF-3DES-3DES as the KeyStore type.
<p>
There is an example program that produces PKCS12 files suitable for
loading into browsers. It is in the package
org.bouncycastle.jce.examples.
<p>
<p>
<h3>6.5 Additional support classes for Elliptic Curve.</h3>
<p>
There are no classes for supporting EC in the JDK prior to JDK 1.5. If you are using
an earlier JDK you can find classes for using EC in the following
packages:
<ul>
<li>org.bouncycastle.jce.spec</li>
<li>org.bouncycastle.jce.interfaces</li>
<li>org.bouncycastle.jce</li>
</ul>
<h3>7.0 BouncyCastle S/MIME</h3>
To be able to fully compile and utilise the BouncyCastle S/MIME
package (including the test classes) you need the jar files for
the following APIs.
<ul>
<li>Junit - <a href="http://www.junit.org">http://www.junit.org</a></li>
<li>JavaMail - <a href="http://java.sun.com/products/javamail/index.html">http://java.sun.com/products/javamail/index.html</a></li>
<li>The Java Activation Framework - <a href="http://java.sun.com/products/javabeans/glasgow/jaf.html">http://java.sun.com/products/javabeans/glasgow/jaf.html</a></li>
</ul>
<h3>7.1 Setting up BouncyCastle S/MIME in JavaMail</h3>
The BouncyCastle S/MIME handlers may be set in JavaMail two ways.
<ul>
<li> STATICALLY<br>
Add the following entries to the mailcap file:
<pre>
application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature
application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime
application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature
application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime
multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed
</pre>
</li>
<li> DYNAMICALLY<br>
The following code will add the BouncyCastle S/MIME handlers dynamically:
<pre>
import javax.activation.MailcapCommandMap;
import javax.activation.CommandMap;
public static void setDefaultMailcap()
{
MailcapCommandMap _mailcap =
(MailcapCommandMap)CommandMap.getDefaultCommandMap();
_mailcap.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
_mailcap.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
_mailcap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
_mailcap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
_mailcap.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");
CommandMap.setDefaultCommandMap(_mailcap);
}
</pre>
</li>
</ul>
</body>
</html>
|