Security Providers and BouncyCastle

BouncyCastle is a pretty cool library, but lacks useful documentation. The website is a mess.

If you want to setup BouncyCastle as your Java Security Provider (you should, the defaults are pretty bad) you need to do the following.

First add BouncyCastle’s provider to the list of Java Security providers. One of the easiest ways of doing this is, to include BouncyCastleProvider as one of the Security providers when your application starts up.

For e.g. in Play 2.2.x / 2.3.x you could do:

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import play.Application;
import play.GlobalSettings;
import java.security.Security;

public class Global extends GlobalSettings {
  public void onStart(Application app) {
    super.onStart(app);
    Security.addProvider(new BouncyCastleProvider());
    ....
 }
}

Now that you have added BouncyCastle to the list of Security Providers, you also need to make sure that anytime you use a key class from the java.security package, you also need to specify the provider.

For e.g. if you need to get an instance of Cipher you need to specify the right provider.

So instead of

Cipher.getInstance("AES") use

Cipher.getInstance("AES", Security.getProvider("BC"))

If you are using Play. You can also set the provider using a configurable property. 

# Use the Bouncy Castle Crypto Provider
application.crypto.provider = "BC"
# Override default transformation type
application.crypto.aes.transformation = "AES/CBC/PKCS5Padding"

That’s it. You are all set.

PS:

Do yourself a favor. Use Play Frameworks’ Crypto libraries when you can.

 
29
Kudos
 
29
Kudos

Now read this

A Photo a Day. (Adventures with a Sony A7R)

I have been eyeing a Sony A7R for a long time (over a year now). Yeah, I know that there is an A7R ii; but I don’t really care about the 5-axis image stabilization (given that i will probably end up using a tripod). In an effort to up my... Continue →