Bouncy castle???

can v use bouncy castle api's in java????
i have used it in j2me....can it also b used with standard edition???

There must be some tutorial information on their website. I know they have an examples on http://www.bouncycastle.org/documentation.html. Basically, you can use it in two ways. One way is exclusively through the JCE. You use the same Java classes like Cipher, MessageDigest, Signature, etc, but you explicitly specify the provider in the getInstance method. Here is small code fragment example
import java.io.*;
import java.security.*;
import javax.crypto.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class BCastle1
    public static void main(String[] args) throws Exception
        Security.addProvider(new BouncyCastleProvider());
        // "BC" is the name of the BouncyCastle provider
        KeyGenerator keyGen = KeyGenerator.getInstance("DES", "BC");
        keyGen.init(new SecureRandom());
        Key key = keyGen.generateKey();
        Cipher encrypt = Cipher.getInstance("DES/CBC/PKCS5Padding", "BC");
        encrypt.init(Cipher.ENCRYPT_MODE, key);
        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
        CipherOutputStream cOut = new CipherOutputStream(bOut, encrypt);
        // ... other stuff omitted ....
}Another way is to use the lightweight API directly. You use the classes whose Javadocs are at http://www.bouncycastle.org/docs/docs1.5/index.html just like any other Java classes.

Similar Messages

Encrypt/Decrypt data, multiple public keys using Bouncy castle api?

Hi all.
I need to implement encrypt/decrypt functionality of some data with many public keys using bouncy castle api and EnvelopedData class in java 1.4 SE.
Could someone give me examples how to do it. I searched whole the internet and i could not find simple example.

Hi thanks very much.
I had a quick look at the examples. I will see if they could help me.
Here is more specific what i want:
Encrypt data with multiple public keys that are kept in .pkcs12 file.
And decrypt the data using coresponding private key after that.
I must use bouncy castle api for java 1.4 se.
Best regards
Edited by: menchev on Nov 13, 2008 8:26 AM

Oracle 10g + Bouncy Castle JCE provider

Hi all,
I'm trying to deploy Bouncy Castle JCE provider into Oracle environment. I've
tried several choices but no one works.
My environment:
- Oracle 10.2.0.1.0 with Java version 1.4.2_08
- Java app deployed into Oracle uses $ORACLE_HOME/javavm as $JAVA_HOME
- I'm using bcprov-jdk14-124.jar.
I've deployed this library into Oracle (using loadjava), I've tried to copy
into $JAVA_HOME/lib/ext and edit $JAVA_HOME/lib/security/java.security (added
line 'security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider'),
I've tried to copy it into $ORACLE_HOME/jdk/jre/lib/ext and edit appropriate
java.security file, but nothing works. I'm still getting Exception with 'The
provider BC may not be signed by a trusted party'.
Is anyone successfully using bcprov library in Oracle?
Thanks a lot
Antonin Faltynek

Hi,
See Michael's post in the following thread Re: loadjava sunrsasign.jar
Kuassi http://db360.blogspot.com

Signing Bouncy Castle or third party provider's jar file with signtool

Hi,
I am using JDK 1.4.2 and bouncy castle as a provider for RSA.
It worked fine until recently when my company asked me to compile and build the jar from the source code from bouncy castle, instead of using the binary version provided in their website.
But I only have a certificate obtained from Verisign. So I used signtool 1.3 from netscape to sign the jar file, which could be verified by jarsigner. But when use this one signed by my company's certificate. it didn't work. The exception is
java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/
ECB/PKCS1Padding
at javax.crypto.Cipher.getInstance(DashoA6275)
When I switch back to the signed jar file provided by bouncy castle, everything worked ok again.
It looks that jar file is not recognized properly.
Can anyone tell me if I can use the signtool to sign the provider's jar file? Or I have to sign with jarsigner?
Thanks for the help.

Thanks for your reply.
I am reluctant to use the lightweight crypto API
becaues it will be difficult to switch to anther
service provider.True. However, if you switch to another Provider, you'll have the same trouble you're having with BC regarding rebuilding from source.
In BC's website, they don't have "cleanroom" JCE
listed for JDK 1.4
Can you give some resource for that?Hmmm - no, I can't. I haven't needed the cleanroom impl, so I stopped paying attention to it. I do't know if BC is working on a 1.4-compatible one or not. You might post a note to the dev-crypto mailing list BC runs.
Can I sign BC's jar file by my JCE certificate if I
obtain one from SUN?Unless you're recognized by Sun as a company that does significant security development, you will NOT get a security-signing cert. Several of us have already made the attempt.
The net is, what your bosses are asking for is unreasonable, and is preventing you from getting your job done. If they continue to insist that you build your security code from source, then your CANNOT use the JCE structure, period. In that case, you might as well use the BC lightweight API.
Grant

Is Bouncy Castle supported by default as an encryption provider?

Hello,
I need to encrypt data with RSA using Bouncy Castle (BC) as the provider.
I have coded something in java that uses BC:
Cipher cipher = Cipher.getInstance("RSA/NONE/PKCS1Padding","BC");
deployed it to the portal and it seems to be working without registering BC jar file first. Is BC supported on the portal server by default as I can seem to find its library on the server on one hand but the code is working as is on the other.
Roy

Got the answer - It's not.
The jar with shipped with the ear file I've deployed.

Verify a X.509 Certificate with Bouncy Castle and Java ME

Hi,
Can anybody point me to an example of verifying a X.509 certificate with Bouncy Castle under Java ME?
I can see how to easily do it in Java SE code with java.security.cert.Certificate.verify(), but I could not find an equivalent method in the lightweight API.
Any help is much appreciated.
Best regards,
iobytrap

That's a shame. I'm afraid I don't have any solutions, but I'm am interested if you find one. If you solve your problem, please post back here. In the mean time I'll keep looking around. Have you considered non-free software? IAIK has some fairly complete Java libraries for $$$, though I'm not sure what they have for JME.
EDIT:
Yes, they have a library for JME and it has an X509Certificate class. Here are the javadocs .
Edited by: ghstark on Apr 17, 2010 2:14 PM

Bouncy Castle Encryption for Large XML Files?

Hi,
I am trying to encrypt files > 8 KB using the KeyBasedLargeFileProcessor Utility class of Bouncy Castle.
It's encrypting the file. But, unable to decrypt the same encrypted file. Hence it's encrypting incorrectly.
While trying to decrypt the encrypted file, it says "It was encrypted with a key (4E616D65) that does not exist"
Please suggest what change needs to be made in the 'encryptFile' method where it says -
"OutputStream cOut = cPk.open(out, new byte[1 << 16]);"
I tried changing the value, but it doesn't work. The maximum file size that we may encrypt is around 3 MB.
The files that are being encrypted / decrypted are XML files.
Any inputs are highly appreciated.
Thanks,
Tan

While trying to decrypt the encrypted file, it says "It was encrypted with a key (4E616D65) that does not exist" So use the same key you encrypted with.
Please suggest what change needs to be made in the 'encryptFile' method where it says -
"OutputStream cOut = cPk.open(out, new byte[1 << 16]);" Do you have some evidence that that's where the problem is?

Weird Bouncy castle problem... works on cmd prompt, error in midlet

Hi, i'm developing a RC4 code.... it works when i made the main method display the plaintext, ciphertext and decrypted text.
But, putting it to a MIDlet, i get the error message:
java.lang.NoClassDefFoundError: org/bouncycastle/crypto/CipherParameters
 at TestRC4.<init>(+36)
 at java.lang.Class.runCustomCode(+0)
 at com.sun.midp.midlet.MIDletState.createMIDlet(+34)
 at com.sun.midp.midlet.Scheduler.schedule(+52)
 at com.sun.midp.main.Main.runLocalClass(+28)
 at com.sun.midp.main.Main.main(+80) Why? how do i fix it?

I call OpenProcess(), even with minimal parameters like PROCESS_QUERY_INFORMATION
Actually it's not minimal:
Generic read access to a higher integrity process (PROCESS_VM_READ access to the virtual memory of a process, and
PROCESS_QUERY_INFORMATION) is restricted to block the ability of lower-privilege processes from gaining read access to memory that may contain password data or other key material that is used for authentication.
https://msdn.microsoft.com/en-us/library/bb625962.aspx

Java Web Start 1.6 fails to start application without Java Consol on Vista

Hi All,
I've faced with problem related to starting my application in IE 7 on Vista SP1 using Java Web Start (JRE 1.6.0_12 and 1.6.0_13). I suppose that issue appears after 11th update of JRE 1.6 since it works fine before.
There were set settings to indicate initial and maximal size of the Java heap in the JNLP file.
Application consist of 2 JAR files and they are signed with the same certificate.
When user tried to start application there is no any activity after accepting certificate. After starting application javaw.exe just disappeared from processes list without any message or error.
When I changed default setting in Java Control Panel to show Java Console, I noticed that the application began to start. But it's not a solution of the issue, since all customers cannot be required to turn on Java console.
I believe this is a bug in JRE as the application starts with Java console and doesn't without it.
When I browsed the web looking for the solution or an advice I found Release notes for 1.6.0_014 where it was said that 6u14 Java Web Start failed to launch and notifies that JARs were not signed, if an insecure Java system property was specified in a sandbox JNLP file. In spite of that 14th updated wasn't used and there was no notification I tried to start application without settings for the Java heap and it worked.
Could someone help me with advice, since the application cannot be started with default heap size settings.
Thanks in advance.
Edited by: vovanst on Jul 28, 2009 8:06 AM

Hi,
as the 6u15 just arrived and the above mentioned bug should've been fixed (though I was unable to verify through the release notes), the error is still in there.
We have no timestamped jars, neither ours nor the bouncy castle ones, all certs are valid, ours is self signed.
6u13 runs, 6u14/6u15 won't.
I followed the instructions here: http://bouncycastle.org/devmailarchive/msg10415.html to no avail.
The bcprov.jar is wrapped in its own jnlp and referred as extension from the "main" jnlp.
The interesting parts of the stack trace are these:
Caused by (via getCause): java.lang.SecurityException: JCE cannot authenticate the provider BC
     at javax.crypto.Cipher.getInstance(DashoA13*..)
     at javax.crypto.Cipher.getInstance(DashoA13*..)
Caused by (via getCause): java.util.jar.JarException: Cannot parse https://localhost:8443/deploy/bcprov.jar
     at javax.crypto.SunJCE_c.a(DashoA13*..)
     at javax.crypto.SunJCE_b.b(DashoA13*..)
     at javax.crypto.SunJCE_b.a(DashoA13*..)
     at javax.crypto.Cipher.getInstance(DashoA13*..)
     at javax.crypto.Cipher.getInstance(DashoA13*..)
For me it seems there's a problem with resolving the url of the bcprov.jar, which would explain the lack of a delay which normally occurs when JCE verifies the signature of the bcprov provider classes. The error pops up almost instantly.
I'm clueless what to do now. Did Sun really achieve to completely destroy JCE provider functionality in Javaws, forcing us to use an alternative implementation?
Patric

Java C# Encryption compatibility

Would anyone happen to know or could point me to a place where I can find out the compatibility in the crypto libraries between C#/.NET and the various Java providers including JCE, BouncyCastle and Cryptix. I would need to exchange things like session keys and PBE encrypted messages. Maybe also some MD5 hashes. Now I assume that if I use the same exact algorigthm in theory the byte arrays should be identical, however in practice I'm afraid I'm going to run into issues like different algorithm implementations as well as other things such as byte order differences, String locale differences and maybe even things like Base64 encoding. So I guess what I would really love to read or see would be somekind of a review of compatibility in encrytion and a rough guide for the major issues in sharing encrypted information between Java and C#.
Thnx for any info.
-Igor

I know what you're looking for, and I haven't found it either.
The closest thing might be this article comparing the crypto
support in .Net to Java:
http://www.onjava.com/lpt/a/4415
If you end up running into compatibility issues, you might want
to consider using Bouncy Castle's C# crypto port on your .Net
side: http://www.bouncycastle.org/csharp/index.html
Using BC on both the Java and C# side could eliminate any weird
implementation problems with the .Net libraries.
Be aware that if you go down the pure .Net route, you may end up having
to use the MS CAPICOM library from C# since it hasnt all been ported over
yet. Here's an article about how to do it: http://msdn.microsoft.com/security/securecode/dotnet/default.aspx?pull=/library/en-us/dncapi/html/netcryptoapi.asp

How Can i use the key file Generated by RSACryptoServiceProvider to encrypt with php?

I need to be able to encrypt data in PHP using a public key generate by .NET(RSACryptoServiceProvider). I will then decrypt the data later in C# using the private key.
Code Snippet
<RSAKeyValue><Modulus>xU5JyaPNDKXI/h/uo5Vk89wZSz3zsB1+c+1IMYIQa+mCmuRCRPuoBI7ODSV2ndP6grfhdrWEzhpZtkI3SThbBh/3t+tfZ2PF8Iyv9ECN07V64nPCiJGhAnfENE+J9UD9Kw5czXHgZcBbpM5N0VfXmLSleaS65DDoNPtoStVy7ss=</Modulus><Exponent>AQAB</Exponent>4ScAjVrPZii/6lICAP2yDQiNEmNL74+5AcxNVDI0IombfDPIygrqEWmuDu0pngApQak7XnEnLbaDChILFiHPZQ==<Q>4FaYlse+cjrlPD/jk+GsTJeuP7yuQx8ztjVnQWVh6GKQP+uk1dAl6kcZOfLNR6LWwE3CSygt8PthTEw96Zbabw==</Q><DP>XvXtNLE9UjATqYeHEtXtV7Pok/3PVC3A8PIzFzTJaluxeXP51sU9rbRt1hvO9rXIsMnooU+GH7Cfmgq8JEyERQ==</DP><DQ>HXkC/vwq9xLpvuqd2XXSjxV2XQVK16Knxo5pjFvnawJX9S3eMADymj7Q/534firUj9snZXxX3MsJ015I3AFnnQ==</DQ><InverseQ>AM0fVCE3n2FKf2zb3CcDEge1Ko35VvMEL+LXgR87QwO2HScZSuLevGLi2SSAkB1vu8RSNzB028SZReeOZWnq4Q==</InverseQ><D>fI+GKdRNOTTYhQZnw8Im74T+OvArjf2wvUMJlqfD8jyDBYIhDCfL1MTK9KW4Er+moSuxHR5Pb0ZXaKa4/HKlk0aJ1jB2C+jg7zTSuPRNuS16BpVHaJYsQurCwZwElXMum+GxeXK/h3wXWq5HwebjqZr0aLUMZKRcweDPRoVFiRE=</D></RSAKeyValue>
As you see this code snippet is a xml format private key. at .net platform,which can use encrypt or dencrypt.
i have try the Extension Crypt RSA ( http://pear.php.net/reference/Crypt_RSA-1.0.0/elementindex_Crypt_RSA.html ) to help me encrypt data by php.but it haven't return a currect result. the data encrypted by php cann't dencrypt by c#.
does the RSA algorithm provider by Crypt_RSA can give a stand result as c#?
BTW :i just use the xmlkeystring like this.
Code Snippet
<?php
require_once("Crypt/RSA.php");
require_once("includes/Utils.class.php");
 $public_key_string = simplexml_load_string("<RSAKeyValue><Modulus>xU5JyaPNDKXI/h/uo5Vk89wZSz3zsB1+c+1IMYIQa+mCmuRCRPuoBI7ODSV2ndP6grfhdrWEzhpZtkI3SThbBh/3t+tfZ2PF8Iyv9ECN07V64nPCiJGhAnfENE+J9UD9Kw5czXHgZcBbpM5N0VfXmLSleaS65DDoNPtoStVy7ss=</Modulus><Exponent>AQAB</Exponent>4ScAjVrPZii/6lICAP2yDQiNEmNL74+5AcxNVDI0IombfDPIygrqEWmuDu0pngApQak7XnEnLbaDChILFiHPZQ==<Q>4FaYlse+cjrlPD/jk+GsTJeuP7yuQx8ztjVnQWVh6GKQP+uk1dAl6kcZOfLNR6LWwE3CSygt8PthTEw96Zbabw==</Q><DP>XvXtNLE9UjATqYeHEtXtV7Pok/3PVC3A8PIzFzTJaluxeXP51sU9rbRt1hvO9rXIsMnooU+GH7Cfmgq8JEyERQ==</DP><DQ>HXkC/vwq9xLpvuqd2XXSjxV2XQVK16Knxo5pjFvnawJX9S3eMADymj7Q/534firUj9snZXxX3MsJ015I3AFnnQ==</DQ><InverseQ>AM0fVCE3n2FKf2zb3CcDEge1Ko35VvMEL+LXgR87QwO2HScZSuLevGLi2SSAkB1vu8RSNzB028SZReeOZWnq4Q==</InverseQ><D>fI+GKdRNOTTYhQZnw8Im74T+OvArjf2wvUMJlqfD8jyDBYIhDCfL1MTK9KW4Er+moSuxHR5Pb0ZXaKa4/HKlk0aJ1jB2C+jg7zTSuPRNuS16BpVHaJYsQurCwZwElXMum+GxeXK/h3wXWq5HwebjqZr0aLUMZKRcweDPRoVFiRE=</D></RSAKeyValue>");
 $key =new Crypt_RSA_Key(base64_decode($public_key_string->Modulus),base64_decode($public_key_string->Exponent),"public");
 echo "<pre>";
 print_r($key);
 echo "</pre>";
 $rsa_obj = new Crypt_RSA();
 //try encrypt data
 echo "encrypted result is: ".$rsa_obj->encrypt("this is a smple text.",$key)
 ?>
but the encrypted data cann't decrypt by c#?where is the problem?what should i do with php codes?

thank you for your reply, i also found this article by google.but this does not meet scene, thank you all the same.
i have already solved the problem now,i'd like to post the Solution .infact it's so easy to use rsakey file generated by .net .
-------------rsa.class.php-------------------
Code Snippet
<?php
* Some constants
define("BCCOMP_LARGER", 1);
class RSA
* PHP implementation of the RSA algorithm
* (C) Copyright 2004 Edsko de Vries, Ireland
* Licensed under the GNU Public License (GPL)
* This implementation has been verified against [3]
* (tested Java/PHP interoperability).
* References:
* [1] "Applied Cryptography", Bruce Schneier, John Wiley & Sons, 1996
* [2] "Prime Number Hide-and-Seek", Brian Raiter, Muppetlabs (online)
* [3] "The Bouncy Castle Crypto Package", Legion of the Bouncy Castle,
* (open source cryptography library for Java, online)
* [4] "PKCS #1: RSA Encryption Standard", RSA Laboratories Technical Note,
* version 1.5, revised November 1, 1993
* Functions that are meant to be used by the user of this PHP module.
* Notes:
* - $key and $modulus should be numbers in (decimal) string format
* - $message is expected to be binary data
* - $keylength should be a multiple of 8, and should be in bits
* - For rsa_encrypt/rsa_sign, the length of $message should not exceed
* ($keylength / 8) - 11 (as mandated by [4]).
* - rsa_encrypt and rsa_sign will automatically add padding to the message.
* For rsa_encrypt, this padding will consist of random values; for rsa_sign,
* padding will consist of the appropriate number of 0xFF values (see [4])
* - rsa_decrypt and rsa_verify will automatically remove message padding.
* - Blocks for decoding (rsa_decrypt, rsa_verify) should be exactly
* ($keylength / 8) bytes long.
* - rsa_encrypt and rsa_verify expect a public key; rsa_decrypt and rsa_sign
* expect a private key.
* rsa encrypt data
* @param binary string $message
* @param unknown_type $public_key
* @param numbers $modulus
* @param numbers $keylength
* @return binary data
function rsa_encrypt($message, $public_key, $modulus, $keylength)
 $padded = RSA::add_PKCS1_padding($message, true, $keylength / 8);
 $number = RSA::binary_to_number($padded);
 $encrypted = RSA::pow_mod($number, $public_key, $modulus);
 $result = RSA::number_to_binary($encrypted, $keylength / 8);
 return $result;
function rsa_decrypt($message, $private_key, $modulus, $keylength)
 $number = RSA::binary_to_number($message);
 $decrypted = RSA::pow_mod($number, $private_key, $modulus);
 $result = RSA::number_to_binary($decrypted, $keylength / 8);
 return RSA::remove_PKCS1_padding($result, $keylength / 8);
function rsa_sign($message, $private_key, $modulus, $keylength)
 $padded = RSA::add_PKCS1_padding($message, false, $keylength / 8);
 $number = RSA::binary_to_number($padded);
 $signed = RSA::pow_mod($number, $private_key, $modulus);
 $result = RSA::number_to_binary($signed, $keylength / 8);
 return $result;
function rsa_verify($message, $public_key, $modulus, $keylength)
 return RSA::rsa_decrypt($message, $public_key, $modulus, $keylength);
function rsa_kyp_verify($message, $public_key, $modulus, $keylength)
 $number = RSA::binary_to_number($message);
 $decrypted = RSA::pow_mod($number, $public_key, $modulus);
 $result = RSA::number_to_binary($decrypted, $keylength / 8);
 return RSA::remove_KYP_padding($result, $keylength / 8);
* The actual implementation.
* Requires BCMath support in PHP (compile with --enable-bcmath)
// Calculate (p ^ q) mod r
// We need some trickery to [2]:
// (a) Avoid calculating (p ^ q) before (p ^ q) mod r, because for typical RSA
// applications, (p ^ q) is going to be _WAY_ too large.
// (I mean, __WAY__ too large - won't fit in your computer's memory.)
// (b) Still be reasonably efficient.
// We assume p, q and r are all positive, and that r is non-zero.
// Note that the more simple algorithm of multiplying $p by itself $q times, and
// applying "mod $r" at every step is also valid, but is O($q), whereas this
// algorithm is O(log $q). Big difference.
// As far as I can see, the algorithm I use is optimal; there is no redundancy
// in the calculation of the partial results.
function pow_mod($p, $q, $r)
 // Extract powers of 2 from $q
 $factors = array();
 $div = $q;
 $power_of_two = 0;
 while(bccomp($div, "0") == BCCOMP_LARGER)
 $rem = bcmod($div, 2);
 $div = bcdiv($div, 2);
 if($rem) array_push($factors, $power_of_two);
 $power_of_two++;
 // Calculate partial results for each factor, using each partial result as a
 // starting point for the next. This depends of the factors of two being
 // generated in increasing order.
 $partial_results = array();
 $part_res = $p;
 $idx = 0;
 foreach($factors as $factor)
 while($idx < $factor)
 $part_res = bcpow($part_res, "2");
 $part_res = bcmod($part_res, $r);
 $idx++;
 array_push($partial_results, $part_res);
 // Calculate final result
 $result = "1";
 foreach($partial_results as $part_res)
 $result = bcmul($result, $part_res);
 $result = bcmod($result, $r);
 return $result;
// Function to add padding to a decrypted string
// We need to know if this is a private or a public key operation [4]
function add_PKCS1_padding($data, $isPublicKey, $blocksize)
 $pad_length = $blocksize - 3 - strlen($data);
 if($isPublicKey)
 $block_type = "\x02";
 $padding = "";
 for($i = 0; $i < $pad_length; $i++)
 $rnd = mt_rand(1, 255);
 $padding .= chr($rnd);
 else
 $block_type = "\x01";
 $padding = str_repeat("\xFF", $pad_length);
 return "\x00" . $block_type . $padding . "\x00" . $data;
// Remove padding from a decrypted string
// See [4] for more details.
function remove_PKCS1_padding($data, $blocksize)
 assert(strlen($data) == $blocksize);
 $data = substr($data, 1);
 // We cannot deal with block type 0
 if($data{0} == '\0')
 die("Block type 0 not implemented.");
 // Then the block type must be 1 or 2
 assert(($data{0} == "\x01") || ($data{0} == "\x02"));
 // Remove the padding
 $offset = strpos($data, "\0", 1);
 return substr($data, $offset + 1);
// Remove "kyp" padding
// (Non standard)
function remove_KYP_padding($data, $blocksize)
 assert(strlen($data) == $blocksize);
 $offset = strpos($data, "\0");
 return substr($data, 0, $offset);
// Convert binary data to a decimal number
function binary_to_number($data)
 $base = "256";
 $radix = "1";
 $result = "0";
 for($i = strlen($data) - 1; $i >= 0; $i--)
 $digit = ord($data{$i});
 $part_res = bcmul($digit, $radix);
 $result = bcadd($result, $part_res);
 $radix = bcmul($radix, $base);
 return $result;
// Convert a number back into binary form
function number_to_binary($number, $blocksize)
 $base = "256";
 $result = "";
 $div = $number;
 while($div > 0)
 $mod = bcmod($div, $base);
 $div = bcdiv($div, $base);
 $result = chr($mod) . $result;
 return str_pad($result, $blocksize, "\x00", STR_PAD_LEFT);
?>
-------------RSAProcessor.class.php------------------------
Code Snippet
<?php
require_once("rsa.class.php");
class RSAProcessor
private $public_key = null;
private $private_key = null;
private $modulus = null;
private $key_length = "1024";
public function __construct($xmlRsakey=null,$type=null)
 $xmlObj = null;
 if($xmlRsakey==null)
 $xmlObj = simplexml_load_file("xmlfile/RSAKey.xml");
 elseif($type==RSAKeyType::XMLFile)
 $xmlObj = simplexml_load_file($xmlRsakey);
 else
 $xmlObj = simplexml_load_string($xmlRsakey);
 $this->modulus = RSA::binary_to_number(base64_decode($xmlObj->Modulus));
 $this->public_key = RSA::binary_to_number(base64_decode($xmlObj->Exponent));
 $this->key_length = strlen(base64_decode($xmlObj->Modulus))*8;
* get public key
* @return string public key
public function getPublicKey()
 //return base64_encode(RSA::number_to_binary($this->public_key,($this->key_length)/8));
 return $this->public_key;
public function getPrivateKey()
 //return base64_encode(RSA::number_to_binary($this->private_key,($this->key_length)/8));
 return $this->private_key;
public function getKeyLength()
 return $this->key_length;
public function getModulus()
 return $this->modulus;
* encrypt data
* @param string $data
* @return base64 encoded binary string
public function encrypt($data)
 return base64_encode(RSA::rsa_encrypt($data,$this->public_key,$this->modulus,$this->key_length));
public function dencrypt($data)
 return RSA::rsa_decrypt($data,$this->private_key,$this->modulus,$this->key_length);
public function sign($data)
 return RSA::rsa_sign($data,$this->private_key,$this->modulus,$this->key_length);
public function verify($data)
 return RSA::rsa_verify($data,$this->public_key,$this->modulus,$this->key_length);
class RSAKeyType
const XMLFile = 0;
const XMLString = 1;
?>
-------------- encrypt data with public key-----------------
Code Snippet
<?php
require_once("RSAProcessor.class.php");
$processor = new RSAProcessor
("<RSAKeyValue><Modulus>m6ljoeWhmnd0oRnsVEH5iNw3B8+vKVu7v7CVfMyf6bnKEzHa62TRmT/baJiSevoI/vgm2ph/s1JrQQTaGiErHicigwSC
Aw7+i05WFbnz7tOyiiJJVMfsdd+v7Xan9Hiud05FzxoMbM8vpiMHPEIDbGJ1MiXyupTVkz2WcMHyBoJ4S189opktZ43pviUhy0PeuWkyoU7zR54akPmK
Yg+z5Zr1r7K8lUZ1a3TThfJGxTQR/uZMtZz/q8QF0AANVQ/eyahTv9icBzBoDuncS0Y5l3vqogW1C/ltJvhJpvSn/OgjbRjuixCAptOUmRd13sDWU95/
x0bMq+Lg68lj2OjJ1Q==</Modulus><Exponent>AQAB</Exponent>zfvdBsMLlmo+4PAUYLgSV2xyyVa7ZqFjkJaAE4EbYuH24EoZjrzeiJR++D
FUT/GUhjfZ5eZ/5e29dXwk0sKUw6nHzBdBtOPp5fr4t5SKLEcWY+J+zLUSOlhG9NUkohFf6+Miy2Y7BLpXVrcl6UwXV0ak8KkTPB2l/aIMwYj5dgc=<Q>wXV0sA3nDzoSDQA/4QSu/WIlBhkA3jZ7K7G9Z9rpP1A0vH+bZeyCIyo52u8ahGuYbubaizF1XMp+Xv3Mh2KmRbt7+UptwEwbFAUiiad2a312mqm
j7IJd7gRjGkyzKEm+6fpNeY3NFLNVNhccBqzhNkRoM22xnvQcImD10XVAakM=</Q><DP>wd1HdCLEWCfc0DYE59a2pINUMXyo2foRTDbpifHcRZ+ojAY
Rsc6+nsssCQnccXVMNVqBgSgEvfGYe+eAfMBX5SN5APPuioJrVGF2DsoFlZC+WPoGH0JYSoNlHO8yEDrMDaXzzH2GFHgQ1XOAged0nFbHzB1FFjJNVL5
cxRXWu6c=</DP><DQ>QDKuCk5SwubOXqoaiJ15RHRxPNjHRPZnYVSWOgSXKn9/QJ5H/0bA2NKGaHS4JAFgkEzjcRV0kNpRnUwztymxa6qPtWZRjWK0Ca
y6jVuZHIqB9UkeMLoCWZ3zFSMmwNPYGuUJGLFJwPjR6iU5E64C/nMs8QQR0WHIhFAQwvVZ7uk=</DQ><InverseQ>JckMSlJR10VZdnp83VPjrZ/Z+63
CGu3tWHm7f4DJ8IwjJWr8FlCpbSwiP6a4e9Upv6bUn/tOj2gY6MMq5G5yTKm2SCRvpUKRu4NCmWAt7vlFv0Z6pkXlTOpzvVjv3v16+dIZOA5Zn+v7+r1
xbdYdH20KRAbiBO3MfQP7s+VJJvM=</InverseQ><D>W1xrBr2hQOj1wgxWAgoK7IHbprEFrK+TnWmGA46SGPsbmHJ9fAVbY6fwHg7Wgmk4WHXLUCeLY
/Nu0eWIISfwh60Oe3ls2WC2k4qxyeSvQDBuLNb81U7WAUT9m9E1uK4QMCP3oxs1ybM80zTh7UMNgVK0WG+fbFUomVffcWTTqW+Fu12PEIO+UR/85oq+x
qVlTzYAEzt1OE9IhkYiRzi99ePXeH2gFltzJ/fb/7jLsDTkhM2eiYTGyOTZmBnen6c6a8b9LFTY4Bc0bGpk5ezHkub6F8p2ZgL/JgIOJMyRZICjDjs+9
k9PTmMTFsCF6xzHY15Fg25xIDYzIyx1rrRUjQ==</D></RSAKeyValue>",RSAKeyType::XMLString);
$rs = $processor->encrypt("Hello,It's Works.");
echo $rs;
?>
with the front codes.you can easy to encrypt data by public key generate by .net programe.

XML Parsing Error: no element found Location:Line Number 1, Column 1:

Hi,
i have a servlet code in which i am using bouncy castle encryption algorithm , if i tried to run that servlet on embeded weblogic server than my servlet works fine without error.
but if i deploy same Servlet code on SOA domain console than i get following error.
XML Parsing Error: no element found
Location: http://localhost:7001/Encryption-PGPEncrypt-context-root/pgpservlet
Line Number 1, Column 1:
Please help me friends...

Hi Chandra,
Based on my research, the error message is only generated by FireFox when the render page is blank in Internet. For some reason, .NET generates a response type of "application/xml" when it creates an empty page. Firefox parses the file as XML and finding
no root element, spits out the error message.
Also, based on your description, the other sites are opened correctly, the issue only happened in Central Administration(CA). This means the SharePoint services are working fine.
Since this issue only occurred in the CA, it might be due the application pool for the CA is corrupted. Please try to restart the application pool for the CA to resove the issue:
1. Open Internet Information Service(IIS)
2. List the application pools
3. Select the application pool used for the CA
4. Stop it, and then start it again.
Note, if the application pool is running in Classic mode, please change it to be Integrated mode.
Additionally, I found a similar thread, which may help you too:
http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/824d7dda-db03-452b-99c4-531c5c576396
If you have any more questions, please feel free to ask.
Thanks,
Jin Chen
Jin Chen - MSFT

Using javax.crypto in oracle 10g

Hi,
I have a java stored procedure for oracle 10g (running jdk1.4) that
uses the javax.crypto package and the bouncy castle provider for RSA
decryption. Here is a snippet of the code in the procedure:
Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
Cipher rsaCipher = Cipher.getInstance("RSA");
RSAPrivateKey key = (RSAPrivateKey)
MSPrivKeytoJKey.getPrivateKey(aKey);
rsaCipher.init(Cipher.DECRYPT_MODE, key);
rsaCipher.doFinal(encryptedByteArray);
This works fine on my own machine running jdk1.4. However, when I load
my stored procedure into the database and run it, I get the following
exception after the line
Cipher rsaCipher = Cipher.getInstance("RSA");
tries to execute:
java.security.NoSuchAlgorithmException: Cannot find any provider
supporting RSA
I have tried the following (based on information gathered from various
forums):
- ran
loadjava -u username/pass@DB -v bcprov-jdk14-137.jar
- added the following line to java.security
security.provider.4=org.bouncycastle.jce.provider.BouncyCastleProvider
but i still get the same error.
I am reaching out desperately to all you experts for help :)
Pouria

Hi,
Unfortunately, the Java VM only supports the basic JDK functionalities; you could try the Metalink Note 356123.1 which should work using BC library but this note only addresses AES.
Furthermore, you need the following two extra permissions:
exec dbms_java.grant_permission('SCOTT', 'SYS:java.security.SecurityPermission','putProviderProperty.BC', '' );
exec dbms_java.grant_permission( 'SCOTT', 'SYS:java.security.SecurityPermission','insertProvider.BC', '' );
Oboviously SCOTT would be changed to whichever schema you are using.
Kuassi http://db360.blogspot.com

Need Help about Certificate based Authentication

Hi friends..
Currently, i'm trying to develop an applet that using Certificate Based Authentication..
i have looked at this thread : http://forums.sun.com/thread.jspa?threadID=5433603
these is what Safarmer says about steps to generate CSR :
0. Generate key pair on the card.
1. Get public key from card
2. Build CSR off card from the details you have, the CSR will not have a signature
3. Decide on the signature you want to use (the rest assumes SHA1 with RSA Encryption)
4. Generate a SHA1 hash of the CSR (without the signature section)
5. Build a DigestInfo structure (BER encoded TLV that you can get from the PKCS#1 standard) that contains the message digest generated in the previous step
6. Send DigestInfo to the card
7. On the card, the matching private key to encrypt the DigestInfo
8. Return the encrypted digest info to the host
9. Insert the response into the CSR as the signature
Sorry, i'm a little bit confused about those steps.. (Sorry i'm pretty new in X509Certificate)..
on step 4,
Generate a SHA1 hash of the CSR (without the signature section)
Does it mean we have to "build" CSR looks like :
Data:
Version: 0 (0x0)
Subject: C=US, ST=California, L=West Hollywood, O=ITDivision, OU=Mysys, CN=leonardo.office/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:be:a0:5e:35:99:1c:d3:49:ba:fb:2f:87:6f:d8:
ed:e4:61:f2:ae:6e:87:d0:e2:c0:fd:c1:0f:ed:d7:
84:04:b5:c5:66:cd:6b:f0:27:a2:cb:aa:3b:d7:ad:
fa:f4:72:10:08:84:88:19:24:d0:b0:0b:a0:71:6d:
23:5e:53:4f:1b:43:07:98:4d:d1:ea:00:d1:e2:29:
ea:be:a9:c5:3e:78:f3:5e:30:1b:6c:98:16:60:ba:
61:57:63:5e:6a:b5:99:17:1c:ae:a2:86:fb:5b:8b:
24:46:59:3f:e9:84:06:e2:91:b9:2f:9f:98:04:01:
db:38:2f:5b:1f:85:c1:20:eb
Exponent: 65537 (0x10001)
Attributes:
a0:00
on step 5, Build a DigestInfo structure (BER encoded TLV that you can get from the PKCS#1 standard) that contains the message digest generated in the previous step
How DigestInfo structure (BER encoded TLV that you can get from the PKCS#1 standard) looks like?
And what is the DigestInfo Contains, and what is TAG for DigestInfo?..
Please help me regarding this..
Thanks in advance..
Leonardo Carreira

Hi,
Leonardo Carreira wrote:
Sorry, Encode the Public Key is handled by On Card Application or Off Card Application?..
I think its' easier to encode the public key by Off Card app..
Could you guide me how to achieve this?, i think Bouncy Castle can do this, but sorry, i don't know how to write code for it.. :( All you need to do is extract the modulus and exponent of the public key. These will be in a byte array (response from your card) that you can use to create a public key object in your host application. You can then use this key to create a CSR with bouncycastle.
I have several some questions :
1. Does Javacard provide API to deal with DER data format?JC 2.2.1 does not buy JC 2.2.2 does, however I believe this is an optional package though. You can implement this in your applet though.
2. Regarding the Certificate Based Authentication, what stuff that need to be stored in the Applet?..
- I think Applet must holds :
- its Private Key,
- its Public Key Modulus and its Public Key Exponent,
- its Certificate,
- Host Certificate
i think this requires too much EEPROM to store only the key..This depends on what you mean by Certificate Based Authentication. If you want your applet to validate certificates it is sent against a certificate authority (CA) then you need the public keys for each trust point to the root CA. To use the certificate for the card, you need the certificate and corresponding private key. You would not need to use the public key on the card so this is not needed. You definitely need the private key.
Here is a rough estimate of data storage requirements for a 2048 bit key (this is done off the top of my head so is very rough):
~800 bytes for your private key
~260 bytes per public key for PKI hierarchy (CA trust points)
~1 - 4KB for the certificate. This depends on the amount of data you put in your cert
3. What is the appropriate RSA key length that appropriate, because we have to take into account that the buffer, is only 255 bytes (assume i don't use Extended Length)..You should not base your key size on your card capabilities. You can always use APDU chaining to get more data onto the card. Your certificate is guaranteed to be larger than 256 bytes anyway. You should look at the NIST recommendations for key strengths. These are documented in NIST SP 800-57 [http://csrc.nist.gov/publications/PubsSPs.html]. You need to ensure that the key is strong enough to protect the data for a long enough period. If the key is a transport key, it needs to be stronger than the key you are transporting. As you can see there are a lot of factors to consider when deciding on key size. I would suggest you use the strongest key your card supports unless performance is not acceptable. Then you would need to analyse your key requirements to ensure your key is strong enough.
Cheers,
Shane

Issue: App won't start, Dependancy Library Signature Issue

When I attempt to launch my web launch application, I get the following error:
An error occurred while launching/running the application.
Title: App
Vendor: Vendor
Category: Launch File Error
JAR resources in JNLP file are not signed by same certificate
My JNLP file has the following nodes under resources:
<jar href="myapp.jar" main="true" download="eager"/>
<jar href="lib/bcprov-jdk16-143.jar" download="eager"/>
<jar href="lib/commons-logging-1.1.jar" download="eager"/>
<jar href="lib/ws-commons-util-1.0.2.jar" download="eager"/>
<jar href="lib/xmlrpc-client-3.1.1.jar" download="eager"/>
<jar href="lib/xmlrpc-common-3.1.1.jar" download="eager"/>bcprov-jdk16-143.jar is Bouncy Castle's security provider and associated code. It is obviously signed with a different key (as all security providers are). Is there any way to resolve this issue?

main JNLP:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+"
codebase="http://localhost:8080/"
href="myapp.jnlp">
<information>
<title>MyApp</title>
<vendor>MyVendor</vendor>
<homepage href="./" />
<description>MyDescription</description>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.4+" href="http://java.sun.com/products/autodl/j2se"/>
<extention name="Bouncy Castle Security" href="bcprov.jnlp">
<ext-download ext-part="bcprovider" download="eager" />
</extention>
<jar href="myapp.jar" main="true" download="eager"/>
</resources>
<application-desc main-class="MyApp" />
</jnlp>auxiliary JNLP:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://localhost:8080/"
href="bcprov.jnlp">
<information>
<title>Bouncy Castle Security Provider</title>
<vendor>https://bouncycastle.org/</vendor>
</information>
<security>
<all-permissions/>
</security>
<component-desc/>
<resources>
<jar href="lib/bcprov-jdk16-143.jar" download="eager" part="bcprovider"/>
</resources>
</jnlp>when I try to execute my JNLP file, I am presented with an error: "java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider"
BouncyCastleProvider is in the bcprov-jdk16-143.jar file (which is in my auxillary JNLP). Am I doing something obviously wrong here? I've already tried it without the <ext-download> with no success.
Edited by: john_juskus on Apr 29, 2009 2:18 PM

Bouncy castle???

Similar Messages

Maybe you are looking for