Bouncy Castle Crypto package

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including J2ME) with the additional infrastructure to conform the algorithms to the JCE framework. The package is distributed under a license based on the MIT X Consortium license, which means it is distributed at no charge for commercial or non-commercial use.

The Bouncy Castle Crypto package can be downloaded from:

The Bouncy Castle package can be downloaded in one go which includes JCE, provider, light weight API, J2ME, JDK1.2, JDK1.1, and JDK1.0 compatibility classes, signed jars, etc. or can be downloaded separately.

An overview of the Bouncy Castle libraries and their purpose can be found here below.
The jar files depends on the JVM version you have installed.

Bouncy Castle libraries
jce-jdkNN-MMM.jar Java Cryptography Extension (JCE) library

This package support the generation of certificates and PKCS10 signing requests.
bctsp-jdkNN-MMM.jar Bouncy Castle TSP (Time Stamp Protocol) library
bctest-jdkNN-MMM.jar Bouncy Castle test classes library
bcprov-jdkNN-MMM.jar Bouncy Castle provider library
bcpg-jdkNN-MMM.jar Bouncy Castle OpenPGP/BCPG library

A package dealing with OpenPGP objects.
bcmail-jdkNN-MMM.jar Bouncy Castle SMIME/CMS library

A package for processing RFC 3852 Cryptographic Message Syntax (CMS) objects - also referred to as PKCS#7 (formerly RFC 2630, 3369), and also dealing with S/MIME objects (RFC 3851). Bouncy Castle J2ME library Bouncy Castle J2ME library
Note: NN=J2SE version, MMM=Bouncy Castle release

Cryptography basics


The Security API is a core API of the Java programming language, built around the package (and its subpackages).

The first release of the Security API in JDK 1.1 has introduced the "Java Cryptography Architecture" (JCA), a framework for accessing and developing cryptographic functionality for the Java platform. In JDK 1.1, the JCA included APIs for digital signatures and message digests.

The Java Cryptography Extension (JCE) extends the JCA API to include APIs for encryption, key exchange, and Message Authentication Code (MAC). Together, the JCE and the cryptography aspects of the SDK provide a complete, platform-independent cryptography API. JCE was previously an optional package (extension) to the Java 2 SDK, Standard Edition, versions 1.2.x and 1.3.x. JCE has now been integrated into the Java 2 SDK, v 1.4.

More information about the abbreviations, see quick guide "Cryptography abbreviations".

Message digest
J2SE 1.4.x supporting algorithms: MD5, SHA-1, SHA-256, SHA-384, SHA-512
A message digest is a number which is created algorithmically from a file/message and represents that file/message uniquely. If the file/message changes, the message digest will change.
In short message digests ensures the integrity of a file/message. Message digests are also known as one-way hash functions.

Note 1: If you want to use MD2 you must install a provider package, for example Bouncy Castle.
Note 2: MD2 and MD5 are 128-bit algorithms.
Note 3: MD5 is most used.
Note 4: SHA-1, SHA-256, SHA-384, SHA-512 are respectively 160, 256, 384, and 512-bits
Note 5: SHA-1 is most used.

Code example 1:

Message authentication code
J2SE 1.4.x supporting algorithms: HmacMD5, HmacSHA1
If a key is used to create a message digest, the algorithm is known as a message authentication code. Due to key generation it takes a longer time before the message digest is created.

Code example 1:

Private key cryptography (a.k.a. symmetric key cryptography or shared key cryptography)
J2SE 1.4.x supporting algorithms: AES, Blowfish, DES, DESede
Using private key cryptography, Alice and Bob can communicate securely using the following simple protocol:
  • Alice and Bob each have the same private key that only they know and they agree to use a common cryptographic algorithm, or cipher.
  • Alice encrypts her message (=plaintext) with with the private key and sends the encrypted message (=ciphertext) to Bob.
  • Bob receives the encrypted message and decryptes it with the private key to re-create the original message.
The strength of the private key encryption is determined by the cryptography algorithm (=cipher) and the length of the key.
The message can be encrypted bit by bit or chunks of bits, called blocks. The blocks, called cipher blocks are typically 64 bits in size. If the message is not a multiple of 64 bits, then the short block must be padded. Single-bit ciphers are called stream ciphers. A well known cipher is the DES algorithm which uses 56-bit keys.
Note: Do not use DES, the key size is to weak.

Code example 1:
Code example 2:
Code example 3:
Code example 4:

Public key cryptography (also known as asymmetric key cryptography)
J2SE 1.4.x supporting algorithms: RSA, DH
Using public key cryptography, Alice wants to send an encrypted message to Bob using the following simple protocol:
  • Alice and Bob both have their own key pairs. A key pair consists of a public key and a private key. If the public key is used to encrypt something, then it can only be decrypted using the private key. And similarly, if the private key is used to encrypt something, then it can be decrypted only using the public key. It is not possible to figure out what the private key is given only the public key, or vice versa.
  • Alice wants to send an encrypted message to Bob. She encrypts the message (=plaintext) using Bob's public key and sends the encrypted message (=ciphertext) to Bob.
  • Bob receives the encrypted message and decryptes if it with his private key to to re-create the original message.
RSA is supported by J2SE 1.4. However to make this work you need a third-party library like BouncyCastle.

The Diffie-Hellman (DH)algorithm, also known as key-agreement algorithm is used to allow two parties to derive a secret key by sharing information over a public channel. This key can then be used for private key encryption.

Code example 1:

J2SE 1.4.x supporting algorithms: No padding, PKCS5Padding, OAEPWith<digest>And<mgf>Padding, SSL3Padding

If the message is not a multiple of 64 bits, then the short block must be padded (see Symmetric key encryption). There are several ways to pad a block, such as using all zeroes or ones or by repeating a byte whose value represents the number of remaining bytes.

Code example 1:

The way we use a block cipher is called its mode of use. Modes allow you to specify how encryption will work. For example, you can allow the encryption of one block to be dependent on the encryption of the previous block, or you can make the encryption of one block independent of any other blocks. The Java platform supports the following modes:
  • NONE - No mode
  • Block modes - Messages are split in blocks.
    • ECB (Electronic Code Book)
      The message is broken into independent 64-bit blocks which are encrypted.

    • CBC (Cipher Block Chaining)
      The message is broken into 64-bit blocks, but they are linked together in the encryption operation.

    • PCBC (Propagating Cipher Block Chaining)
      Is a variation on the CBC mode of operation and is designed to extend or propagate a single bit error in the ciphertext. This allows errors in transmission to be captured and the resultant plaintext to be rejected.

  • Stream modes - On bit stream messages.
    • CFB (Cipher Feedback Mode)
      There message is treated as a stream of bits, added to the output of the DES, with the result being feed back for the next stage.

    • OFB (Output Feedback Mode)
      The message is treated as a stream of bits, added to the message, but with the feedback being independent of the message.

Code example 1:

Cryptographic Service Providers
Each SDK installation has one or more provider packages installed. J2SE can be enhanced by adding additional security algorithms libraries (statically or dynamically) from third-party vendors (a.k.a. cryptographic service providers or providers). A few of them are: Clients may configure their runtime with different providers, and specify a preference order for each of them. The preference order is the order in which providers are searched for requested services when no specific provider is requested. This is done by modifying the "" file. This file is located at:
  • C:\Tools\java\j2sdk1.4.2_01\jre\lib\security (J2SE SDK location)
  • C:\Program Files\Java\j2re1.4.2_01\lib\security (J2SE runtime location)
When creating an instance of a service, you specify the algorithm but you can specify the provider by its name. For example:

Signature sign = Siganture.getInstance("SHA1WithDSA", "BC");

If you do not specify a provider, the first "SHA1WithDSA" is taken from the provider list (see file

The provider name can be found below:

ProviderProvider name SUN SunJSSE
com.sun.rsajca.Provider SunRsaSign
com.sun.crypto.provider.SunJCE SunJCE SunJGSS
org.bouncycastle.jce.provider.BouncyCastleProvider BC

Code example 1:
Code example 2:
Code example 3:
Code example 4:

Digital Signatures
J2SE 1.4.x supporting algorithms: MD2withRSA, MD5withRSA, SHA1withDSA, SHA1withRSA
A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document.
Using digital signatures, Alice wants to send a message to Bob using the following simple protocol:
  • Alice creates a digest of the message, a sort of digital fingerprint.
  • Alice then encrypts the digest with her private key. The encrypted digest is the digital signature.
  • The encrypted digest is sent to Bob along with the message.
    Usually the message in not encrypted.
  • When Bob receives the message, he decrypts the digest using Alice's public key.
  • Bob then creates a digest of the message using the same function that Alice used.
  • Bob compares the digest that he created with the one that Alice encrypted. If the digests match, then Bob can be confident that the signed message is indeed from Alice. If they don't match, then the message has been tampered with or isn't from Alice at all.
Digital signatures do not provide encryption of the message, so encryption techniques must be used in conjunction with signatures if you also need confidentiality.

Code example 1:
Code example 2:

Digital Certificates
J2SE 1.4.x supporting algorithms: X.509 Digital Certificate Standard
A Digital Certificate is the electronic equivalent of a business license. Digital Certificates are issued by trusted third parties (a Certification Authority (CA)). Prior to issuing a Digital Certificate, a CA reviews an applicant's credentials, such as the Dun & Bradstreet number, Articles of Incorporation, and takes several other steps to ensure the organisation is not claiming a false identity. A Digital Certificate is signed with the CA's private key.

A Digital Certificate typically contains the following:
  • Owner's public key
  • Owner's name
  • Expiration date of the public key
  • Name of the issuer (the CA that issued the Digital Certificate)
  • Serial number of the Digital Certificate
  • Digital signature of the issuer
Using digital certificates, Alice wants to send an encrypted message to Bob using the following simple protocol:
  • Alice wants to have Bob's public key, she will go to a CA usually called Trent to ask for a copy.
  • Trent will then send her a message containing details of Bob's identity and Bob's public key. This message, called the certificate for Bob's public key, is signed by Trent.
  • Alice now verifies that the digital signature is correct using Trent's public key. If this is the case, she knows that she has Bob's real public key and she now also knows that Bob is called Bob.
  • Alice wants to send a secret message to Bob. She encrypts the message (=plaintext) using Bob's public key and sends the encrypted message (=ciphertext) to Bob.
  • Bob receives the encrypted message and decryptes if it with his private key to to re-create the original message.
There are many Certification Authorities issuing digital certificates, a few of them are: Now, thanks to CAcert, everyone can get a free digital certificate signed by a global player.
CAcert is a non-profit volunteer organization.

Java Cryptographic Services

Java Cryptographic Services
Cryptographic ServiceAlgorithms/TypesDescription
SecureRandom SHA1PRNG Generates random numbers appropriate for use in cryptography. SHA1PRNG is an implementation of the Pseudo Random Number Generator (PRNG) algorithm.


KeyGenerator AES, Blowfish, DES, DESede, HmacMD5, HmacSHA1 Generates secret keys to be used by other services with the same algorithms.

Class: javax.crypto.KeyGenerator

KeyPairGenerator DSA, RSA, DH Generates a pair of public and private keys to be used by other services with the same algorithms.
MessageDigest SHA1, MD5 Computes the digest of a message.
Mac HmacMD5, HmacSHA1 Computes the message authentication code of a message.
Signature SHA1WithDSA, SHA1WithRSA Creates and verifies the digital signature of a message
KeyStore JKS, JCEKS, PKCS12 Stores keys and certificates.
CertificateFactory X509 Creates certificates.
Cipher DES, TripleDES, Blowfish Encrypts and decrypts messages.
KeyAgreement DH Lets two parties agree on a secret key without exchanging it over an insecure medium.

Secure programming techniques
  • Store passwords as char arrays (NOT as Strings) and zero them out after use, due to memory snooping or disk block snooping (when memory is low, information is stored on disk swap space).
  • When objects are serialized, use the transient keyword on sensitive data fields which you do not want to be streamed. This will minimize snooping.

More information about cryptography, see: