• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security.addProvider

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
just want to do a sanity check here...

The Security.addProvider() function just adds a cryptographic provider which in turn does all of the encryption/decryption computations, correct?

My main question is if I use BouncyCastle for that provider, do I have to use the BouncyCastle api for getting key objects or is it ok to just use the javax.security api for getting key objects? I'm assuming the Provider and the security api are mutually exclusive, correct?
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The security provider, .e.g. BouncyCastle or SunJCE, performs only those security functions provided through the JCE framework, not all of which lives in javax.crypto. For example, java.security.MessageDigest is part of the JCE framework.

With BouncyCastle, you have a choice. If you prefer, you can use the BouncyCastle lightweight crypto library and API, and ignore the the JCE altogether. You may also decide to use the BouncyCastle JCE provider, which you add via the Security.addProvider() method you mentioned. However, this just adds the BouncyCastle to the list of providers, it does not make BouncyCastle the only provider. So, for example, if you call MessageDigest.getInstance("MD5"), you'll get an instance of MD5 from some provider, no necessarily BouncyCastle. If you really want BC, you can use the second form which allows you to specify the provider, i.e. MessageDigest.getInstance("MD5", "BC");
 
Bryan Hizey
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, thanks. One more question (more of clarification since I've already got a working app built); Using the BouncyCastle provider and getting a cipher instance OCipher.getInstance(ALGORITHM + "/" + MODE + "/" + PADDING,"BC") allows me to use both the javax.crypto and javax.security apis while using the RSA enc/dec implementation provided by BC, correct? You don't have to use the BouncyCastle equivalent of the javax.crypto andjavax.security apis just b/c you're using the BouncyCastle as a provider, correct?

Thanks in advance,
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think those classes in BC are meant for JDK implementations that don't have JCE built in (i.e., JDK 1.2 and 1.3). Starting with JDK 1.4, JCE is part of the core JDK, and those classes are not needed - just the provider classes.
 
Ranch Hand
Posts: 290
Oracle Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
BC is an implementation of all the SPI required by JCA &E.
This gives the flexiblity of changing your provider without any code changes.

Ahmad
 
She's brilliant. She can see what can be and is not limited to what is. And she knows this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic