Dazed and confused by Java Security & BouncyCastle APIs

Question

I\'ve been trying to make sense of the BouncyCastle cryptography APIs for Java. Unfortunately, I\'m finding Java cryptography in general to be so obscured by service provider in

Answer 1

hmm, have you tried the O'Reilly book on Java Cryptography? (can't vouch for it personally)

Answer 2

import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

import javax.crypto.Cipher;

public class RsaCrypto {

    private static final int KEY_SIZE = 3072;
    private static final String TRANSFORMATION = "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING";

    public static KeyPair generateRSAKeyPair() {
        try {
            KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
            gen.initialize(KEY_SIZE);
            java.security.KeyPair p = gen.generateKeyPair();
            KeyPair pair = new KeyPair();
            pair.privateKey = p.getPrivate().getEncoded();
            pair.publicKey = p.getPublic().getEncoded();
            return pair;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }

    }

    public static byte[] encrypt(byte[] data, byte[] publicKey) {
        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKey);
        try {
            KeyFactory kf = KeyFactory.getInstance("RSA");
            PublicKey pk = kf.generatePublic(publicKeySpec);
            Cipher rsa = Cipher.getInstance(TRANSFORMATION);
            rsa.init(Cipher.ENCRYPT_MODE, pk);
            return rsa.doFinal(data);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] decrypt(byte[] encryptedData, byte[] privateKey) {
        try {
            PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(privateKey);
            RSAPrivateKey pk = (RSAPrivateKey) KeyFactory.getInstance("RSA")
                    .generatePrivate(privSpec);

            Cipher rsaCipher = Cipher.getInstance(TRANSFORMATION);
            rsaCipher.init(Cipher.DECRYPT_MODE, pk);
            return rsaCipher.doFinal(encryptedData);

        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

}

Answer 3

import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;

import javax.crypto.Cipher;

public class RSACrypto
{

  /* A 1024-bit key will encrypt messages up to 117 bytes long. */
  private static final int KEY_SIZE = 1024;

  private static final String XFORM = 
    "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING";

  public static KeyPair generateRSAKeyPair()
    throws GeneralSecurityException
  {
    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
    gen.initialize(KEY_SIZE);
    return gen.generateKeyPair();
  }

  public static byte[] encrypt(byte[] plaintext, PublicKey pub)
    throws GeneralSecurityException
  {
    Cipher cipher = Cipher.getInstance(XFORM);
    cipher.init(Cipher.ENCRYPT_MODE, pub);
    return cipher.doFinal(plaintext);
  }

  public static byte[] decrypt(byte[] ciphertext, PrivateKey pvt)
    throws GeneralSecurityException
  {
    Cipher cipher = Cipher.getInstance(XFORM);
    cipher.init(Cipher.DECRYPT_MODE, pvt);
    return cipher.doFinal(ciphertext);
  }

  public static void main(String... argv)
    throws Exception
  {
    KeyPair pair = RSACrypto.generateRSAKeyPair();
    byte[] plaintext = "A short secret message.".getBytes("UTF-8");
    byte[] ciphertext = RSACrypto.encrypt(plaintext, pair.getPublic());
    byte[] recovered = RSACrypto.decrypt(ciphertext, pair.getPrivate());
    System.out.println(new String(recovered, "UTF-8"));
  }

}