<html><head><title>Bouncy Castle Crypto Package</title></head><body bgcolor="#ffffff" text="#000000#"><center><h1>Bouncy Castle Crypto Package</h1><font size=1><pre></pre></font></center><h2>1.0 Introduction</h2>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms.  The package is organised so that it contains a light-weight API suitable for use in any environment(including the newly released J2ME) with the additional infrastructureto conform the algorithms to the JCE framework.<p>This software is distributed under a license based on the MIT X Consortium license.  To view the license, <a href="./LICENSE.html">see here</a><p>If you have the full package you will have six jar files, bcprov*.jarwhich contains the BC provider, jce-*.jar which containsthe JCE provider, clean room API, and bcmail*.jar which contains themail API.<p>Note: if you are using JDK 1.0, you will just find a class hierarchy inthe classes directory.<p>To view examples, look at the test programs in the packages:<ul>	<li><b>org.bouncycastle.crypto.test</b>	<li><b>org.bouncycastle.jce.provider.test</b></ul><p>To verify the packages, run the following Java programs with theappropriate classpath:<ul>	<li><b>java org.bouncycastle.crypto.test.RegressionTest</b>	<li><b>java org.bouncycastle.jce.provider.test.RegressionTest</b></ul><h2>2.0 Patents</h2><p>Some of the algorithms in the Bouncy Castle APIs are patented in someplaces. It is upon the user of the library to be aware of what thelegal situation is in their own situation, however we have been askedto specifically mention the patent below at the request of the patentholder.<p>The IDEA encryption algorithm is patented in the USA, Japan, and Europeincluding at least Austria, France, Germany, Italy, Netherlands, Spain, Sweden,Switzerland and the United Kingdom. Non-commercial use is free, howeverany commercial products that make use of IDEA are liable for royalties.Please see<a href="http://www.mediacrypt.com">www.mediacrypt.com</a> forfurther details.<h2>3.0 Specifications</h2><ul><li> clean room implementation of the JCE API <li> light-weight cryptographic API consisting of support for	<ul>		<li>BlockCipher		<li>BufferedBlockCipher		<li>AsymmetricBlockCipher		<li>BufferedAsymmetricBlockCipher		<li>StreamCipher		<li>BufferedStreamCipher        <li>KeyAgreement        <li>IESCipher		<li>Digest		<li>Mac		<li>PBE		<li>Signers	</ul><li> JCE compatible framework for a Bouncy Castle provider</ul><h2>4.0 Light-weight API</h2><p>This API has been specifically developed for those circumstanceswhere the rich API and integration requirements of the JCE arenot required.  <p>However as a result, the light-weight API requires more effortand understanding on the part of a developer to initialise and utilise the algorithms.<h3>4.1 Example</h3><p>To utilise the light-weight API in a program, the fundamentalsare as follows;<pre><code>	/*	 * This will use a supplied key, and encrypt the data	 * This is the equivalent of DES/CBC/PKCS5Padding	 */	BlockCipher engine = new DESEngine();	BufferedBlockCipher cipher = new PaddedBlockCipher(new CBCCipher(engine));	byte[] key = keyString.getBytes();	byte[] input = inputString.getBytes();	cipher.init(true, new KeyParameter(key));	byte[] cipherText = new byte[cipher.getOutputSize(input.length)];		int outputLen = cipher.processBytes(input, 0, input.length, cipherText, 0);	try	{		cipher.doFinal(cipherText, outputLen);	}	catch (CryptoException ce)	{		System.err.println(ce);		System.exit(1);	}</code></pre><h3>4.2 Algorithms</h3><p>The light-weight API has built in support for the following:<h4>Symmetric (Block)</h4><p>The base interface is <b>BlockCipher</b> and has the followingimplementations which match the modes the block cipher canbe operated in.<p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>Constructor</th><th>Notes</th></tr><tr><td><b>BufferedBlockCipher</b></td><td>BlockCipher</td><td>&nbsp;</td></tr><tr><td><b>CBCBlockCipher</b></td><td>BlockCipher</td><td>&nbsp;</td></tr><tr><td><b>CFBBlockCipher</b></td><td>BlockCipher, block size (in bits)</td><td>&nbsp;</td></tr><tr><td><b>OFBBlockCipher</b></td><td>BlockCipher, block size (in bits)</td><td>&nbsp;</td></tr><tr><td><b>SICBlockCipher</b></td><td>BlockCipher, block size (in bits)</td><td>Also known as CTR mode</td></tr><tr><td><b>OpenPGPCFBBlockCipher</b></td><td>BlockCipher</td><td>&nbsp;</td></tr><tr><td><b>GOFBBlockCipher</b></td><td>BlockCipher</td><td>GOST OFB mode</td></tr></table><p><b>BufferedBlockCipher</b> has a further sub-classes<p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>Constructor</th><th>Notes</th></tr><tr><td><b>PaddedBufferedBlockCipher</b></td><td>BlockCipher</td><td>a buffered block cipher that can use padding - default PKCS5/7 padding</td></tr><tr><td><b>CTSBlockCipher</b></td><td>BlockCipher</td><td>Cipher Text Stealing</td></tr></table><p>The following paddings can be used with the PaddedBufferedBlockCipher.<p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>Description</th></tr><tr><td>PKCS7Padding</td><td>PKCS7/PKCS5 padding</td></tr><tr><td>ISO10126d2Padding</td><td>ISO 10126-2 padding</td></tr><tr><td>X932Padding</td><td>X9.23 padding</td></tr><tr><td>ISO7816d4Padding</td><td>ISO 7816-4 padding (ISO 9797-1 scheme 2)</td></tr><tr><td>ZeroBytePadding</td><td>Pad with Zeros (not recommended)</td></tr></table><p>The following cipher engines are implemented that can beused with the above modes.<p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>KeySizes (in bits) </th><th>Block Size</th><th>Notes</th></tr><tr><td><b>AESEngine</b></td><td>0 .. 256 </td><td>128 bit</td><td>&nbsp;</td></tr><tr><td><b>AESWrapEngine</b></td><td>0 .. 256 </td><td>128 bit</td><td>Implements FIPS AES key wrapping</td></tr><tr><td><b>BlowfishEngine</b></td><td>0 .. 448 </b></td><td>64 bit</td><td>&nbsp;</td></tr><tr><td><b>CAST5Engine</b></td><td>0 .. 128 </b></td><td>64 bit</td><td>&nbsp;</td></tr><tr><td><b>CAST6Engine</b></td><td>0 .. 256 </b></td><td>128 bit</td><td>&nbsp;</td></tr><tr><td><b>DESEngine</b></td><td>64</td><td>64 bit</td><td>&nbsp;</td></tr><tr><td><b>DESedeEngine</b></td><td>128, 192</td><td>64 bit</td><td>&nbsp;</td></tr><tr><td><b>DESedeWrapEngine</b></td><td>128, 192</td><td>64 bit</td><td>Implements Draft IETF DESede key wrapping</td></tr><tr><td><b>IDEAEngine</b></td><td>128</td><td>64 bit</td><td>&nbsp;</td></tr><tr><td><b>RC2Engine</b></td><td>0 .. 1024 </td><td>64 bit</td><td>&nbsp;</td></tr><tr><td><b>RC532Engine</b></td><td>0 .. 128 </td><td>64 bit</td><td>Uses a 32 bit word</td></tr><tr><td><b>RC564Engine</b></td><td>0 .. 128 </td><td>128 bit</td><td>Uses a 64 bit word</td></tr><tr><td><b>RC6Engine</b></td><td>0 .. 256 </td><td>128 bit</td><td>&nbsp;</td></tr><tr><td><b>RijndaelEngine</b></td><td>0 .. 256 </td><td>128 bit, 160 bit, 192 bit, 224 bit, 256 bit</td><td>&nbsp;</td></tr><tr><td><b>SkipjackEngine</b></td><td>0 .. 128 </td><td>64 bit</td><td>&nbsp;</td></tr><tr><td><b>TwofishEngine</b></td><td>128, 192, 256 </td><td>128 bit</td><td>&nbsp;</td></tr><tr><td><b>SerpentEngine</b></td><td>128, 192, 256 </td><td>128 bit</td><td>&nbsp;</td></tr><tr><td><b>GOST28147Engine</b></td><td>256</td><td>64 bit</td><td>Has a range of S-boxes</td></tr><tr><td><b>CamelliaEngine</b></td><td>128, 192, 256</td><td>128 bit</td><td>&nbsp;</td></tr></table><h4>Symmetric (Stream)</h4><p>The base interface is <b>StreamCipher</b> and has the followingimplementations which match the modes the stream cipher canbe operated in.<p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>Constructor</th><th>Notes</th></tr><tr><td><b>BlockStreamCipher</b></td><td>BlockCipher</td><td>&nbsp;</td></tr></table><p>The following cipher engines are implemented that can beused with the above modes.<p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>KeySizes (in bits) </th><th>Notes</th></tr><tr><td><b>RC4Engine</b></td><td>40 .. 2048 </b></td><td>&nbsp;</td></tr></table><h4>Block Asymmetric</h4><p>The base interface is <b>AsymmetricBlockCipher</b> and has the followingimplementations which match the modes the cipher can be operated in.<p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>Constructor</th><th>Notes</th></tr><tr><td><b>BufferedAsymmetricBlockCipher</b></td><td>AsymmetricBlockCipher</td><td>&nbsp;</td></tr><tr><td><b>OAEPEncoding</b></td><td>AsymmetricBlockCipher</td><td>&nbsp;</td></tr><tr><td><b>PKCS1Encoding</b></td><td>AsymmetricBlockCipher</td><td>&nbsp;</td></tr><tr><td><b>ISO9796d1Encoding</b></td><td>AsymmetricBlockCipher</td><td>ISO9796-1</td></tr></table><p>The following cipher engines are implemented that can beused with the above modes.<p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>KeySizes (in bits)</th><th>Notes</th></tr><tr><td><b>RSAEngine</b></td><td>any multiple of 8 large enough for the encoding.</td><td>&nbsp;</td></tr><tr><td><b>ElGamalEngine</b></td><td>any multiple of 8 large enough for the encoding.</td><td>&nbsp;</td></tr></table><h4>Digest</h4><p>The base interface is <b>Digest</b> and has the followingimplementations <p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>Output (in bits)</th><th>Notes</th></tr><tr><td><b>MD2Digest</b></td><td>128</td><td>&nbsp;</td></tr><tr><td><b>MD4Digest</b></td><td>128</td><td>&nbsp;</td></tr><tr><td><b>MD5Digest</b></td><td>128</td><td>&nbsp;</td></tr><tr><td><b>RipeMD128Digest</b></td><td>128</td><td>basic RipeMD</td></tr><tr><td><b>RipeMD160Digest</b></td><td>160</td><td>enhanced version of RipeMD</td></tr><tr><td><b>RipeMD256Digest</b></td><td>256</td><td>expanded version of RipeMD128</td></tr><tr><td><b>RipeMD320Digest</b></td><td>320</td><td>expanded version of RipeMD160</td></tr><tr><td><b>SHA1Digest</b></td><td>160</td><td>&nbsp;</td></tr><tr><td><b>SHA224Digest</b></td><td>224</td><td>FIPS 180-2</td></tr><tr><td><b>SHA256Digest</b></td><td>256</td><td>FIPS 180-2</td></tr><tr><td><b>SHA384Digest</b></td><td>384</td><td>FIPS 180-2</td></tr><tr><td><b>SHA512Digest</b></td><td>512</td><td>FIPS 180-2</td></tr><tr><td><b>TigerDigest</b></td><td>192</td><td>The Tiger Digest.</td></tr><tr><td><b>GOST3411Digest</b></td><td>256</td><td>The GOST-3411 Digest.</td></tr><tr><td><b>WhirlpoolDigest</b></td><td>512</td><td>The Whirlpool Digest.</td></tr></table><h4>MAC</h4><p>The base interface is <b>Mac</b> and has the followingimplementations <p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>Output (in bits)</th><th>Notes</th></tr><tr><td><b>CBCBlockCipherMac</b></td><td>blocksize/2 unless specified</td><td>&nbsp;</td></tr><tr><td><b>CFBBlockCipherMac</b></td><td>blocksize/2, in CFB 8 mode, unless specified</td><td>&nbsp;</td></tr><tr><td><b>HMac</b></td><td>digest length</td><td>&nbsp;</td></tr></table><h4>PBE</h4><p>The base class is <b>PBEParametersGenerator</b> and has the followingsub-classes <p><table cellpadding=5 cellspacing=0 border=1 width=80%><tr><th>Name</th><th>Constructor</th><th>Notes</th></tr><tr><td><b>PKCS5S1ParametersGenerator</b></td><td>Digest</td><td>&nbsp;</td></tr><tr><td><b>PKCS5S2ParametersGenerator</b></td><td>&nbsp;</td><td>Uses SHA1/Hmac as defined</td></tr><tr><td><b>PKCS12ParametersGenerator</b></td><td>Digest</td><td>&nbsp;</td></tr><tr><td><b>OpenSSLPBEParametersGenerator</b></td><td>&nbsp;</td><td>Uses MD5 as defined</td></tr></table><h4>Key Agreement</h4><p>Two versions of Diffie-Hellman key agreement are supported, the basicversion, and one for use with long term public keys. Two versions ofkey agreement using Elliptic Curve cryptography are also supported,standard Diffie-Hellman key agreement and standard key agreement withco-factors.<p>The agreement APIs are in the <b>org.bouncycastle.crypto.agreement</b> package.Classes for generating Diffie-Hellman parameters can be found in the<b>org.bouncycastle.crypto.params</b> and <b>org.bouncycastle.crypto.generators</b> packages.<p><h4>IESCipher</h4><p>The IES cipher is based on the one described in IEEE P1363a (draft 10), foruse with either traditional Diffie-Hellman or Elliptic Curve Diffie-Hellman.<p><b>Note:</b> At the moment this is still a draft, don't use it for anythingthat may be subject to long term storage, the key values produced may wellchange as the draft is finalised.<p><h4>Signers</h4><p>DSA, ECDSA, ISO-9796-2, GOST-3410-94, GOST-3410-2001, and RSA-PSS are supported by the <b>org.bouncycastle.crypto.signers</b>package. Note: as these are light weight classes, if you need to use SHA1 or GOST-3411(as defined in the relevant standards) you'll also need to make use of the appropriatedigest class in conjunction with these.Classes for generating DSA and ECDSA parameters can be found in the<b>org.bouncycastle.crypto.params</b> and <b>org.bouncycastle.crypto.generators</b> packages.<p><h3>4.3 ASN.1 package</h3><p>The light-weight API has direct interfaces into a package capable ofreading and writing DER-encoded ASN.1 objects and for the generationof X.509 V3 certificate objects and PKCS12 files. BER InputStream andOutputStream classes are provided as well.<h2>5.0 Bouncy Castle Provider</h2><p>The Bouncy Castle provider is a JCE compliant provider thatis a wrapper built on top of the light-weight API.<p>The advantage for writing application code that uses the provider interface to cryptographic algorithms is that theactual provider used can be selected at run time.  This is extremely valuable for applications that may wish to make use of a provider that has underlying hardware forcryptographic computation, or where an application may havebeen developed in an environment with cryptographic exportcontrols.<h3>5.1 Example</h3><p>To utilise the JCE provider in a program, the fundamentalsare as follows;<pre><code>	/*	 * This will generate a random key, and encrypt the data	 */	Key		key;	KeyGenerator	keyGen;	Cipher		encrypt;	Security.addProvider(new BouncyCastleProvider());	try	{		// "BC" is the name of the BouncyCastle provider		keyGen = KeyGenerator.getInstance("DES", "BC");		keyGen.init(new SecureRandom());		key = keyGen.generateKey();		encrypt = Cipher.getInstance("DES/CBC/PKCS5Padding", "BC");	}	catch (Exception e)	{		System.err.println(e);		System.exit(1);	}	encrypt.init(Cipher.ENCRYPT_MODE, key);	bOut = new ByteArrayOutputStream();	cOut = new CipherOutputStream(bOut, encrypt);