So I have figured out the format of a CngKey exported in ECCPublicKeyBlob and ECCPrivateKeyBlob. This should allow others to interop between other key formats and CngKey for Elliptcal Curve signing and such. ECCPrivateKeyBlob is formatted (for P256) as follows [KEY TYPE (4 bytes)][KEY LENGTH (4 bytes)][PUBLIC KEY (64 bytes)][PRIVATE KEY (32 Bytes)] KEY TYPE … Read more
This generates a short 8 digit hash 1817886a There are two forms of this from OpenSSL: $ cd openssl-1.0.2-src $ grep -R X509_subject_name_hash * … crypto/x509/x509.h:unsigned long X509_subject_name_hash(X509 *x); crypto/x509/x509.h:unsigned long X509_subject_name_hash_old(X509 *x); crypto/x509/x509_cmp.c:unsigned long X509_subject_name_hash(X509 *x) crypto/x509/x509_cmp.c:unsigned long X509_subject_name_hash_old(X509 *x) … Generate Subject Hash of X509Certificate in Java… Here is the source for them … Read more
If you look at RFC 4492 5.2, you’ll see that the server CAN send the “ec_point_formats” extension, but is only supposed to do so “when negotiating an ECC cipher suite”. If you want TLSClient to just ignore the extra extension instead of raising an exception, I suggest overriding TlsClient.allowUnexpectedServerExtension(…) to allow ec_point_formats in the same … Read more
If anyone is interested to know how to encrypt and decrypt gpg files using bouncy castle openPGP library, check the below java code: The below are the 4 methods you going to need: The below method will read and import your secret key from .asc file: public static PGPSecretKey readSecretKeyFromCol(InputStream in, long keyId) throws IOException, … Read more
None of these answers is accurate in 2021 or even several years prior. Neither using Spongy Castle nor recompiling Bouncy Castle with a different package namespace are necessary since the package name conflicts on Android platform were resolved in Honeycomb (unless you still support pre-honeycomb devices). For details why see: https://github.com/rtyley/spongycastle/issues/34 The correct solution is … Read more
The Bouncy Castle example code on elliptic curve key pair Generation and key factories got me pretty close. Once I managed to create a ECDSA key factory and a curve specification for the secp256r1/NIST P-256/P-256/prime256v1 curve I was able to use ECPointUtil.decodePoint to obtain a curve point. I could then generate a public key specification … Read more
iText marks bouncycastle dependencies as optional. If you require them, you need to add the dependencies in your own pom file. To find out which dependency to include in your project, open the itextpdf pom.xml file of the version you are using (for example 5.3.2, here) and search for the 2 bouncycastle dependencies. <dependency> <groupId>org.bouncycastle</groupId> … Read more
In addition to the standard JCE approach shown by divanov as long as you give it the correct input (see my comment thereto), or just using JCE in the first place like your selfanswer, BouncyCastle 1.48 up DOES still contain the old PEMReader functionality just organized a bit differently and for this case you can … Read more
You need to change the type of the keystore, from BKS to BKS-v1 (BKS-v1 is an older version of BKS). Because the BKS version changed as said here There is another solution, that is much much easier: Using Portecle: Downloads Portecle http://portecle.sourceforge.net/ Open your bks file with the password and portecle Do Tools>>Change Keystore Type>>BKS-v1 … Read more
I just needed to solve the same problem and found no answer. So I spent some time studying BC API and found a solution which works for me. I needed to read the private key from file so there is privateKeyFileName parameter instead pemString parameter in the myFunc method. Using BC 1.48 and PEMParser: int … Read more