bouncycastle - w3toppers.com

Self signed X509 Certificate with Bouncy Castle in Java

Using Bouncycastle latest version – 1.55 1.66 Update to the answer by @Bewusstsein. The bouncycastle classes are deprecated in the latest version as of this answer (5/11/2017). If you are using version 1.55 or later: public static Certificate selfSign(KeyPair keyPair, String subjectDN) throws OperatorCreationException, CertificateException, IOException { Provider bcProvider = new BouncyCastleProvider(); Security.addProvider(bcProvider); long now … Read more

Get a PrivateKey from a RSA .pem file [duplicate]

I’m using BouncyCastle 1.57 (bcprov-jdk15on, bcmail-jdk15on and bcpkix-jdk15on) and Java 7. You can read the private key using the JcaPEMKeyConverter class. The code below works for keys with and without a password: import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMDecryptorProvider; import org.bouncycastle.openssl.PEMEncryptedKeyPair; import org.bouncycastle.openssl.PEMKeyPair; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder; // don’t forget to add the provider Security.addProvider(new BouncyCastleProvider()); … Read more

Generating X509 Certificate using Bouncy Castle Java

Creation of KeyPairGenerator: private KeyPairGenerator createKeyPairGenerator(String algorithmIdentifier, int bitCount) throws NoSuchProviderException, NoSuchAlgorithmException { KeyPairGenerator kpg = KeyPairGenerator.getInstance( algorithmIdentifier, BouncyCastleProvider.PROVIDER_NAME); kpg.initialize(bitCount); return kpg; } Creation of keyPair: private KeyPair createKeyPair(String encryptionType, int byteCount) throws NoSuchProviderException, NoSuchAlgorithmException { KeyPairGenerator keyPairGenerator = createKeyPairGenerator(encryptionType, byteCount); KeyPair keyPair = keyPairGenerator.genKeyPair(); return keyPair; } KeyPair keyPair = createKeyPair(“RSA”, 4096); Converting things … Read more

Inserting Certificate (with privatekey) in Root, LocalMachine certificate store fails in .NET 4

I had exactly the same problem and the solution turned out to be really simple. All I had to do is to pass X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet to X509Certificate2’s ctor. Now you are using the DotNetUtilities to convert the bouncycastle certificate to the .net one, but the helper method creates the .net cert with the DefaultKeySet … Read more

How do I do TLS with BouncyCastle?

This is a very basic example, with server-only authentication and self-signed cert. The code is based on BC 1.49, mostly leightweight API: ServerSocket serverSocket = new ServerSocket(SERVER_PORT); final KeyPair keyPair = … final Certificate bcCert = new Certificate(new org.spongycastle.asn1.x509.Certificate[] { new X509V3CertificateStrategy().selfSignedCertificateHolder(keyPair).toASN1Structure()}); while (true) { Socket socket = serverSocket.accept(); TlsServerProtocol tlsServerProtocol = new TlsServerProtocol( socket.getInputStream(), … Read more

How to include the Spongy Castle JAR in Android?

If you are using gradle, then you can just specify your dependencies in build.gradle file like this: dependencies { …. compile ‘com.madgag.spongycastle:core:1.54.0.0’ compile ‘com.madgag.spongycastle:prov:1.54.0.0’ compile ‘com.madgag.spongycastle:pkix:1.54.0.0’ compile ‘com.madgag.spongycastle:pg:1.54.0.0′ } You can find out the latest version of the library here. Don’t forget to insert it as a security provider in your app. static { Security.insertProviderAt(new … Read more

Is it possible to programmatically generate an X509 certificate using only C#?

Just to clarify, an X.509 certificate does not contain the private key. The word certificate is sometimes misused to represent the combination of the certificate and the private key, but they are two distinct entities. The whole point of using certificates is to send them more or less openly, without sending the private key, which … Read more

scp transfer via java

I ended up using Jsch– it was pretty straightforward, and seemed to scale up pretty well (I was grabbing a few thousand files every few minutes).

Sign CSR using Bouncy Castle

Ok … I was looking to do the same stuff and for the life of me I couldn’t figure out how. The APIs all talk about generating the key pairs and then generating the cert but not how to sign a CSR. Somehow, quite by chance – here’s what I found. Since PKCS10 represents the … Read more

Generate a self-signed certificate on the fly

I edited the answer to do the root certificate first and then issue an end entity certificate. Here is some example of generating a self-signed certificate through Bouncy Castle: public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = … Read more