3,203 questions
Advice
0
votes
2
replies
175
views
What is the Best external dll for AES-GCM encrypt/decrypt for C# .Net 4.8.1
I have a .Net 4.8.1 project and want to add a method for enrypt/decryp using AES-GCM.
Since .Net 4.8.1 does not support inbuilt AES-GCM, I used BouncyCastle.Cryptography (v2.6.2) library for this and ...
- 391
0
votes
0
answers
65
views
Bouncy Castle (C#) X509Name equivalent but not the same?
I'm trying to create a XAdES signature with Bouncy Castle and C#. Schema for version 1.3.2 requires signing certificate's issuer name on this XPath: /ds:Signature/ds:Object/xades:QualifyingProperties/...
- 63
0
votes
0
answers
80
views
Android instrumented tests stopped working, after uninstalling Bouncy Castle and an EncryptedSharedPrefs fork, now a Bouncy Castle key error
I have stopped being able to run instrumented tests on Android Studio. They were working fine for weeks. But now even the simplest instrumented test will result in this error, in Build Output:
:app:...
- 2,475
-1
votes
0
answers
56
views
How to PGP decrypt a file that uses AEAD with bouncy castle? [duplicate]
I downloaded the latest version of WinGPG, encrypted a file using an RSA 2048 key, and then attempted to decrypt it using the BouncyCastle.Cryptography 2.6.2 nuget package. It fails with System.IO....
- 119
0
votes
0
answers
81
views
Net.Pkcs11Interop.Common.Pkcs11Exception: 'Method C_Sign returned CKR_DEVICE_ERROR'
I'm trying to improve my document signing process using PKCS11, but I'm having a problem. No matter how many attempts I made, I could not resolve the relevant error.
Net.Pkcs11Interop.Common....
0
votes
1
answer
110
views
Are bouncycastle java libraries compatible with themselves? [closed]
I am using several third party libs which have dependencies to various bouncycastle libraries. Here some examples:
bcpkix-jdk18on
bcprov-jdk15to18
bcprov-lts8on
bcutil-lts8on
...
After updating one ...
- 403
0
votes
0
answers
91
views
Get date from TimeStampToken equivalent in Typescript
I have a web service that returns a Timestamp Token as a base64 string,
I have this code in Java using BouncyCastle to parse, open and extract the date:
String timestamp = "...";
byte[] ...
- 143
3
votes
1
answer
244
views
I have an encrypted text from Java's Bouncy Castle Library using AES/GCM which I am unable to decrypt using C# Bouncy Castle library AES/GCM
I have a text which I am encrypting using Java's Bouncy Castle AES/GCM utility.
package com.stackoflow.symmetric_token_decryptor;
import static org.apache.commons.codec.binary.Hex.encodeHex;
...
- 434
0
votes
0
answers
231
views
java.io.EOFException or Content-Length mismatch when using Ktor CIO engine after BouncyCastle FIPS update
After upgrading BouncyCastle dependencies from:
org.bouncycastle:bc-fips:2.0.0 → 2.1.0
org.bouncycastle:bctls-fips:2.0.19 → 2.1.20
I started encountering issues when using the Ktor CIO client engine. ...
1
vote
1
answer
88
views
How to create MANIFEST-INF/CERT.RSA?
Since some packages are not available in higher versions of JDK, I am looking for an alternative to implement apk or jar signing (V1).
Source: https://github.com/appium-boneyard/sign/blob/master/src/...
- 21
1
vote
1
answer
198
views
Validating an Ed25519 public key (isOnCurve check) in Java
Is there a standard way to validate an Ed25519 public key (check that it's really a point on the curve and not some random bytes) using the standard Java Crypto APIs and/or BouncyCastle?
I found a ...
- 6,034
2
votes
1
answer
274
views
Error while decrypting in Java for an encrypted string generated in C# using ECIES algorithm
We have a target Java codebase responsible for decrypting an incoming payload. The payload is being encrypted within a .NET Core isolated Azure Function before being sent to the endpoint where the ...
- 29
2
votes
1
answer
290
views
Query regarding ML-KEM support with Bouncy Castle 1.80 in Maven Spring Boot Application
I have a query regarding the use of the Bouncy Castle library for post-quantum cryptography (PQC) in my Spring Boot application. I am using Java version 21, Bouncy Castle version 1.80, which supports ...
0
votes
1
answer
82
views
How to implement PreHash for signing
Implementing openssl command
openssl rsautl -sign -in rasi.bin -inkey riktest.key -out allkiri.bin
is based on code from answer
Converting Openssl signing to .NET6
using Org.BouncyCastle.Crypto;
...
- 28.3k
0
votes
1
answer
55
views
Java Exception on CryptoProviderTools.installBCProvider() instruction using log4j2
I have a java web project which includes lo4j2. It is deploy on tomcat instance locally on my PC.
I was debugging the java project. When debugger is on the instruction of Certificate class contructor ...
- 335
0
votes
1
answer
209
views
How to sign in .NET 9 or using BouncyCastle 2.6.0
Tried to implement openssl command
openssl rsautl -sign -in rasi.bin -inkey riktest.key -out allkiri.bin
using BouncyCastle 2.6.0 Nuget package with code from Converting Openssl signing to .NET6 ...
- 28.3k
0
votes
0
answers
69
views
Error Bouncy Castle FIPS enable in zulu 17
I created a certificate with keystore type BCFKS using bc-fips-1.0.2.5.jar and Azul Zulu Java 17. The content is shown correctly in the keystore file:
I am trying to enable TLS in tomcat/conf/server....
1
vote
0
answers
53
views
ASP.NET Core 7: BouncyCastle conflict `MissingMethodException` - binding redirects ineffective?
I'm encountering a frustrating dependency conflict in my ASP.NET Core 7 application involving different versions of BouncyCastle, and standard resolution techniques like binding redirects don't seem ...
- 45.9k
-3
votes
2
answers
306
views
Encryption not working using C# System.Security.Cryptography
I was trying to decrypt a JSON request with a key, hex and textbody but all the codes I found are from 2013 - 2017. I tried using this one
namespace AES {
using System.IO;
using System;
...
0
votes
0
answers
51
views
Connect with RabbitMq queue with ssl from java 6
I have a problem connecting with connecting to a Rabbit queue...
Unfortunately this is a very old project and it has to be run on Java 1.6.
this is my class:
import com.rabbitmq.client.Channel;
import ...
- 346
0
votes
0
answers
41
views
Is there an alternative HttpClient handler for .NET Framework 4.5 that does not depend on Windows for HTTPS?
I have a legacy project running on .NET Framework 4.5, and we recently encountered issues because HttpClient relies on Windows for HTTPS connections.
Is there an alternative HttpMessageHandler that ...
- 1,416
2
votes
1
answer
461
views
Ed25519ph key and signature are not compatible between OpenSSL and BouncyCastle C#
Step 1: generate Ed25519 key, signature and verify using OpenSSL
openssl version
REM output: OpenSSL 3.3.2 3 Sep 2024 (Library: OpenSSL 3.3.2 3 Sep 2024)
REM Generate private key
openssl genpkey -...
- 2,412
0
votes
0
answers
60
views
How to decide PreferredSignatureSize for a PDF document
I am adding digital signatures using certificates on PDFs, there is a property SignatureOptions.PreferredSignatureSize which accepts the preferred signature size, however the values varies for ...
- 813
0
votes
1
answer
517
views
after upgrading oracle driver ojdbc17 in tomcat server : SQLException: UCP-0: Unable to start the Universal Connection Pool
Recently upgraded oracle drivers from ojdbc8 to ojdbc17 and ucp17.jar, for tocmat server where a Java17 based application is deployed. But the database connection now showing following error. Other ...
- 346
0
votes
2
answers
57
views
In grails 2.x version, the bouncy castle provided by the grails itself is present in the runtime environment
In grails 2.x version, the bouncy castle provided by the grails itself is present in the runtime environment. Since the bc library in part of grail lib, is it possible to overwrite with latest bc ...
0
votes
1
answer
151
views
Does OCSP Responder Certificate require digitalSignature key usage?
I want to verify X.509 Certificates (if they were revoked) using the OCSP Protocol and Java/Kotlin.
As this is a non trivial task I use Java Security together with the Bouncy Castle Crypto lib.
When I ...
- 362
1
vote
0
answers
72
views
Add the recipient in the Bouncy Castle
I’ve been working with the Bouncy Castle library for encrypting and decrypting my data using a subkey (designated as E) for encryption. However, I have a few specific concerns that I’d like some ...
- 11
0
votes
0
answers
189
views
Spring Boot application intended to be FIPS-compliant by using bouncycastle fails to start without SUN security provider
I'm trying to make my Spring Boot microservices FIPS 10-3 compliant, which led me to Bouncycastle as the security providers.
I have a basic Spring Boot application created with Spring initializr which ...
- 1,147
0
votes
0
answers
60
views
PGP Issue : Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC
I am getting below exception when trying to decrypt pgp message in Java 11
Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC
And we are using below bouncycastle ...
- 363
0
votes
0
answers
93
views
PGP Issue : org.bouncycastle.crypto.InvalidCipherTextException: block incorrect
Currently we did migration from java 1.8 to java 11. During migration we are facing below decrypting pgp message issue in one of the application.
Caused by: org.bouncycastle.crypto....
- 363
1
vote
1
answer
53
views
ClassCastException when casting IBasicOCSPResponse to IBasicOCSPResp in iText 8.0.4
I am working with iText 8.0.4 (GitHub Repository) and trying to cast IBasicOCSPResponse (from com.itextpdf.signatures) to IBasicOCSPResp (from com.itextpdf.commons.bouncycastle.cert.ocsp).
This is ...
- 119
1
vote
1
answer
396
views
How to successfully use Bouncy Castle with GraalVM
I would like to use Bouncy Castle as a security provider within GraalVM. However, this approach leads to a
com.oracle.svm.core.jdk.UnsupportedFeatureError: Trying to verify a provider that was not ...
- 572
0
votes
1
answer
184
views
Forcing renegotiation to be enabled in BouncyCastle when overridding defaulTlsClient
I'm trying to establish a TLS 1.2 connection to a server that requires 1.2 connection with renegotiation. I have no control over the server.
Using bouncycastle and android 11, I keep getting the ...
2
votes
1
answer
542
views
PKCS11Exception CKR_USER_NOT_LOGGED_IN during save certificate to smart card
I would like to create and store my own root certificate on a smart card using the P-256 ECDSA encryption algorithm (secp256r1).
I managed to open access to the certificates created so far on the card ...
- 45
0
votes
0
answers
36
views
Java SSLMA implemenation (Apache httpClient 4.5 and BouncyCastle)
I need to connect to a service that request SSLMA (SSL Mutual Authentication using Apache HttpClient 4.5 and BouncyCastle.
I managed to prepare the SSLConnectionSocketFactory instance (see code) but ...
- 135
1
vote
1
answer
118
views
Bouncy Castle GeneralName creation failing with "argument type mismatch" in CFML
I'm trying to generate a Certificate Signing Request (CSR) using Bouncy Castle in CFML/Lucee. The CSR needs to include Subject Alternative Names (SANs) for both DNS names and IP addresses. However, I'...
- 1,107
1
vote
1
answer
211
views
PDFBOX3 sign - bouncycastle - cannot create signer: No installed provider supports this key: sun.security.ec.ECPrivateKeyImpl
MOTIVATION
I am trying to use latest PDFBOX 3 to sign pdf documents.
RIG
Windows machine with java23
CERTIFICATES
I have created domain certificates with certbot 2.9.0 and openssl-3.0.7 in jks, p12 ...
0
votes
0
answers
32
views
When multi-party SDK depends on different JAR versions, how to integrate multiple three-party SDKs in a project to avoid JAR conflicts?
My current solution is to use the shade-maven-plugin,but there is an error.
java.security.NoSuchAlgorithmException: Cannot find any provider supporting SM4/CBC/PKCS7Padding
For example, my case is :
...
- 1
0
votes
0
answers
80
views
CMS/CMC message with null signature and no-signature signature
I'm trying to create a CMC message wrapped inside CMS to feed MS ADCS service with a certificate request.
We're trying to fulfill the specification (WCCE - 2.2.2.6.5 Null Signature and WCCE - 3.1.1.4....
- 11
1
vote
1
answer
132
views
One-Shot pureEdDSA signing with Bouncycastle
I need to sign a 32byte message with an Ed25519PrivateKey. The signed message is verified by an embedded controller. Therefore, I need to match the implementation of this controller. The requirement ...
- 701
0
votes
0
answers
59
views
BCFIPS provider be positioned at the bottom of the security provider list in non-FIPS environment
We are currently using the Snowflake JDBC FIPS driver in a non-FIPS environment. The reason for this choice is to simplify maintenance, as managing different drivers for various environments can be ...
- 161
0
votes
0
answers
62
views
org.bouncycastle.cms.CMSSignerDigestMismatchException: message-digest attribute value does not match calculated value
please look my android code about verify signature using bouncycastle. condition: have one cms file and root.crt, use root.crt verify cms file. first use:openssl smime -verify -CAfile root.crt -in ...
- 11
0
votes
0
answers
70
views
TSD verification Digital Signature Service 5.13
I'm encountering an issue while verifying a TSD (Timestamped Digital Signature) file named nameFile.pdf.tsd using the DSS (Digital Signature Service) library version 5.13.
I previously encountered ...
0
votes
2
answers
240
views
"No key data found" when using pgpainless to import key
I'm on Mac and I've created and exported a key:
% gpg --generate-key
% gpg --export --armor --output new.pub B42B1AF5
the contents of which you can see here:
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
- 8,450
0
votes
2
answers
406
views
How to change the format that Java+BouncyCastle writes my private key?
I have a pkcs12 file that contains a public and private key pair that I created using openssl. My Java program reads in the pcks12 file and saves the public and private keys separately for use by the ...
- 1
0
votes
0
answers
141
views
How to use BouncyCastle FIPS library in conjuction with BouncyCastle.Cryptography library?
For compliance reasons, we have to use the FIPS version of BouncyCastle, available from here: https://www.bouncycastle.org/download/bouncy-castle-c-fips/#latest
However we also use other libraries, ...
- 2,654
0
votes
2
answers
299
views
How to convert a ECPrivateKey to a PEM-encoded OpenSSH format?
Given this randomly generated ECDSA private key:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
...
- 90.9k
0
votes
1
answer
248
views
AEADBadTagException: mac check in GCM failed during AES decryption with BouncyCastle
I am encountering a javax.crypto.AEADBadTagException: mac check in GCM failed error when attempting to decrypt data using AES in GCM mode with BouncyCastle. The error occurs during the AES decryption ...
0
votes
0
answers
69
views
How to extract encrypted key and encrypted content from a CMS EnvelopedData object in Java?
I am working with CMS (Cryptographic Message Syntax) envelopes in Java and need to extract the encrypted key and encrypted content from a CMSEnvelopedData object using the BouncyCastle library. ...
0
votes
1
answer
1k
views
BouncyCastle C# GCM Ecrypt and GCM Decrypt
I was trying to learn AES GCM from (https://asecuritysite.com/bouncy/bc_gcm). Although the site does a nice job combining the code all in one. I was trying to break it out and make it a function (GCM ...
- 199