Both lines of code:
KeyPairGenerator.getInstance("RSA")
KeyPairGenerator.getInstance("RSA", "BC")
works well. So, what's the differecente using BC or not?
Is BC completely compatible with the default RSA used? (using sun JDK 6)
views:
51answers:
3
+2
A:
From the Javadoc of the first constructor:
Returns a
KeyPairGeneratorobject that generates public/private key pairs for the specified algorithm.This method traverses the list of registered security Providers, starting with the most preferred Provider. A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the first Provider that supports the specified algorithm is returned.
Note that the list of registered providers may be retrieved via the
Security.getProviders()method.
The linked Javadoc of Security.getProviders() in turn states the following:
Returns an array containing all the installed providers. The order of the providers in the array is their preference order.
Well, apparently BC is in your case "by coincidence" the first preferred provider. If there is uncertainity around it (i.e. you want to distribute the application and you have no control over enduser's environment) and you would like to let it stick to use BC, then you should prefer using the second constructor.
BalusC
2010-06-01 13:42:48
> BC is in your case "by coincidence" the first preferred providerActually not. Just checked, the first constructor works well even if BC provider is not installed. Java has its own provider for RSA called `SunRsaSign` I guess.
hudolejev
2010-06-01 13:54:25
and are the providers compatible? Can I use one and my clients another?
Tom Brito
2010-06-01 14:02:59
@Tom I guess the best thing is to try that out, but I think there shouldn't be any problems. I personally used BC and OpenSSL implementations and didn't face any problems.
hudolejev
2010-06-01 14:10:57
I know I can do my own tests here, but they would be not as reliable as a opinion of someone that really applied this in a real system and it works well for a long time, understand? ;)
Tom Brito
2010-06-01 15:11:32
A:
"BC" returns the BouncyCastle implementation of the crypto algorithm.
If you don't specify the provider it will return the "most prefferred" implementation of the crypto algorithm i.e. the providor at position 1 is the most preffered in the array of providers.
David Relihan
2010-06-01 13:53:51
and are the providers compatible? Can I use one and my clients another?
Tom Brito
2010-06-01 14:00:57
+1
A:
In BouncyCastle FAQ there are some entries related to RSA implementation details.
I personally haven't found anything written about Sun and BC providers being incompatible, and I suggest using Java's native RSA implementation if BouncyCastle dependency could be completely dropped by that. You should add external dependencies only if there is a well-defined benefit from that.
If you are using BC library somewhere else in your project, I guess it doesn't matter which provider to use.
EDIT
J2ME does not include RSA implementation. So if you are planning to port your app to J2ME sometimes, BouncyCastle library is the right way to go now.
hudolejev
2010-06-01 14:05:35