Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

BouncyCastle does not find algorithms that it provides?

I'm playing around with BouncyCastle 1.46 To my surprise, the catch-block in the snippet below is tripped quite often.

Security.addProvider(new BouncyCastleProvider());

final Set<String> found = new HashSet<String>();
final Set<String> missing = new HashSet<String>();

final DefaultSignatureAlgorithmIdentifierFinder finder = new DefaultSignatureAlgorithmIdentifierFinder();
for (Service service : new BouncyCastleProvider().getServices()) {
    if ("Signature".equals(service.getType())) {
        final String algorithm = service.getAlgorithm();
        try {
            finder.find(algorithm);
            found.add(algorithm);
        } catch (IllegalArgumentException ex) {
            missing.add(algorithm);
        }
    }
}

System.out.println("Found: " + found);
System.out.println("Missing: " + missing);

I appear to be unable to use most of the algorithms through the Finder, even though Services exist that provide those algorithms. What am I doing wrong?

Update I've changed the code a little to illustrate the issue better. What might be of interest is that I am using the JDK1.5 version of BouncyCastle. The code above gives this output:

Found: [RIPEMD256WithRSAEncryption, MD5WithRSAEncryption, MD2WithRSAEncryption, SHA384WithRSAEncryption, SHA224WITHECDSA, SHA384WITHDSA, SHA256WITHDSA, SHA512WithRSAEncryption, SHA512WITHDSA, RIPEMD160WithRSAEncryption, SHA224WithRSAEncryption, SHA256WITHECDSA, RIPEMD128WithRSAEncryption, SHA384WITHECDSA, SHA256WithRSAEncryption, SHA512WITHECDSA, SHA1WithRSAEncryption, SHA224WITHDSA]

Missing: [SHA1WITHECNR, NONEwithECDSA, ECDSA, SHA512withRSA/PSS, RIPEMD160WITHECDSA, RSA, GOST3410, SHA256WITHECNR, MD5withRSA/ISO9796-2, SHA1WITHCVC-ECDSA, SHA384withRSA/PSS, SHA1withRSA/PSS, MD4WithRSAEncryption, RSASSA-PSS, SHA512WITHECNR, SHA256WITHCVC-ECDSA, SHA1withRSA/ISO9796-2, SHA224withRSA/PSS, SHA224WITHCVC-ECDSA, RAWRSASSA-PSS, SHA256withRSA/PSS, NONEWITHDSA, SHA384WITHECNR, RIPEMD160withRSA/ISO9796-2, DSA, ECGOST3410, SHA224WITHECNR, 1.2.840.113549.1.1.10]

like image 997
Guus Avatar asked Dec 09 '22 03:12

Guus


2 Answers

I think that DefaultSignatureAlgorithmIdentifierFinder is part of the bcmail API. It returns algorithm identifiers recognized by this API. (Check Cryptographic Message Syntax) On the other hand the bouncy castle provider provides more algorithms. You may check the source of DefaultSignatureAlgorithmIdentifierFinder where the recognized algorithms are hardcoded:

algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);

Cheers!

like image 129
Lachezar Balev Avatar answered Dec 11 '22 16:12

Lachezar Balev


Did you add BouncyCastle to the security providers? You can do that with this line:

Security.addProvider(new BouncyCastleProvider());
like image 22
Johnny Graber Avatar answered Dec 11 '22 16:12

Johnny Graber