Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is Bouncy Castle API Thread Safe?

Tags:

java

cryptography

bouncycastle

Is Bouncy Castle API Thread Safe ? Especially,

org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher
org.bouncycastle.crypto.paddings.PKCS7Padding
org.bouncycastle.crypto.engines.AESFastEngine
org.bouncycastle.crypto.modes.CBCBlockCipher

I am planning to write a singleton Spring bean for basic level cryptography support in my app. Since it is a web application, there are greater chances of multiple threads accessing this component at a time. So tread safety is essential here.

Please let me know if you have come across such situations using Bouncy Castle.

like image 551
jatanp Avatar asked Sep 08 '08 11:09

jatanp

People also ask

What is Bouncy Castle API?

Bouncy Castle is a collection of APIs used in cryptography. It includes APIs for both the Java and the C# programming languages. The APIs are supported by a registered Australian charitable organization: Legion of the Bouncy Castle Inc. Bouncy Castle. Developer(s)

What is thread safe API?

Thread safety is a computer programming concept applicable to multi-threaded code. Thread-safe code only manipulates shared data structures in a manner that ensures that all threads behave properly and fulfill their design specifications without unintended interaction.

Is Java instant thread safe?

The javadoc specifies that the Instant class is thread-safe.

1 Answers

It really does not matter if the API/Code is thread safe. CBC encryption in itself is not thread safe. Some terminology -

E(X) = Enctrypt message X
D(X) = Dectrypt X. (Note that D(E(X)) = X)
IV = Initialization vector. A random sequence to bootstrap the CBC algorithm
CBC = Cipher block chaining.

A really simple CBC implementation can look like: P1, P2, P3 = Plain text messages

1. Generate an IV, just random bits.
2. Calculate E( P1 xor IV) call this C1
3. Calculate E( P2 xor C1) call this C2
4. Calculate E( P3 xor C2) call this C3.

As you can see, the result of encrypting P1, P2 and P3 (in that order) is different from encrypting P2, P1 and P3 (in that order).

So, in a CBC implementation, order is important. Any algorithm where order is important can not, by definition, be thread safe.

You can make a Singleton factory that delivers encryption objects, but you cant trust them to be thread safe.

like image 180
Tnilsson Avatar answered Sep 30 '22 15:09

Tnilsson
Sign in to Comment

Related questions

How does spring manage ExceptionHandler priority?
Spring Boot intercept all exception handlers
Can I run ECMAScript 6 from Java 9 Nashorn engine
Marker interface vs empty abstract class
How to detect check or identify app is running on Android Go edition 8.1 Device programatically
startForegroundService() did not call startForeground(), but it did
Why does HashMap's get() compare both the hash value and key in Java?
Unknown data type when using an integer over NamedParameterJDBCTemplate on H2 [SPRING-BOOT]
Does Scala's Partial Function have a Java Equivalent?
Collectors.groupby for Map<String,List<String>
How to use Lombok's toBuilder on @SuperBuilder
Why opencsv capitalizing csv headers while writing to file
Kotlin Could not find or load main class
Android: 2 aar libraries with the same package
Hibernate Dialect for Oracle 19
Application doing too much work in main thread loading the xml layout file
SocketTimeout on Java 11 but not on Java 8
"statistics unavailable at this time" when trying to print String Pool information?
How to fix race conditions without using synchronized (Lock free sequence counter implementation)?
Connect C++ app to JAVA web app with SOAP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!