Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why do people use bouncycastle instead of Java's built in JCE provider? What is the difference?

People also ask

Why do we use BouncyCastle?

BouncyCastle is a Java library that complements the default Java Cryptographic Extension (JCE). In this introductory article, we're going to show how to use BouncyCastle to perform cryptographic operations, such as encryption and signature.

What is Crypto BouncyCastle?

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.

How is JCA different from JCE?

The basic difference between JCA and JCE is that JCE is an extension of JCA, not a replacement. The JCA includes classes like MessageDigest , SecureRandom , KeyFactory , Signature and KeyStore . JCE add some more classes of cryptography like Cipher , KeyGeneration , Mac and KeyGeneration .

What is a JCE provider?

The AWS CloudHSM JCE provider is a provider implementation built from the Java Cryptographic Extension (JCE) provider framework. The JCE provides a framework for performing cryptographic operations using the Java Development Kit (JDK).


BouncyCastle has many more cipher suites and algorithms than the default JCE provided by Sun.

In addition to that, BouncyCastle has lots of utilities for reading arcane formats like PEM and ASN.1 that no sane person would want to rewrite themselves.


Bouncy Castle is Australian in origin, and therefore is not subject to the Export of cryptography from the United States.

It is useful if you are outside the United States and you need to manage key sizes grater than permitted by such that restriction. In that case you are not permitted to use software from United States for that.


On server or desktop, I don't see any reason to use BC unless you have to deal with some legacy ciphers or formats not supported by Sun JCE.

However, many JREs don't come with a JCE provider, like on mobile or embedded environments. BC comes handy in such cases.