Resources

Commercial support details and some general Java cryptography resources, which you may, or may not, find helpful. If you have an article, book, or project you would like to see added below send a message to feedback-crypto@bouncycastle.org

Tutorials

Training: PKI at the edge with Bouncy Castle

Learn how to use Bouncy Castle for generating certificates and certification requests, including for EJBCA. To make these tasks easier for system administrators, we will also look at Kotlin DSL as a scripting language.

Watch the training: Training - PKI at the Edge with Bouncy Castle and EJBCA

See the documentation: How-to guides and exercises - PKI at the Edge

Complimentary Packages

EJBCA
EJBCA is a fully functional Certificate Authority using J2EE technology. EJBCA builds on the J2EE platform to create a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in any J2EE app.

Novosec Extensions
This package provides the following pure Java extensions to the Bouncy Castle framework and has been made freely available by www.novosec.com:

  1. OCSP (RFC 2560) server and client
  2. CMP (RFC 2510, RFC 2511) generator and parser.

JCE taglib
A JSP tag library with cryptographic funtions and X.509 certificate generation based on BouncyCastle JCE. There is also a refactoring of JCE taglib CryptoLib on the main JCE taglib project page. CryptoLib can also be used with non-JSP projects.

LightCrypto
A library of cryptographic functions based on the lightweight API, including some functions for use with HSQLDB embeddable database.

Portecle
Portecle is a user friendly GUI application for creating, managing and examining key stores, keys, certificates, certificate requests, certificate revocation lists and more.

Jasypt - Java Simplified Encryption
Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort. It offers transparent integration with Hibernate, an open API for use with any JCE provider, and is suitable for integration into Spring-based applications and ACEGI. Instructions on using it with Bouncy Castle can be found at: http://www.jasypt.org/bouncy-castle.html.

KeyTool IUI
KeyTool is a free user friendly GUI application for creating, managing keys and keystores as an alternative to the JDK's KeyTool command.

Commercial Support

If you are reporting a bug, or would simply like to suggest something to add to the library let us know at feedback-crypto@bouncycastle.org and your request will be dealt with, if you need something else read on.

The Legion of the Bouncy Castle is a strictly non-profit, no financial interest organisation, however we do get requests for commercial support or project work from time to time. To deal with this and help fund further work on the APIs we have set up Crypto Workshop (now part of Keyfactor). If you need a support agreement or have an issue that might need a solution requiring consulting, mentoring, or education, please contact us info@cryptoworkshop.com

Note: As Crypto Workshop is made up of founders to and contributors to Bouncy Castle who have commit access, it is the only source for Bouncy Castle support recognised by the project.

Articles

English

A Layman's Guide to a Subset of ASN.1, BER, and DER
Burton Kaliski Jr.
 
Burton Kaliski Jr.'s definitive introduction to ASN.1, BER, and DER - RSA Data Security, Inc. Public-Key Cryptography Standards (PKCS) 1993 edition.

MIDP Application Security 3: Authentication in MIDP
Jonathan Knudsen
 
Examples of using the lightweight API, brief discussion about obfuscation.

MIDP Application Security 4: Encryption in MIDP
Jonathan Knudsen
 
More examples of using the lightweight API.

Data security in mobile Java applications
Michael Juntao Yuan
 
Includes examples of the lighweight API as well as general discussion of other alternatives.

Securing your J2ME/MIDP apps
Michael Juntao Yuan
 
Includes examples of the lighweight API used for XML signatures.

Français

Cryptographie avec Bouncy Castle
Nyal
 
Ce tutoriel constitue une première approche pour l'utilisation de la bibliothèque Bouncy Castle.

Utiliser PGP avec Java et Bouncy Castle
Graham Jenkins (Traduction française par Simon Depiets, relecture de la traduction française par Joëlle Cornavin).

Books

English

Java Cryptography: Tools and Techniques
David Hook, Jon Eaves - Leanpub
 
Finished in 2022 and written by two founders of the Bouncy Castle project, as a successor to "Beginning Cryptography with Java", the book covers the recent features introduced in the JCA/JCE as well the latest changes to the BC APIs and the BCFIPS Java module including the recent introduction of Post-Quantum algorithms to the BC APIs. Coverage of certificate generation, CMS, S/MIME, OpenPGP, and the TLS APIs is also included. Also available as a Paperback Edition and a Kindle Tablet Edition

A copy of the source code for the examples in the book can be found in java-crypto-tools-src.zip.

 

The following are books listed in association with amazon.com. Any proceeds received from this are used to support the running of this web site.

Beginning Cryptography with Java
David Hook - Wrox
 
Written by a Bouncy Castle APIs committer, the book covers recent features introduced in the JCA/JCE cryptography APIs in JDK 1.5 and is fully up to date with the cryptography APIs in J2SE 5.01, including Elliptic Curve cryptography, as well as dealing with earlier versions of the JCE/JCA in earlier JDKs. The book also deals with provider installation, X.509 certificate generation, CRL generation, and the creation and processing of PKCS #10 certification requests using the JCA and the Bouncy Castle APIs, in addition it covers certificate validation and certificate path processing with both CRLs and OCSP. Finally, it also covers using PKCS #12, processing CMS and S/MIME messages using the BC APIs, SSL using the JSSE, and gives an introduction as to how to use the Bouncy Castle ASN.1 library.

The book also has some on-line resources including code examples and a forum.

1 Mind you, you would probably have to read it first to be aware of this... ;-)

Practical Cryptography
Niels Ferguson, Bruce Schneier - John Wiley & Sons
 
Not so much a book about algorithms either, but a book about how to use them in a general sense. If you are looking at implementing a secure system, rather than just implementing basic cryptography this is a great book to read.

Java Cryptography Extensions : Practical Guide for Programmers
Jason Weiss - Morgan Kaufmann
 
Covers the JCE and some parts of the JCA as seen in JDK 1.4.

Wireless Java: Developing with Java 2, Micro Edition
Jonathan Knudsen - Apress
 
Includes a section on developing with the Bouncy Castle Lightweight APIs.

J2EE Security for Servlets, EJBs, and Web Services
Pankaj Kumar - Prentice Hall PTR
 
Includes sections on the JCE, JCA and implementing PKI systems with Java and a discussion of what goes on under the covers when you install the Bouncy Castle provider.

Applied Cryptography: Protocols, Algorithms, and Source Code in C (Second Edition)
Bruce Schneier - John Wiley & Sons
 
A general introduction to Cryptography, if you are new to this area it is well worth the effort to read a copy to gain some understanding of how cryptographic algorithms work.

Handbook of Applied Cryptography
Alfred J. Menezes, Paul C. Van Oorschot, Scott A. Vanstone - CRC Press
 
Considerably more academic than Bruce Schneier's book, really intended for people with a good background in mathematics and computer science. Very solid, covering both algorithms and basic number theory. Chapters for this book are also available on the web at http://www.cacr.math.uwaterloo.ca/hac/ with some restrictions.

Newsletters

English

Crypto-Gram
Free monthly e-mail newsletter on computer security and cryptography from Bruce Schneier.

Web Links

English

Unofficial Java Web Start/JNLP FAQ
If you are having trouble using cryptographic providers in conjunction with Java Web Start, this is the place to look first.

RSA Lab's Cryptography FAQ
Frequently asked questions about today's cryptography from RSA Laboratories.

The Object Identifier Registry
Online registry of ASN.1 Object Identifiers and what they are.

The X.509 Style Guide
Peter Gutmann's implementation notes for developers of X.509 certificates. Humourous as well as very useful, also contains references to other introductory material covering PKI and cryptography.