Class BouncyCastleFipsProvider

  • All Implemented Interfaces:
    java.io.Serializable, java.lang.Cloneable, java.util.Map<java.lang.Object,​java.lang.Object>

    public final class BouncyCastleFipsProvider
    extends java.security.Provider
    The BC FIPS provider.

    If no SecureRandom has been specified using CryptoServicesRegistrar.setSecureRandom() the provider class will generate a FIPS compliant DRBG based on SHA-512. It is also possible to configure the DRBG by passing a string as a constructor argument to the provider via code, or the java.security configuration file.

    At the moment the configuration string is limited to setting the DRBG.The configuration string must always start with "C:" and finish with "ENABLE{ALL};". The command for setting the actual DRBG type is DEFRND so a configuration string requesting the use of a SHA1 DRBG would look like:

             C:DEFRND[SHA1];ENABLE{All};
         
    Possible values for the DRBG type are "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "SHA512(224)", "SHA512(256)", "HMACrovRandSHA1", "HMACSHA224", "HMACSHA256", "HMACSHA384", "HMACSHA512", "HMACSHA512(224)", "HMACSHA512(256)", "CTRAES128", "CTRAES192", CTRAES256", and "CTRDESEDE".

    The default DRBG is configured to be prediction resistant. In situations where the amount of entropy is constrained the default DRBG can be configured to use an entropy pool based on a SHA-512 SP 800-90A DRBG. To configure this use:

             C:HYBRID;ENABLE{All};
         
    or include the string "HYBRID;" in the previous command string setting the DRBG. After initial seeding the entropy pool will start a reseeding thread which it will begin polling once 20 samples have been taken since the last seeding and will do a reseed as soon as new entropy bytes are returned.

    Note: if the provider is created by an "approved mode" thread, only FIPS approved algorithms will be available from it.

    See Also:
    Serialized Form
    • Nested Class Summary

      • Nested classes/interfaces inherited from class java.security.Provider

        java.security.Provider.Service
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String PROVIDER_NAME  
      • Fields inherited from class java.util.Properties

        defaults
    • Constructor Summary

      Constructors 
      Constructor Description
      BouncyCastleFipsProvider()
      Base constructor - build a provider with the default configuration.
      BouncyCastleFipsProvider​(java.lang.String config)
      Constructor accepting a configuration string.
      BouncyCastleFipsProvider​(java.lang.String config, java.security.SecureRandom entropySource)
      Constructor accepting a config string and a user defined source of entropy to be used for the providers locally configured DRBG.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.security.Provider configure​(java.lang.String configArg)  
      int getDefaultRandomSecurityStrength()
      Return the default random security strength.
      java.security.SecureRandom getDefaultSecureRandom()  
      java.security.Provider.Service getService​(java.lang.String type, java.lang.String algorithm)  
      java.util.Set<java.security.Provider.Service> getServices()  
      • Methods inherited from class java.security.Provider

        clear, compute, computeIfAbsent, computeIfPresent, elements, entrySet, forEach, get, getInfo, getName, getOrDefault, getProperty, getVersion, getVersionStr, isConfigured, keys, keySet, load, merge, put, putAll, putIfAbsent, putService, remove, remove, removeService, replace, replace, replaceAll, toString, values
      • Methods inherited from class java.util.Properties

        clone, contains, containsKey, containsValue, equals, getProperty, hashCode, isEmpty, list, list, load, loadFromXML, propertyNames, rehash, save, setProperty, size, store, store, storeToXML, storeToXML, storeToXML, stringPropertyNames
      • Methods inherited from class java.lang.Object

        finalize, getClass, notify, notifyAll, wait, wait, wait
    • Constructor Detail

      • BouncyCastleFipsProvider

        public BouncyCastleFipsProvider()
        Base constructor - build a provider with the default configuration.
      • BouncyCastleFipsProvider

        public BouncyCastleFipsProvider​(java.lang.String config)
        Constructor accepting a configuration string.
        Parameters:
        config - the config string.
      • BouncyCastleFipsProvider

        public BouncyCastleFipsProvider​(java.lang.String config,
                                        java.security.SecureRandom entropySource)
        Constructor accepting a config string and a user defined source of entropy to be used for the providers locally configured DRBG.
        Parameters:
        config - the config string.
        entropySource - a SecureRandom which can act as an entropy source.
    • Method Detail

      • configure

        public java.security.Provider configure​(java.lang.String configArg)
        Overrides:
        configure in class java.security.Provider
      • getDefaultSecureRandom

        public java.security.SecureRandom getDefaultSecureRandom()
      • getDefaultRandomSecurityStrength

        public int getDefaultRandomSecurityStrength()
        Return the default random security strength.
        Returns:
        the security strength for the default SecureRandom the provider uses.
      • getService

        public final java.security.Provider.Service getService​(java.lang.String type,
                                                               java.lang.String algorithm)
        Overrides:
        getService in class java.security.Provider
      • getServices

        public final java.util.Set<java.security.Provider.Service> getServices()
        Overrides:
        getServices in class java.security.Provider