Class BouncyCastleFipsProvider
- java.lang.Object
-
- java.util.Dictionary<K,V>
-
- java.util.Hashtable<java.lang.Object,java.lang.Object>
-
- java.util.Properties
-
- java.security.Provider
-
- org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
-
- All Implemented Interfaces:
java.io.Serializable
,java.lang.Cloneable
,java.util.Map<java.lang.Object,java.lang.Object>
public final class BouncyCastleFipsProvider extends java.security.Provider
The BC FIPS provider.If no SecureRandom has been specified using CryptoServicesRegistrar.setSecureRandom() the provider class will generate a FIPS compliant DRBG based on SHA-512. It is also possible to configure the DRBG by passing a string as a constructor argument to the provider via code, or the java.security configuration file.
At the moment the configuration string is limited to setting the DRBG.The configuration string must always start with "C:" and finish with "ENABLE{ALL};". The command for setting the actual DRBG type is DEFRND so a configuration string requesting the use of a SHA1 DRBG would look like:
C:DEFRND[SHA1];ENABLE{All};
Possible values for the DRBG type are "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "SHA512(224)", "SHA512(256)", "HMACrovRandSHA1", "HMACSHA224", "HMACSHA256", "HMACSHA384", "HMACSHA512", "HMACSHA512(224)", "HMACSHA512(256)", "CTRAES128", "CTRAES192", CTRAES256", and "CTRDESEDE".The default DRBG is configured to be prediction resistant. In situations where the amount of entropy is constrained the default DRBG can be configured to use an entropy pool based on a SHA-512 SP 800-90A DRBG. To configure this use:
C:HYBRID;ENABLE{All};
or include the string "HYBRID;" in the previous command string setting the DRBG. After initial seeding the entropy pool will start a reseeding thread which it will begin polling once 20 samples have been taken since the last seeding and will do a reseed as soon as new entropy bytes are returned.Note: if the provider is created by an "approved mode" thread, only FIPS approved algorithms will be available from it.
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
PROVIDER_NAME
-
Constructor Summary
Constructors Constructor Description BouncyCastleFipsProvider()
Base constructor - build a provider with the default configuration.BouncyCastleFipsProvider(java.lang.String config)
Constructor accepting a configuration string.BouncyCastleFipsProvider(java.lang.String config, java.security.SecureRandom entropySource)
Constructor accepting a config string and a user defined source of entropy to be used for the providers locally configured DRBG.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.security.Provider
configure(java.lang.String configArg)
int
getDefaultRandomSecurityStrength()
Return the default random security strength.java.security.SecureRandom
getDefaultSecureRandom()
java.security.Provider.Service
getService(java.lang.String type, java.lang.String algorithm)
java.util.Set<java.security.Provider.Service>
getServices()
-
Methods inherited from class java.security.Provider
clear, compute, computeIfAbsent, computeIfPresent, elements, entrySet, forEach, get, getInfo, getName, getOrDefault, getProperty, getVersion, getVersionStr, isConfigured, keys, keySet, load, merge, put, putAll, putIfAbsent, putService, remove, remove, removeService, replace, replace, replaceAll, toString, values
-
-
-
-
Field Detail
-
PROVIDER_NAME
public static final java.lang.String PROVIDER_NAME
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
BouncyCastleFipsProvider
public BouncyCastleFipsProvider()
Base constructor - build a provider with the default configuration.
-
BouncyCastleFipsProvider
public BouncyCastleFipsProvider(java.lang.String config)
Constructor accepting a configuration string.- Parameters:
config
- the config string.
-
BouncyCastleFipsProvider
public BouncyCastleFipsProvider(java.lang.String config, java.security.SecureRandom entropySource)
Constructor accepting a config string and a user defined source of entropy to be used for the providers locally configured DRBG.- Parameters:
config
- the config string.entropySource
- a SecureRandom which can act as an entropy source.
-
-
Method Detail
-
configure
public java.security.Provider configure(java.lang.String configArg)
- Overrides:
configure
in classjava.security.Provider
-
getDefaultSecureRandom
public java.security.SecureRandom getDefaultSecureRandom()
-
getDefaultRandomSecurityStrength
public int getDefaultRandomSecurityStrength()
Return the default random security strength.- Returns:
- the security strength for the default SecureRandom the provider uses.
-
getService
public final java.security.Provider.Service getService(java.lang.String type, java.lang.String algorithm)
- Overrides:
getService
in classjava.security.Provider
-
getServices
public final java.util.Set<java.security.Provider.Service> getServices()
- Overrides:
getServices
in classjava.security.Provider
-
-