On mån, 2014-03-03 at 04:25 -0500, David Walluck wrote:
On 03/03/2014 03:39 AM, David Juran wrote:
> Is there any way of knowing which crypto:s are supported by a specific
> bouncycastle installation? I.e. will this work with bouncycastle-1.46 on
> F20 or will it require rawhide with bouncycastle-1.50?
The easiest way to check is to make a test class and to put the call
from the last email inside a try..catch block as it will throw a
NoSuchAlgorithmException if it's not supported in that version.
So for the curious, it seems that both the F20 and rawhide versions do
support ECDH. For F19, I'm still pushing it to testing, so I guess we'll
find out (-:
To look for the supported algorithms more specifically, it is a bit
complicated since DH is actually an alias. I don't currenly have EC on
my system, but it will look something like:
Alg.Alias.KeyAgreement.DH:DiffieHellman (but the EC variant).
You could start with something like: java.security.Provider p =
java.security.Security.getProviders(). Here p.getName() will return
something like "BC" for bouncycastle. Then, you could iterate over
java.security.Provider.stringPropertyNames(). At least if you use this
code you can verify that the BC provider is loaded and all of the
algorithms that it supports.
What I actually did was just to do
java.security.Security.addProvider(new BouncyCastleProvider()) without
much further checking. But I guess if
https://bugzilla.redhat.com/show_bug.cgi?id=711090 got solved, I
wouldn't even have to do that.
NB: In the code I gave in the last email, the addition of the second
argument "BC" will force the BC provider to be used, otherwise it will
check all available providers. I think you should actually prefer to
check them all, although it does not look like the SunEC Provider is
available in OpenJDK which will make having BC loaded a requirement.
Bah, makes total sense, so much for pushing before reading the _entire_
email. Thanks (-:
--
David Juran
Sr. Consultant
Red Hat
+46-725-345801