Copyright © 2013-2023 intelliCard Solutions AG • Untere Bahnhofstrasse 2 • CH - 8640 Rapperswil SG • E-Mail: info@intellicard.ch
intelliCastle JCE Provider
A re-packaged version of the Bouncy Castle
JCE provider.
Targeted for Android development.
Why in general?
The Android platform unfortunately ships with a cut-down version of Bouncy Castle - as well as being crippled, it also makes installing an updated version of the libraries difficult due to class loader conflicts.
intelliCastle is the same as the stock Bouncy Castle libraries with a couple of small changes to make them work on Android.
Why not Spongy Castle?
Why another fork apart from the already available Spongy Castle?
As a manufacturer of a security library for mobile devices, we wanted to have control over the cryptographic code being used internally by our library while not enforcing any restrictions upon users of our library.
Hence an application making use of our library could still use (a potentially different version of) Spongy Castle without running into class loader problems or other side effects. They could, of course, also make use of the intelliCastle classes and thus prevent a lot of code duplication ...
Changes from Bouncy Castle
- to avoid class loader conflicts, all package names have been moved from org.bouncycastle.* to org.intellicastle.*
- the Java Security API Provider name is now IC rather than BC (resp. ICPQC instead of BCPQC for the post quantum provider)
- no class name changes, so the BouncyCastleProvider class remains Bouncy, not Intelli, but moves to the org.intellicastle.jce.provider package
- added a simple class to allow for version checking without having to instantiate a provider (which is an expensive operation): org.intellicastle.Version
- changed the names of the libraries to have a consistent naming pattern
- disabled a few of the JUnit tests because they don't pass during a maven build
Current version
The current version of intelliCastle is derived from the Bouncy Castle version 1.77.
The previous versions of intelliCastle based on older Bouncy Castle versions are still available in the archive.
Note that as from version 1.55, the intelliCastle JCE provider is signed with a proper code signing certificate for JCE provider signing (issued by the "JCE Code Signing CA, Sun Microsystems Inc"). This allows the provider to also be used in the Oracle JRE which requires JCE providers to be signed. In that way, it is easier to re-use the same code (built on the classes in the intelliCastle namespace) for both Android and "normal" Java on desktop/server systems.
Please note further that the providers from version 1.65 onwards are signed by a new authority that will only authenticate properly on Oracle Java releases 9+, 8u111, 7u121, 6u131 and later, as well as any OpenJDK release which verify using the Oracle JCE CA certificate (as opposed to the former one from Sun which expired on 2020-04-25).
License
intelliCastle is licensed under the same adaptation of the MIT X11 License as the original Bouncy Castle library.
Downloads
| JAR file | Contents | Dependencies |
|---|---|---|
| ic-light.jar | Lightweight Crypto API | - |
| ic-prov.jar | JCE provider | ic-light.jar |
| ic-pkix.jar | PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP and CRMF APIs |
ic-light.jar ic-prov.jar ic-util.jar |
| ic-pg.jar | OpenPGP API | ic-light.jar ic-prov.jar |
| ic-mail.jar | S/MIME API | ic-light.jar ic-prov.jar ic-pkix.jar ic-util.jar JavaMail 1.4.5 |
| ic-util.jar | Utilities | ic-light.jar |
Build your own
Security sensitive people tend to like building stuff on their own, so here's a short description of the necessary steps:
- Create a work directory, called IC_HOME in the following steps, and make it the current directory.
- Download the necessary scripts and helper files and unpack them into the current IC_HOME directory:
IC_HOME$ unzip intellicastle-build-1.77.zip - Download the full distribution from the Bouncy Castle FTP server, e.g. crypto-177.zip.
- Unpack the downloaded archive and rename the created folder to crypto:
IC_HOME$ unzip crypto-177.zip IC_HOME$ mv crypto-177 crypto IC_HOME$ chmod -R u+w crypto/* - You should now have the following directory structure:
IC_HOME$ ls -Al total 296260 drwx------ 0 lep lep 0 2015-06-21 08:34:29 bin/ drwx------ 0 lep lep 0 2016-12-10 20:02:26 bouncycastle/ drwx------ 0 lep lep 0 2017-01-25 17:40:00 crypto/ -rw------- 0 lep lep 188706024 2023-12-18 15:53:47 crypto-177.zip drwx------ 0 lep lep 0 2013-08-08 13:40:42 doc/ drwx------ 0 lep lep 0 2016-12-10 20:26:29 intellicastle/ -rw------- 0 lep lep 96224 2023-12-18 17:47:55 intellicastle-build-1.77.zip drwx------ 0 lep lep 0 2015-06-21 08:34:28 maven/ IC_HOME$ - Execute the bouncycastle-to-maven-layout.sh
script to convert the project structure to maven:
IC_HOME$ bin/bouncycastle-to-maven-layout.sh - Execute the bouncycastle-to-intellicastle.sh
script to perform the package renaming and other replacements.
This script requires the version which is being built as an argument, e.g. 1.77:IC_HOME$ bin/bouncycastle-to-intellicastle.sh 1.77 - Apply the necessary patch for the chosen version to disable some of the (broken?) JUnit tests:
IC_HOME$ patch -p1 < bouncycastle/crypto-177.patch - Compile the libraries with Maven (assuming a version compatible with Maven 3.0.5):
IC_HOME$ mvn clean install - If all went well, you'll find the built libraries in the maven repository as well as in the
target folder in each of the maven project folders, e.g. IC_HOME/ic-light/target/ic-light-1.77.jar.
IC_HOME$ find -name "*.jar" ./ic-light/target/ic-light-1.77.jar ./ic-mail/target/ic-mail-1.77.jar ./ic-pg/target/ic-pg-1.77.jar ./ic-pkix/target/ic-pkix-1.77.jar ./ic-prov/target/ic-prov-1.77.jar ./ic-test/target/ic-test-1.77.jar ./ic-util/target/ic-util-1.77.jar IC_HOME$ - An example output of such a build is given in this build log.
Contributors
Besides of course the original team from Bouncy Castle and Roberto Tyley who came up with the initial idea of creating the Android port called Spongy Castle, these are the people who have contributed to this release: