Copyright © 2013-2017 intelliCard Solutions AG Untere Bahnhofstrasse 2 CH - 8640 Rapperswil SG E-Mail: firstname.lastname@example.org
intelliCastle JCE Provider
Why in general?
The Android platform unfortunately ships with a cut-down version of Bouncy Castle - as well as being crippled, it also makes installing an updated version of the libraries difficult due to class loader conflicts.
intelliCastle is the same as the stock Bouncy Castle libraries with a couple of small changes to make them work on Android.
Why not Spongy Castle?
Why another fork apart from the already available Spongy Castle?
As a manufacturer of a security library for mobile devices, we wanted to have control over the cryptographic code being used internally by our library while not enforcing any restrictions upon users of our library.
Hence an application making use of our library could still use (a potentially different version of) Spongy Castle without running into class loader problems or other side effects. They could, of course, also make use of the intelliCastle classes and thus prevent a lot of code duplication ...
Changes from Bouncy Castle
- to avoid class loader conflicts, all package names have been moved from org.bouncycastle.* to org.intellicastle.*
- the Java Security API Provider name is now IC rather than BC (resp. ICPQC instead of BCPQC for the post quantum provider)
- no class name changes, so the BouncyCastleProvider class remains Bouncy, not Intelli, but moves to the org.intellicastle.jce.provider package
- added a simple class to allow for version checking without having to instantiate a provider (which is an expensive operation): org.intellicastle.Version
- changed the names of the libraries to have a consistent naming pattern
- disabled a few of the JUnit tests because they don't pass during a maven build
The current version of intelliCastle is derived from the Bouncy Castle version 1.56.
The previous versions of intelliCastle based on Bouncy Castle version 1.47, 1.50, 1.51, 1.52, 1.54 and 1.55 are still available here.
Note that as from version 1.55, the intelliCastle JCE provider is signed with a proper code signing certificate for JCE provider signing (issued by the "JCE Code Signing CA, Sun Microsystems Inc"). This allows the provider to also be used in the Oracle JRE which requires JCE providers to be signed. In that way, it is easier to re-use the same code (built on the classes in the intelliCastle namespace) for both Android and "normal" Java on desktop/server systems.
intelliCastle is licensed under the same adaptation of the MIT X11 License as the original Bouncy Castle library.
|ic-light.jar||Lightweight Crypto API||-|
|ic-pkix.jar||PKIX, CMS, EAC, TSP, PKCS,
OCSP, CMP and CRMF APIs
Build your own
Security sensitive people tend to like building stuff on their own, so here's a short description of the necessary steps:
- Create a work directory, called IC_HOME in the following steps, and make it the current directory.
- Download the necessary scripts and helper files and unpack them into the current IC_HOME directory:
IC_HOME$ unzip intellicastle-build-1.56.zip
- Download the full distribution from the Bouncy Castle FTP server, e.g. crypto-156.zip.
- Unpack the downloaded archive and rename the created folder to crypto:
IC_HOME$ unzip crypto-156.zip IC_HOME$ mv crypto-156 crypto
- You should now have the following directory structure:
IC_HOME$ ls -Al total 115483 drwx------ 0 lep lep 0 2015-06-21 08:34:29 bin/ drwx------ 0 lep lep 0 2016-12-10 20:02:26 bouncycastle/ drwx------ 0 lep lep 0 2017-01-25 17:40:00 crypto/ -rw------- 0 lep lep 118219472 2017-01-25 17:31:13 crypto-156.zip drwx------ 0 lep lep 0 2013-08-08 13:40:42 doc/ drwx------ 0 lep lep 0 2016-12-10 20:26:29 intellicastle/ -rw------- 0 lep lep 34493 2017-01-25 18:58:27 intellicastle-build-1.56.zip drwx------ 0 lep lep 0 2015-06-21 08:34:28 maven/ IC_HOME$
- Execute the bouncycastle-to-maven-layout.sh
script to convert the project structure to maven:
- Execute the bouncycastle-to-intellicastle.sh
script to perform the package renaming and other replacements.
This script requires the version which is being built as an argument, e.g. 1.56:
IC_HOME$ bin/bouncycastle-to-intellicastle.sh 1.56
- Apply the necessary patch for the chosen version to disable some of the (broken?) JUnit tests:
IC_HOME$ patch -p1 < bouncycastle/crypto-156.patch
- Compile the libraries with Maven (assuming a version compatible with Maven 3.0.5):
IC_HOME$ mvn clean install
- If all went well, you'll find the built libraries in the maven repository as well as in the
target folder in each of the maven project folders, e.g. IC_HOME/ic-light/target/ic-light-1.56.jar.
IC_HOME$ find -name "*.jar" ./ic-light/target/ic-light-1.56.jar ./ic-mail/target/ic-mail-1.56.jar ./ic-pg/target/ic-pg-1.56.jar ./ic-pkix/target/ic-pkix-1.56.jar ./ic-prov/target/ic-prov-1.56.jar ./ic-test/target/ic-test-1.56.jar IC_HOME$
- An example output of such a build is given in this build log.
Besides of course the original team from Bouncy Castle and Roberto Tyley who came up with the initial idea of creating the Android port called Spongy Castle, these are the people who have contributed to this release: