问题
I have determined, after some research, that in order to generate and sign certificates programmatically in java I need the bouncycastle library.
Unfortunately it appears that the library has gone through a major overhaul sometime fairly recently. A great deal of their classes are now deprecated and all of the tutorials and code samples I can find that are simple enough to understand are deprecated along with them.
I am reasonably new to cryptography. Armed with only basic knowledge and fuzzy idea of what I'm actually trying to accomplish, I've fumbled through the out of date tutorials and the assumed-knowledge Bouncycastle documentation, and its been an arduous experience.
Are there any simple to understand, up to date Bouncycastle tutorials, or alternative libraries I should look at? Or should I grit my teeth, ignore the deprecation warnings and hope for the best?
回答1:
It is a little hard to find, but the bouncycastle wiki has some short but sweet documention. In particular this first example at this page entitled A Simple Operator Example should get you started.
Another perfectly fine alternative is to just use version 1.46 of the library, the last version to use the old api.
回答2:
Do you really need to use Bouncycastle directly or can't you use it as a Cryptographic Service Provider? So you do not need to use BCs API. See the JCA Reference Guide. I use for some encryption these lines:
static {
Security.addProvider(new BouncyCastleProvider());
}
public void someMethod() {
KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
Key key = fact.generatePublic(PUB_KEY_SPEC);
// do stuff
}
You might take a closer look at the CertificateFactory.
来源:https://stackoverflow.com/questions/11984610/generating-digital-certificates-using-bouncycastle