public final class BouncyCastleFipsProvider
extends java.security.Provider
If no SecureRandom has been specified using CryptoServicesRegistrar.setSecureRandom() the provider class will generate a FIPS compliant DRBG based on SHA-512. It is also possible to configure the DRBG by passing a string as a constructor argument to the provider via code, or the java.security configuration file.
At the moment the configuration string is limited to setting the DRBG.The configuration string must always start with "C:" and finish with "ENABLE{ALL};". The command for setting the actual DRBG type is DEFRND so a configuration string requesting the use of a SHA1 DRBG would look like:
C:DEFRND[SHA1];ENABLE{All};
Possible values for the DRBG type are "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "SHA512(224)", "SHA512(256)",
"HMACrovRandSHA1", "HMACSHA224", "HMACSHA256", "HMACSHA384", "HMACSHA512", "HMACSHA512(224)", "HMACSHA512(256)", "CTRAES128",
"CTRAES192", CTRAES256", and "CTRDESEDE".
The default DRBG is configured to be prediction resistant. In situations where the amount of entropy is constrained the default DRBG can be configured to use an entropy pool based on a SHA-512 SP 800-90A DRBG. To configure this use:
C:HYBRID;ENABLE{All};
or include the string "HYBRID;" in the previous command string setting the DRBG. After initial seeding the entropy pool will
start a reseeding thread which it will begin polling once 20 samples have been taken since the last seeding and will do a reseed
as soon as new entropy bytes are returned.
Note: if the provider is created by an "approved mode" thread, only FIPS approved algorithms will be available from it.
| Modifier and Type | Field and Description |
|---|---|
static java.lang.String |
PROVIDER_NAME |
| Constructor and Description |
|---|
BouncyCastleFipsProvider()
Base constructor - build a provider with the default configuration.
|
BouncyCastleFipsProvider(java.lang.String config)
Constructor accepting a configuration string.
|
BouncyCastleFipsProvider(java.lang.String config,
java.security.SecureRandom entropySource)
Constructor accepting a config string and a user defined source of entropy to be used for the providers locally
configured DRBG.
|
| Modifier and Type | Method and Description |
|---|---|
java.security.Provider |
configure(java.lang.String configArg) |
int |
getDefaultRandomSecurityStrength()
Return the default random security strength.
|
java.security.SecureRandom |
getDefaultSecureRandom() |
java.security.Provider.Service |
getService(java.lang.String type,
java.lang.String algorithm) |
java.util.Set<java.security.Provider.Service> |
getServices() |
clear, compute, computeIfAbsent, computeIfPresent, elements, entrySet, forEach, get, getInfo, getName, getOrDefault, getProperty, getVersion, keys, keySet, load, merge, put, putAll, putIfAbsent, putService, remove, remove, removeService, replace, replace, replaceAll, toString, valuesgetProperty, list, list, load, loadFromXML, propertyNames, save, setProperty, store, store, storeToXML, storeToXML, stringPropertyNamespublic static final java.lang.String PROVIDER_NAME
public BouncyCastleFipsProvider()
public BouncyCastleFipsProvider(java.lang.String config)
config - the config string.public BouncyCastleFipsProvider(java.lang.String config,
java.security.SecureRandom entropySource)
config - the config string.entropySource - a SecureRandom which can act as an entropy source.public java.security.Provider configure(java.lang.String configArg)
public java.security.SecureRandom getDefaultSecureRandom()
public int getDefaultRandomSecurityStrength()
public final java.security.Provider.Service getService(java.lang.String type,
java.lang.String algorithm)
getService in class java.security.Providerpublic final java.util.Set<java.security.Provider.Service> getServices()
getServices in class java.security.Provider