Appendix C Using the Bouncy Castle API for Elliptic Curve
Overview
Prior to JDK 1.5, there was no standard API for doing elliptic curve cryptography available in Java. This meant the cryptography service providers needed to provide their own API if they wanted to provide elliptic curve support.
The Bouncy Castle provider has provided support for elliptic curve since release 1.04. This was done primarily to provide support for X9.62 ECDSA, so if you happen to have a copy of the standard available, you'll see that the API follows its ASN.1 structures fairly closely.
The math support for elliptic curve is provided in the package org.bouncycastle.math.ec, and you can find the classes and interfaces associated with its use in cryptography in the packages org.bouncycastle.jce.spec and org.bouncycastle.jce.interfaces . You will need to use these two packages if you are using JDK 1.4 or earlier. With the advent of JDK 1.5, the two packages were adjusted slightly so that JDK 1.5 API and the Bouncy Castle could exist side by side, and for the most part, you won't need to use the Bouncy Castle package anymore. There is one interface and one class that is still relevant in JDK 1.5 and may still be useful. They are the ECPointEncoder interface and the ECNamedCurveSpec class. You'll look at the interfaces first.
Elliptic Curve Interfaces
The interfaces representing elliptic curve keys are in the package org.bouncycastle.jce.interfaces . Although most of them are no longer relevant when you move to JDK 1.5, the ECPointEncoder interface is still useful if you need to work with other providers that cannot handle points encoded in compressed format.
The ECKey Interface
The ECKey interface has a single method, getParameters() , which returns an ECParameterSpec representing the domain parameters for the elliptic curve the key is associated with.
The ECPrivateKey Interface
The ECPrivateKey interface has a single method, getD() , which returns a BigInteger representing the private value for the elliptic curve private key.
The ECPublicKey Interface
The ECPublicKey interface has a single method, getQ() , which returns the ECPoint representing the public point for the elliptic curve public key.
The ECPointEncoder Interface
All Bouncy Castle elliptic curve keys implement this interface, even after JDK 1.5.
The ECPointEncoder interface has a single method, setPointFormat() , which takes a string representing the style of encoding you want to use when the EC key implementing this interface has its getEncoded() method called.
By default, Bouncy Castle elliptic curve keys encode using point compression. This can cause problems with other providers that do not support it. If you pass UNCOMPRESSED to the setPointFormat() method, points will be encoded uncompressed.
Elliptic Curve Classes
A group of classes for representing key and parameter specifications that can be used with elliptic curve cryptography are also provided in the org.bouncycastle.jce.spec package.
The ECNamedCurveParameterSpec Class
The ECNamedCurveParameterSpec class can be used in any JDK, although it will probably be easier to use its successor the ECNamedCurveSpec when you are using JDK 1.5. ECNamedCurveParameterSpec provides a mechanism for representing a parameter spec for a named curve. You can use this class for creating keys that will encode their parameters as named curves , rather than storing the numbers making up the curve parameter information explicitly. This results in smaller encodings, but it does mean anyone using the certificate will have to know how to re-create the curve parameters from the curve parameter name (usually stored as an OID) that is carried in the certificate with the public key.
The provider supports the following named curves from X9.62:
- q prime192v1
- q prime192v2
- q prime192v3
- q prime239v1
- q prime239v2
- q prime239v3
- q prime256v1
It also supports the following named curves for use with ECGOST3410 (GOST-3410-2001):
- q GostR3410-2001-CryptoPro-A
- q GostR3410-2001-CryptoPro-B
- q GostR3410-2001-CryptoPro-C
- q GostR3410-2001-CryptoPro-XchA
- q GostR3410-2001-CryptoPro-XchB
The ECNamedCurveSpec Class
The ECNamedCurveSpec class exists only in JDK 1.5 or later. It provides a mechanism for representing a parameter spec for a named curve. Like its predecessor, the ECNamedCurveParameterSpec, this class creates keys that will encode their parameters as named curves, rather than storing the curve information explicitly.
The ECParameterSpec Class
The ECParameterSpec class is a simple value object for holding the domain parameters for an elliptic curve. In JDK 1.5, it has been replaced with a class of the same name in the java.security.spec package.
An ECParameterSpec can be constructed using a curve, base point (G), the order (N), the cofactor (H), and the random seed used to generate the curve if it is available and it has a series of get() methods for retrieving these values.
The ECPrivateKeySpec Class
The ECPrivateKeySpec class is a simple value object that holds the parameters required to create an elliptic curve private key. In JDK 1.5, it is replaced with a class of the same name in the package java.security.spec .
An ECPrivateKeySpec can be constructed with a private value and an ECParameterSpec . There are get() methods on the class for retrieving these values.
The ECPublicKeySpec Class
The ECPublicKeySpec class is a simple value object that holds the parameters required to create an elliptic curve public key. In JDK 1.5, it is replaced with a class of the same name in the package java.security.spec .
An ECPublicKeySpec can be constructed with a public point and an ECParameterSpec . There are get() methods on the class for retrieving these values.