Unlock Java Encryption: A Hands‑On Guide to Bouncy Castle
This article introduces Java developers to the Bouncy Castle library, detailing how to integrate it via Maven, demonstrating MD5 hashing and AES encryption/decryption code, and highlighting usage considerations and export compliance risks associated with cryptographic algorithms.
1. Introduction
Using cryptographic and digest algorithms in Java is common, but implementing them requires deep knowledge of algorithm rules, bitwise operations, and number‑base conversions. Java provides JCA, JCE, and JSSE, which can be overwhelming, so using a library is advisable.
2. Bouncy Castle
Bouncy Castle is an open‑source JCE provider for Java that offers the most comprehensive set of cryptographic algorithms. Two main Maven artifacts are available:
JDK1.5 version
Lightweight (trimmed) version:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.66</version>
</dependency>Full version:
artifactId=bcprov-ext-jdk15onJDK1.5‑JDK8 version
Lightweight version:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15to18</artifactId>
<version>1.66</version>
</dependency>Full version:
artifactId=bcprov-ext-jdk15to183. Simple Demonstration
The following examples show a commonly used digest algorithm (MD5) and an encryption algorithm (AES).
MD5 digest
/**
* bouncyCastle md5 digest.
*
* @param src the src
* @return the string
*/
public String bouncyCastleMD5(String src) {
// initialize MD5 digest
Digest digest = new MD5Digest();
// bytes to digest
byte[] bytes = src.getBytes(StandardCharsets.UTF_8);
// update
digest.update(bytes, 0, bytes.length);
byte[] md5Bytes = new byte[digest.getDigestSize()];
// finalize
digest.doFinal(md5Bytes, 0);
// hex conversion
return Hex.toHexString(md5Bytes).toUpperCase();
}You can similarly use SHA256, SHA512, etc.
AES encryption
String src = "felord.cn";
// AES key must be at least 128 bits (16 characters)
String password = "ffffffffffffffff";
// Load Bouncy Castle provider
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
// Get AES cipher instance
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding");
// Initialize encryption
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(password.getBytes(StandardCharsets.UTF_8), "AES"));
byte[] bytes = cipher.doFinal(src.getBytes(StandardCharsets.UTF_8));
String encrypt = Hex.toHexString(bytes).toUpperCase();
System.out.println("encrypt = " + encrypt);
// Decryption
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(password.getBytes(StandardCharsets.UTF_8), "AES"));
byte[] decode = Hex.decode(encrypt.getBytes(StandardCharsets.UTF_8));
byte[] decrypt = cipher.doFinal(decode);
System.out.println("decrypt = " + new String(decrypt));This encrypts the string felord.cn and then decrypts it back.
4. Usage Risks
Cryptographic algorithms are often subject to export controls and patents in many countries, including China. Software using them may require compliance checks when exported or used in certain jurisdictions.
Other algorithm demos are available; interested readers can follow the public account and reply with “bouncy” to receive them.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Programmer DD
A tinkering programmer and author of "Spring Cloud Microservices in Action"
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.