19.3 Bouncy Castle Lightweight API
Bouncy Castle (BC) started out as a community effort to implement a free, clean-room, open source JCE provider. BC developers developed their own lightweight API (BC lightweight crypto API) to be wrapped in BC JCE provider classes. The BC lightweight API can also be used standalone, with minimum dependence on other J2SE classes.The BC (v1.16) J2ME download package contains the implementation of the BC lightweight API as well as two core Java classes not supported in CLDC: java.math.BigInteger and java.security.SecureRandom.
19.3.1 The Power of Open Source
BC's strength comes from its open source development model:When security holes or bugs are found, they are fixed quickly.BC's flexible API design and community development model allow anyone to contribute new algorithm implementations. BC supports a wide range of well-known cryptographic algorithms.The BC community is constantly optimizing existing implementations. For example, BC 1.16 has three AES (Advanced Encryption Standard) implementations that provide a range of compromises between speed and memory usage. From BC 1.11 to 1.16, the BigInteger implementation has improved so much that the time needed for RSA (Rivest-Shamir-Adleman) encryption is only 1/40 of what it used to be.Since BC implements an open source JCE provider, you can look at the BC JCE source code to figure out how to use the lightweight API for various tasks. This provides a powerful learning tool for advanced developers.It is free.
19.3.2 Things to Watch Out For
However, the ad hoc development model also brings some problems:Many BC algorithm implementations come straight from textbooks. There are simply too many algorithms and too few volunteer developers to optimize everything. The lack of optimization results in relatively poor performance, especially for some public key algorithms. As of version 1.16, BC public key performance proves sufficient for only highend phones or PDAs.The BC API design is flexible but quite complex, and beginners find it hard to learn. Some developer-friendly API features are missing. For example, although BC provides full support for ASN.1 (Abstract Syntax Notation.1), it lacks a set of ready-to-use general-key serialization APIs.The community support via mailing list often works well. But there is no guarantee that someone will answer your question, much less in your specified timeframe.
To support so many algorithms, BC has a large footprint. The lightweight API jar file itself is nearly 1 MB. However, most mobile applications use only a small subset of BC algorithms. BC's free license terms allow you to pack and redistribute only the classes required in your application. Some J2ME post-processing tools and IDEs (for example, IBM WebSphere Device Developer) can automatically find class dependence and delete unused files from your jar file. Those tools prove handy when you develop with BC.
BC provides clean-room implementations of two Java core language classes not supported in J2ME/CLDC. However, the Java code security model dictates that an application should not overload classes in Java core language namespaces. So, if you deploy a BC application directly to a device, it might result in a security exception. A workaround is to obfuscate your byte code. The obfuscation process replaces package, class, variable, and method names to make them shorter and less human readable. The obfuscated package names will not collide with Java core package names. |
|
لطفا منتظر باشید ...
