-
Notifications
You must be signed in to change notification settings - Fork 17
About Bouncy Castle Kotlin API
The Kotlin API is a Kotlin wrapper that goes on top of either Bouncy Castle or Bouncy Castle FIPS (BC/BCFIPS).
The background to this API is that existing customers requested an easier way for system administrators/non-programmers to work with the BC/BC FIPS APIs for generating keys, certification requests and self-signed certificates. At the time, the alternative appeared to be shell scripts using OpenSSL, which meant having to keep track of two distributions. In a FIPS context, this also meant using a FIPS-certified version of OpenSSL as well. Another problem with shell scripts was the difficulty in enforcing checks, either on algorithms or key usage.
The solution was to build a Kotlin wrapper on top of the BC APIs, as it is small and written at a higher level, it is easy to customize and heavily typed so that algorithms use can be enforced at compile time. And since it is a wrapper, only one FIPS API is required, which in some cases results in a lot less paperwork.
The Kotlin API is easily installed on your system, product or device. For more information, see How to use the Bouncy Castle Kotlin API. In addition, there is also an online training, PKI at the Edge part 3 - Keeping it simple with the Kotlin API.
The current version of the Kotlin API supports
- Key Pair Generation
- Certificate and certification request generation
- Basic certificate extensions
- Output and encryption of private keys
In the online training you get an introduction to these function calls and you will also learn a bit about the use of KeyStores for FIPS and non-FIPS.