0

I'm reading here and also http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation and also itext's white paper on digital signature.

here's a sniplet of itext's sample code: 

BouncyCastleProvider provider = new BouncyCastleProvider();
Security.addProvider(provider);
KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());
ks.load(new FileInputStream(path), pass);

Question: What is a security provider and what is it used for? Itext code uses the bouncycastle provider. Is it basically code used to hash the pdf and then later the private key is used to encrypt the hash? And what is the role of the "Security" library above where it says Security.addProvider(provider).

Thanks.

user3769040
  • 235
  • 4
  • 14

1 Answers1

0

A security provider provides algorithm services to the runtime. These are implementations of algorithms, for instance Bouncy Castle adds a lot of algorithm implementations that extend CipherSpi (Spi means service provider implementation). Oracle provides CipherSpi classes as well, but it is limited to certain algorithms. These services are also used to implement e.g. KeyStoreSpi for "pkcs12", to make this more specific to your question.

Besides providing support for extra algorithms, providers can also be used to extend the functionality of the API, provide support for hardware tokens (smart cards, HSM's), specific key stores, faster implementations etc. . Bouncy however is mainly used because it extends the number of algorithms available. Usually you don't specify the provider name when requesting an algorithm, letting the system choose for you. But sometimes the algorithm provides (or provided) some specific advantage to the one in the Oracle providers (e.g. "SunJCE"). It may make sense to explicitly choose the provider as in your example code.

The Security class is a register. It can be used by the system to look and list the services present in the provider, using their names (as string) and aliases. To have an idea how this works, please try my answer here.

Community
  • 1
  • 1
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Thanks Owlstead. What's your definition of a register? Is Security class a class that keeps a list of the services available by the provider? Is Security by Bouncy castle or? – user3769040 Sep 29 '14 at 20:33
  • The security is certainly used to look it up, yes. It's more a register for the providers, which in turn provide the services. I'm not sure when the services are requested from the providers, it's a while since I last created a provider of my own. Actually, I should test if my code signing cert. is still valid :) – Maarten Bodewes Sep 29 '14 at 21:34
  • Is the Security class from BouncyCastle or by the pdf library? I assume your definition of a register is an object that keeps track of info. Thanks. – user3769040 Sep 29 '14 at 21:55
  • Try the code and you'll know where the class was defined. – Maarten Bodewes Sep 29 '14 at 22:44