Java Crypto Libraries

Java Crypto Libraries

...

Cryptography in Java

  • JCA, Bouncy Castle and Web3j:Hashes, ECC and ECDSA

JCA, Bouncy Castle and Web3j

  • Cryptography in Java is based on the Java Cryptography Architecture (JCA)

    • Typical Java style: lot of boilerplate code

  • Bouncy Castle is the leading Java cryptography library

  • Web3j – a simplified library for Ethereum and secp256k1

ECDSA in Java: Install the Crypto Libraries

  • This Maven dependency will install the following libraries:

    • org.web3j.crypto– Ethereum style secp256k1 EC cryptography

    • org.bouncycastle– BouncyCastle crypto provider for Java

<dependency>
<groupId>org.web3j</groupId>
<artifactId>crypto</artifactId>
<version>3.3.1</version>
</dependency>

ECDSA in Java: Initialize the Application

import org.bouncycastle.util.encoders.Hex;
import org.web3j.crypto.*;
import java.math.BigInteger;

ECDSA in Java: Generate / Load Keys

// Generate random private key
// BigInteger privKey = Keys.createEcKeyPair().getPrivateKey();
BigInteger privKey = new BigInteger(
"97ddae0f3a25b92268175400149d65d6887b9cefaf28ea2c078e05cdc15a3c0a", 16);
BigInteger pubKey = Sign.publicKeyFromPrivate(privKey);
ECKeyPair keyPair = new ECKeyPair(privKey, pubKey);
System.out.println("Private key: " + privKey.toString(16));
System.out.println("Public key: " + pubKey.toString(16));
System.out.println("Public key (compressed): " +
compressPubKey(pubKey));

ECDSA in Java: Sign Message

String msg = "Message for signing";
byte[] msgHash = Hash.sha3(msg.getBytes());
Sign.SignatureData signature =
Sign.signMessage(msgHash, keyPair, false);
System.out.println("Msg: " + msg);
System.out.println("Msg hash: " + Hex.toHexString(msgHash));
System.out.printf(
"Signature: [v = %d, r = %s, s = %s]\n",
signature.getV() - 27,
Hex.toHexString(signature.getR()),
Hex.toHexString(signature.getS()));

ECDSA in Java: Verify Signature

BigInteger pubKeyRecovered =
Sign.signedMessageToKey(msg.getBytes(), signature);
System.out.println("Recovered public key: " +
pubKeyRecovered.toString(16));
boolean validSig = pubKey.equals(pubKeyRecovered);
System.out.println("Signature valid? " + validSig);