Conscrypt examples and documentation

2,067 views
Skip to first unread message

lolivier...@gmail.com

unread,
Aug 17, 2018, 5:47:39 AM8/17/18
to conscrypt
I have some difficulties to find documentation and examples about conscrypt usage. I'm using it on Android. 

For example, I'm wondering how to create a KeyPair from a PEM file. I know how to do it with Bouncy Castle but I don't find code samples for Conscrypt. 
Can you please point me some reading?

Thanks

Adam Vartanian

unread,
Aug 17, 2018, 6:35:45 AM8/17/18
to Olivier L, conscrypt
Conscrypt is a JCA security provider, so for the most part you just use the standard JCA APIs.  For your specific example, see https://stackoverflow.com/questions/11787571/how-to-read-pem-file-to-get-private-and-public-key.

- Adam

--
You received this message because you are subscribed to the Google Groups "conscrypt" group.
To unsubscribe from this group and stop receiving emails from it, send an email to conscrypt+unsubscribe@googlegroups.com.
To post to this group, send email to cons...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/conscrypt/5b4ca855-ed76-4ca6-bab9-3c69f44781df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

lolivier...@gmail.com

unread,
Aug 17, 2018, 7:45:23 AM8/17/18
to conscrypt
Ok, thanks Adam


Le vendredi 17 août 2018 12:35:45 UTC+2, Adam Vartanian a écrit :
Conscrypt is a JCA security provider, so for the most part you just use the standard JCA APIs.  For your specific example, see https://stackoverflow.com/questions/11787571/how-to-read-pem-file-to-get-private-and-public-key.

- Adam
On Fri, Aug 17, 2018 at 10:47 AM, <lolivier...@gmail.com> wrote:
I have some difficulties to find documentation and examples about conscrypt usage. I'm using it on Android. 

For example, I'm wondering how to create a KeyPair from a PEM file. I know how to do it with Bouncy Castle but I don't find code samples for Conscrypt. 
Can you please point me some reading?

Thanks

--
You received this message because you are subscribed to the Google Groups "conscrypt" group.
To unsubscribe from this group and stop receiving emails from it, send an email to conscrypt+...@googlegroups.com.

lolivier...@gmail.com

unread,
Aug 17, 2018, 10:27:27 AM8/17/18
to conscrypt
There is something not clear to me:

At the beginning of my class, I have added this static loading of Conscrypt:

    static {
        try {
            Security.insertProviderAt(Conscrypt.newProvider(), 1);

        } catch (NoClassDefFoundError e) {
            e.printStackTrace();
        }
    }

Later on, when I call a getInstance() function, shall I specify a provider? 
With Bouncy Castle I did: 
KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", "BC");

I'm wondering what I shall do for Conscrypt.


Here is the code that I have used:
            ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("secp256k1");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");

            keyPairGenerator.initialize(ecGenSpec);
            KeyPair keyPair = keyPairGenerator.generateKeyPair();

It fails in keyPairGenerator.initialize() with the error "java.security.InvalidAlgorithmParameterException: unknown curve name: secp256k1" so I'm wondering if it has really reached Conscrypt.


Thanks

Adam Vartanian

unread,
Aug 17, 2018, 10:52:44 AM8/17/18
to Olivier L, conscrypt

            Security.insertProviderAt(Conscrypt.newProvider(), 1);

If you insert the provider in the first position (as you've done here), then it will be used as the preferred provider for anything that it supports, so you don't need to specify a provider in your getInstance() calls.

It fails in keyPairGenerator.initialize() with the error "java.security.InvalidAlgorithmParameterException: unknown curve name: secp256k1" so I'm wondering if it has really reached Conscrypt.

Yep, you've got Conscrypt there, we just don't support secp256k1.  If you need support for that curve, you're going to have to use another library.

- Adam

lolivier...@gmail.com

unread,
Aug 17, 2018, 11:00:27 AM8/17/18
to conscrypt
Thanks Adam. That was my expectation for the position but I wasn't sure.

Concerning secp256k1, can I define it manually, for example as done here: https://github.com/google/conscrypt/blob/master/openjdk-integ-tests/src/test/java/org/conscrypt/java/security/SignatureTest.java (Line 3062) ?

Adam Vartanian

unread,
Aug 17, 2018, 11:04:44 AM8/17/18
to Olivier L, conscrypt
That should work fine, yep.

- Adam

--
You received this message because you are subscribed to the Google Groups "conscrypt" group.
To unsubscribe from this group and stop receiving emails from it, send an email to conscrypt+unsubscribe@googlegroups.com.

To post to this group, send email to cons...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/conscrypt/1a9fbb97-2b6c-48e2-a2f1-cf5c69580027%40googlegroups.com.

lolivier...@gmail.com

unread,
Aug 20, 2018, 3:36:55 AM8/20/18
to conscrypt
Adam,
Do you know where I can get the list of EC Curves supported by Conscrypt?
Thanks




Le vendredi 17 août 2018 17:04:44 UTC+2, Adam Vartanian a écrit :
That should work fine, yep.

- Adam
On Fri, Aug 17, 2018 at 4:00 PM, <lolivier...@gmail.com> wrote:
Thanks Adam. That was my expectation for the position but I wasn't sure.

Concerning secp256k1, can I define it manually, for example as done here: https://github.com/google/conscrypt/blob/master/openjdk-integ-tests/src/test/java/org/conscrypt/java/security/SignatureTest.java (Line 3062) ?





Le vendredi 17 août 2018 16:52:44 UTC+2, Adam Vartanian a écrit :

            Security.insertProviderAt(Conscrypt.newProvider(), 1);

If you insert the provider in the first position (as you've done here), then it will be used as the preferred provider for anything that it supports, so you don't need to specify a provider in your getInstance() calls.

It fails in keyPairGenerator.initialize() with the error "java.security.InvalidAlgorithmParameterException: unknown curve name: secp256k1" so I'm wondering if it has really reached Conscrypt.

Yep, you've got Conscrypt there, we just don't support secp256k1.  If you need support for that curve, you're going to have to use another library.

- Adam

--
You received this message because you are subscribed to the Google Groups "conscrypt" group.
To unsubscribe from this group and stop receiving emails from it, send an email to conscrypt+...@googlegroups.com.

To post to this group, send email to cons...@googlegroups.com.

Adam Vartanian

unread,
Aug 28, 2018, 5:32:10 AM8/28/18
to Olivier L, conscrypt

To unsubscribe from this group and stop receiving emails from it, send an email to conscrypt+unsubscribe@googlegroups.com.

To post to this group, send email to cons...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/conscrypt/2183362f-6723-4df9-9b97-91f8ce61299c%40googlegroups.com.

lolivier...@gmail.com

unread,
Aug 29, 2018, 6:11:31 AM8/29/18
to conscrypt
Thanks Adam
Reply all
Reply to author
Forward
0 new messages