Wednesday, February 13, 2008

Avoiding DataLengthException in Bouncy Castle

This exception occurs usually when the output buffer is too small to accomodate the result of an encryption/decryption/has computation, etc. A (possible) way to avoid it is like this:

PaddedBufferedBlockCipher padBufBlockCipher = new PaddedBufferedBlockCipher(new AESEngine());
byte[] key = ......
KeyParameter keyParam = new KeyParameter(key);
padBufBlockCipher.init(true, keyParam);

String l_message = "Himanshu";
byte[] out = new byte[padBufBlockCipher.getOutputSize(l_message.getBytes().length)];

Now the output buffer will be set to a minimum size that can accomodate a block generated while encrypting a block of length l_message.getBytes().length

Another method for reference is BufferedBlockCipher.getUpdateOutputSize(). Refer javadoc for Bouncy Castle.

Thursday, February 7, 2008

Converting Time Object of Bouncy Castle into a Date Object

Platforms: J2ME CLDC 1.1 MIDP 2.1
BouncyCastle LightweightCryptoAPI for J2ME (

The code fragment here is to convert an instance of org.bouncycastle.asn1.x509.Time into a J2ME java.util.Date instance that contains the current time according to the timezone and time specified as per UTC. This code can be used for example, to get a Date instance of TBSCertificateStructure.getStartDate() or getEndDate(). The Date objects can than be used to check if the certificate has not expired.

One requirement would be to get the current timezone of the user somehow. Right now, I have hardcoded it as "-08:30" for PST. For an Indian timezone, it must be "+05:30" and so on.

import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
import org.bouncycastle.asn1.x509.Time;

* @author Himanshu Ranavat
public class BouncyCastleDateUtil {

/** Creates a new instance of BouncyCastleDateUtil */
public BouncyCastleDateUtil() {

public Date convertTime2Date(Time time) {

//get string representation of Time Object. will be usually as per GMT+00:00
String date = time.getTime();

//eg: time = 2008 0207 2300 00 GMT + 00:00
int year = getIntValueForString(date.substring(0, 4)) ;

int month = getIntValueForString(date.substring(4,6));

int day = getIntValueForString(date.substring(6,8));

int hour = getIntValueForString(date.substring(8,10));

int minutes = getIntValueForString(date.substring(10,12));

int seconds = getIntValueForString(date.substring(12,14));

String meanTime = date.substring(14,17);

//check if mean time is UTC or GMT is supported
meanTime = getActualMeanTime(meanTime);

String timeZoneDetails = date.substring(17);
long timeZoneHr = getLongValueForString(timeZoneDetails.substring(1,3)) * 60 * 60 * 1000;
long timeZoneMin = getLongValueForString(timeZoneDetails.substring(4,6)) * 60 * 1000;
//get current time zone offset in milliseconds as +ve or -ve
long timeZoneOffset = 0;

if ( timeZoneDetails.charAt(0) == '-' ) { //adjust time as per GMT
timeZoneOffset = timeZoneHr + timeZoneMin;
} else {
timeZoneOffset = -(timeZoneHr + timeZoneMin);

//set the calendar object with the parameters passed in from Time object
Calendar cal = Calendar.getInstance();


cal.set(Calendar.YEAR, year);

//reduce month by 1 since 0 indicates January
cal.set(Calendar.MONTH, month - 1);

cal.set(Calendar.DAY_OF_MONTH, day);

cal.set(Calendar.HOUR_OF_DAY, hour);

cal.set(Calendar.MINUTE, minutes);

cal.set(Calendar.SECOND, seconds);

//date in Calendar instance is as per GMT or UTC. we need to add the time zone offset
//obtained from the Time object
return new Date(cal.getTime().getTime() + timeZoneOffset);


private int getIntValueForString (String p_value){
return Integer.valueOf(p_value).intValue();

private long getLongValueForString (String p_value){
return Integer.valueOf(p_value).longValue();

private String getActualMeanTime(String p_meanTime){
String[] zones = TimeZone.getAvailableIDs();

for (int i = 0 ; i < defaulttimezone = "GMT">

Sample Output:

Thu Feb 07 23:49:00 UTC 2008 - for a Time instance whose getTime method returns "20080207234900GMT+00:00"
Thu Feb 07 23:49:43 UTC 2008 - Date representation of the same time as in example

The precision is not to the seconds as shown by the sample output but I think it should be sufficient. It servers my purpose and hope it helps you'll too. Please leave me comments or suggestions to improve it.

Saturday, February 2, 2008

KeyTool IUI to generate and manage EC keys and certificates

Came across this neat tool to generate EC/Elliptic Curve keys and certificates (in addition to DSA and RSA Keys). Keys can be stored in a keystore of a JKS/JCEKS format. It is a nice GUI based tool that can even create certificates from entries stored in the key store.

Some quick steps on how to get started with your first EC Key Pair and certificate:

  1. Select View -> Select -> Create -> KeyStore and create a keystore
  2. Select View -> Select -> Create -> KeyStore Entry -> EC Key to create a EC Key
    1. EC Keys can be created with 192, 239 and 256 bits
    2. Signature algorithms are available SHA1withECDSA upto SHA512ECDSA
    3. It supports X500 Certificate v1 and v3
  3. Go to View -> Select Task -> Export -> Certificate -> From Private Key Entry to create your first EC Certificate.

Voila !!!!

KeyTool IUI is available here:

Another link on how to do certain tasks using this tool: