Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions

Computer technology world vulnerability exposure can’t slow down. A design weakness on Bouncy Castle BKS-V1 keystore files found. If you are a java program developer. It is a alert signal. 

The Bouncy Castle APIs consist of the following:

  • A lightweight cryptography API for Java and C#.
  • A provider for the Java Cryptography Extension (JCE) and the Java Cryptography Architecture (JCA).
  • A provider for the Java Secure Socket Extension (JSSE).
  • A clean room implementation of the JCE 1.2.1.
  • A library for reading and writing encoded ASN.1 objects. Lightweight APIs for TLS (RFC 2246, RFC 4346) and DTLS (RFC 6347/ RFC 4347).

Generators for Version 1 and Version 3 X.509 certificates, Version 2 CRLs, and PKCS12 files. Generators for Version 2 X.509 attribute certificates.

Generators/Processors for the following:

  • S/MIME and CMS (PKCS7/RFC 3852)
  • OCSP (RFC 2560) – TSP (RFC 3161 & RFC 5544)
  • CMP and CRMF (RFC 4210 & RFC 4211).
  • OpenPGP (RFC 4880) – Extended Access Control (EAC)
  • Data Validation and Certification Server (DVCS)
  • RFC 3029 – DNS-based Authentication of Named Entities (DANE).
  • RFC 7030 Enrollment over Secure Transport (EST). A signed jar version suitable for JDK 1.4-1.7 and the Sun JCE.

The vulnerability note can be find here:

https://www.kb.cert.org/vuls/id/306792

 

4 thoughts on “Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions”

  1. Some truly nice and utilitarian info on this website , too I think the layout contains excellent features.

  2. Excellent post. I used to be checking constantly this blog and I am inspired! Extremely useful info specifically the final section 🙂 I care for such information much. I used to be seeking this particular info for a long time. Thanks and best of luck. |

  3. Nice post. I was checking continuously this weblog and I’m impressed! Very helpful information specially the remaining section 🙂 I take care of such info a lot. I was looking for this certain information for a very long time. Thank you and best of luck. |

  4. Have you ever considered about adding a little bit more than just your articles? I mean, what you say is important and everything. But think about if you added some great visuals or videos to give your posts more, “pop”! Your content is excellent but with images and clips, this blog could undeniably be one of the very best in its field. Good blog!|

Comments are closed.