Using BouncyCastle with the Synergy Java SSH Library

The Maverick Synergy Java SSH API has in-built support for using the BouncyCastle JCE as the preferred cryptographic provider. 

You should use the BouncyCastle JCE in your applications for several reasons. Mainly this comes down to the support in BC for larger Diffie Hellman primes when compared against the SunJCE and some other issues around prime multiples that we have seen occurring much too often with the SunJCE.

When you include the maverick-bc or maverick-bcfips module in your application, ensure you call the following method before any other calls to the API:

JCEProvider.enableBouncyCastle(true);

This has the effect of:

  1. The API checks to see if BC is available and installs it as a SecurityProvider if it is and it’s not already registered.
  2. The EC algorithm name is changed to ECDSA to prevent issues we have seen due to a misalignment of algorithm names between SunJCE and BC.
  3. Configures the BC JCE as the default for all algorithms within the API.
  4. Adds the ability to load OpenSSL private keys for authentication or as host keys.

If you don’t want BC to be the default for all algorithms, then we do, at a minimum, recommend it being the default for all DH algorithms. If you prefer this option, along with the other fixes and enhancements listed above, then call:

JCEProvider.enableBouncyCastle(false);