How to use Bouncy Castle Lightweight Cryptographic API in NetBeans for J2ME (midlets) projects

13 comments -

The Bouncy Castle Crypto API for Java provides a lightweight cryptography API that works with everything from the J2ME to the JDK 1.6 platform.

The API provides cryptographic functions for Java JDK 1.1 to 1.6 applications and for J2ME (mobile applications) midlets. The API can be downloaded from the Bouncy Castle latest releases page. A common mistake is to download and use the API for the JDK (bcprov-jdk16–145.jar for example) and not for J2ME. In this scenario the API will require some Java functions that are not available on the J2ME platform. In most cases you will receive a preverify error:

Error preverifying class org.bouncycastle.asn1.ASN1InputStream
java/lang/NoClassDefFoundError: java/io/FilterInputStream

You could avoid this error by using the NetBeans obfuscator and some additional settings like the ones from the end of this post. But, this could take time, and the solution is realy simple.

The API for the J2ME platform is also on the Bouncy Castle latest releases page, in the Sources and Javadoc category. You recognize the zip archive because it has the j2me word in its name –  lcrypto-j2me-145.zip.

In order to use Bouncy Castle Crypto API crypto libraries for J2ME applications you have to add two zip files

  • cldc_classes.zip
  • cldc_crypto.zip

to your project using Project settings -> Libraries and Resources -> Add jar/zip. The 2 zip files are part of lcrypto-j2me-145.zip (available on the Bouncy Castle latest releases page –  last checked on September2010) in the zips folder:

  • lcrypto-j2me-145/zips/cldc_classes.zip
  • lcrypto-j2me-145/zips/cldc_crypto.zip

After that go to Project Properties -> Build -> Obfuscation -> Select High Obfuscation Level (level 9) and add following to Additional Obfuscation Settings.

  • -dontskipnonpubliclibraryclasses
  • -dontskipnonpubliclibraryclassmembers
  • -ignorewarnings
NetBeans Obfuscation Options

NetBeans Obfuscation Options

By obfuscation you also reduce the size of the distribution jar, because classes that are not used are not included in the built.

, , ,


  1. #1 by Neo on October 23rd, 2010

    Thanks!!

    The post is really helpful…

    Question : Do BC provide AES or 3DES cryptography??

    • #2 by catalin.boja on November 2nd, 2010

      Hi Neo,

      Bouncy Castle API provides implementation for AES and 3DES cryptographic algorithms. I will put today two posts with the examples.

  2. #3 by Ajay on November 11th, 2010

    i want to add cldc-crypto.zip files in Blackberry JDE…i’m adding project>properties>add jar but when i run my project its give no such file found ..anybody help me

  3. #4 by Nikorn L on December 25th, 2010

    Thanks for this article. I am using it too. Where can I see the AES j2me programming example.

    Merry Christmas 2010.

  4. #6 by mystery_orange on January 24th, 2011

    This is indeed a working technique however you won’t be able to use a debug like that->You will either get a security exception and an error or you won’t be able to figure out your code throught all the weird names that the obfuscator uses. And as you know you cannot make a program without debuger.

    There is a far simpler and cleaner solution for this:Create your own bouncy castle. Open your Eclipse IDE (I’ve used eclipse for that I’m sure you can do it with NetBeans too thought).

    The whole problem with bouncy castle that make obfuscating neccessary is that is has two packages under tha java name.

    java.security
    Java.math

    Why the did that is a little bit unclear to me (they claim compatibility reasons in their FAQ).So we are going to change these names.

    Create a new JavaME project in eclipse. Right click on the source folder and select Import->File System. Select the folder that contains bouncy’s castle source code(it’s in the src folder of where you unzipped your bouncy caslte). Click import. Now you see all bouncy’s castle packages which contain the .java files. Our two illegal packages should be on the top.

    Right click on java.security and java.math(they contain the SecureRandom.java and the BigInteger.Java). Select Refactor->Rename. Now give your new name of the package. Let’s say javafake.security and javafake.math. The “update references” and update subpackages should be ticked. This will automaticly rename alla the references to your new name. Click OK. It should give you some warnings but ignore them.

    If it gives you an error due encoding CP1253 go to Window->Preferences->General->Workspace and change the default encoding to UTF-8 and repeat. Now you have your own code time to export it to a jar.

    Right clock on the src folder of our package->Export->Jar file and give it a name (e.g mybouncycastle). CLick ok aaaand you are done.

    Now got to your project and simply import your jar.

    Voila : you have your own bouncy castle that doesn’t need any obfuscation or anything. No need to mess with Proguard and security exceptions. On the downside your program is going to be a little bit bigger but at least you would be able to debug. If you find the file to big simply remove whatever packages you don’t use or you can develop your program with debugger and use obfuscator simply for deploying.

    Cheers.

  5. #7 by tomesh jain on February 14th, 2011

    i am still getting an error while using java.security.SecureRandom ..
    a run time error obtained class format Exception

    • #8 by catalin.boja on February 14th, 2011

      Hi,

      Can you put the staments that are generating the run-time exception ?

  6. #9 by henry on September 9th, 2011

    i am trying to use the latest J2ME bouncy castle APIs, but i am getting the error “There is insufficient storage to install this suite”, without the APIs and obfuscation the jar is only 111KB, with the APIs and obfuscation(level 9) it jumps to a massive 1208KB, without even importing a single API. The midlet profile is MIDP 2.0 and configuration 1.0, with NetBeans. Help

(will not be published)