Introducing the 2024 PKI & Digital Trust Report     | Download the Report

Keeping It Simple – Private Key Encryption With the Bouncy Castle Kotlin API

Developer Community

The Kotlin API is a Kotlin wrapper that goes on top of either Bouncy Castle or Bouncy Castle FIPS. It enables non-developers to perform basic tasks, such as generating key pairs, certificates, and certificate requests; and encryption of private keys.

The background to this API is that existing customers requested an easier way for system administrators/non-programmers to work with the BC or BC FIPS APIs for generating keys, certification requests and self-signed certificates. At the time, the alternative appeared to be shell scripts using OpenSSL, which meant having to keep track of two distributions. In a FIPS context, this also meant using a FIPS-certified version of OpenSSL as well. Another problem with shell scripts was the difficulty in enforcing checks, either on algorithms or key usage.

The solution was to build a Kotlin wrapper on top of the BC APIs, as it is small and written at a higher level, it is easy to customize and heavily typed so that algorithms use can be enforced at compile time. And since it is a wrapper, only one FIPS API is required, which in some cases results in a lot less paperwork.

If you want to try it out

The Bouncy Castle Kotlin API is easily installed on your system, product or device. For more information, see How to use the Bouncy Castle Kotlin API. In addition, there is also an online training, PKI at the Edge part 3 – Keeping it simple with the Kotlin API.

The current version of the Kotlin API supports

  • Key Pair Generation
  • Certificate and certification request generation
  • Basic certificate extensions
  • Output and encryption of private keys

In the online training you get an introduction to these function calls and you will also learn a bit about the use of KeyStores for FIPS and non-FIPS.