Try out the following exercises and challenge yourself by solving the tasks below, intended to strengthen your knowledge by allowing you to test and solve tasks on your own.

The following exercises complement How to Use the Bouncy Castle Kotlin API and the Training - PKI at the edge with Bouncy Castle (session 3) which introduces useful concepts and provides additional context.

Exercises

  • The PKCS#10 Kotlin example includes adding extensions. Try modifying the script to add an email address to the request using the subject alternative name extension.

  • Try creating a Version 3 certificate in Kotlin which includes the authority key identifier extension, the basic constraints extension, and the subject key identifier extension writing the result to a PEM file. Use the BC ASN1Dump class or OpenSSL to confirm the extensions are present.

  • Set the PBKDF2 PRF in the Kotlin example to SHA-256. The Java example uses SHA3-256, is it currently possible to use that in BC Kotlin?

  • Try writing a method to decrypt a private key in Java. Make sure you are recovering a PrivateKey, not just a PrivateKeyInfo.

    It will probably be fairly easy to work out which method to call but the other class you will need is the JcePKCSPBEInputDecryptorProviderBuilder, for the PrivateKeyInfo to PrivateKey conversion you will need KeyFactory and a PKCS8EncodedKeySpec.

  • The Java keytool has an -importkeystore option. Try using it to convert a PKCS12 or JKS file to a BCFKS one.