What is the difference of using BC keys or default?

Question

Both lines of code:

KeyPairGenerator.getInstance("RSA")
KeyPairGenerator.getInstance("RSA", "BC")

works well. So, what's the differecente using BC or not?

Is BC completely compatible with the default RSA used? (using sun JDK 6)

Answer 1

In BouncyCastle FAQ there are some entries related to RSA implementation details.

I personally haven't found anything written about Sun and BC providers being incompatible, and I suggest using Java's native RSA implementation if BouncyCastle dependency could be completely dropped by that. You should add external dependencies only if there is a well-defined benefit from that.

If you are using BC library somewhere else in your project, I guess it doesn't matter which provider to use.

EDIT

J2ME does not include RSA implementation. So if you are planning to port your app to J2ME sometimes, BouncyCastle library is the right way to go now.

Answer 2

From the Javadoc of the first constructor:

Returns a KeyPairGenerator object that generates public/private key pairs for the specified algorithm.

This method traverses the list of registered security Providers, starting with the most preferred Provider. A new KeyPairGenerator object encapsulating the KeyPairGeneratorSpi implementation from the first Provider that supports the specified algorithm is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

The linked Javadoc of Security.getProviders() in turn states the following:

Returns an array containing all the installed providers. The order of the providers in the array is their preference order.

Well, apparently BC is in your case "by coincidence" the first preferred provider. If there is uncertainity around it (i.e. you want to distribute the application and you have no control over enduser's environment) and you would like to let it stick to use BC, then you should prefer using the second constructor.

Answer 3

"BC" returns the BouncyCastle implementation of the crypto algorithm.

If you don't specify the provider it will return the "most prefferred" implementation of the crypto algorithm i.e. the providor at position 1 is the most preffered in the array of providers.