{"id":17084799,"url":"https://github.com/karasiq/cryptoutils","last_synced_at":"2025-10-10T20:36:30.505Z","repository":{"id":55998795,"uuid":"42241378","full_name":"Karasiq/cryptoutils","owner":"Karasiq","description":"Scala wrappers for JCA/BouncyCastle","archived":false,"fork":false,"pushed_at":"2020-12-02T04:58:37.000Z","size":88,"stargazers_count":6,"open_issues_count":4,"forks_count":7,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-10T20:36:29.227Z","etag":null,"topics":["bouncy-castle","certificates","jca","scala-wrappers","tls"],"latest_commit_sha":null,"homepage":null,"language":"Scala","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Karasiq.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-09-10T11:48:11.000Z","updated_at":"2019-09-19T08:28:38.000Z","dependencies_parsed_at":"2022-08-15T11:10:11.216Z","dependency_job_id":null,"html_url":"https://github.com/Karasiq/cryptoutils","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/Karasiq/cryptoutils","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Karasiq%2Fcryptoutils","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Karasiq%2Fcryptoutils/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Karasiq%2Fcryptoutils/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Karasiq%2Fcryptoutils/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Karasiq","download_url":"https://codeload.github.com/Karasiq/cryptoutils/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Karasiq%2Fcryptoutils/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279005273,"owners_count":26083863,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bouncy-castle","certificates","jca","scala-wrappers","tls"],"created_at":"2024-10-14T13:09:41.541Z","updated_at":"2025-10-10T20:36:30.475Z","avatar_url":"https://github.com/Karasiq.png","language":"Scala","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cryptoutils [![Build Status](https://travis-ci.org/Karasiq/cryptoutils.svg?branch=master)](https://travis-ci.org/Karasiq/cryptoutils) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.github.karasiq/cryptoutils_2.12/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.github.karasiq/cryptoutils_2.12)\nScala wrappers for JCA/BouncyCastle classes\n\n# How to use\nAdd to `build.sbt`:\n```scala\nlibraryDependencies ++= Seq(\n  \"org.bouncycastle\" % \"bcprov-jdk15on\" % \"1.58\",\n  \"org.bouncycastle\" % \"bcpkix-jdk15on\" % \"1.58\",\n  \"com.github.karasiq\" %% \"cryptoutils\" % \"1.4.3\"\n)\n```\n\n# Managing key pairs and certificates\n## Generating X.509 certificate\n```scala\nval keyGenerator = CertificateGenerator()\n\n// Self-signed CA certificate\nval caSubject = X509Utils.subject(\"Example Root CA\", \"US\", \"California\", \"San Francisco\", \"Example\", \"Example Root CA\", \"ca@example.com\")\nval ca: TLS.CertificateKey = keyGenerator.generate(caSubject, \"RSA\", 2048, extensions = CertExtension.certificationAuthorityExtensions()) \nprintln(s\"Self-signed: ${ca.certificate.getSubject}\")\n\n// CA-signed certificate\nval subject = X509Utils.subject(\"Example Subject\", \"US\", \"California\", \"San Francisco\", \"Example\", \"Example\", \"example@example.com\")\nval cert: TLS.CertificateKey = keyGenerator.generate(subject, \"RSA\", 2048, Some(ca), BigInt(1))\nprintln(s\"CA signed: ${cert.certificate.getSubject}\")\n```\n\n## X.509 certification request\n```scala\nval keyGenerator = CertificateGenerator()\n\nval subject = X509Utils.subject(\"Example Subject\", \"US\", \"California\", \"San Francisco\", \"Example\", \"Example\", \"example@example.com\")\nval keyPair: java.security.KeyPair = ??? // Generate/load key pair\n\n// Creating request\nval request = keyGenerator.createRequest(keyPair, subject)\n\n// Signing request\nval ca: TLS.CertificateKey = ... // Certification authority certificate and private key\nval cert: TLS.CertificateChain = keyGenerator.signRequest(request, ca) // Resulting certificate chain\n```\n\n## Verifying X.509 certificate\n```scala\nval verifier = CertificateVerifier(CertificateStatusProvider.CRL, ca.certificate) // Or from java trust store: CertificateVerifier.fromTrustStore(TrustStore.fromFile(\"example-trust.jks\"), CertificateStatusProvider.CRL)\nif (verifier.isChainValid(cert.certificateChain)) {\n  println(s\"Verified: ${cert.getSubject}\")\n}\n```\n\n## Using PEM files\n```scala\nval certificationAuthority = PEM.certificate.fromFile(\"ca.crt\")\nval myCertificate = PEM.certificate.fromFile(\"mycert.crt\")\nval keyPair = PEM.keyPair.fromFile(\"mykey.key\")\n\nval certKey = TLS.CertificateKey(new TLS.CertificateChain(Array(myCertificate, certificationAuthority)), keyPair)\n```\n\n## Using Java Key Store\n```scala\n// Open key store\nval keyStore = TLSKeyStore.open(\"example.jks\", \"123456\")\n\n// Reading key\nval (key, chain) = (keyStore.getKey(\"example\"), keyStore.getCertificateChain(\"example\"))\n\n// Reading key set\nval keySet: TLS.KeySet = keyStore.getKeySet(\"example\")\n\n// Adding new key\nval newKey: TLS.CertificateKey = ??? // Generate key and certificate (see above)\nkeyStore.putKey(\"example-new\", newKey)\n\n// Saving to file\nkeyStore.saveAs(\"example.jks\")\n```\n\n# Using TLS (transport layer security)\n## TLS client\n```scala\nval verifier: CertificateVerifier = ??? // Certificate verifier\nval clientKeySet: TLS.KeySet = ??? // Client authorization\nval address = new InetSocketAddress(\"example.com\", 443) // Server address\n\n// Opening connection:\nval clientWrapper = new TLSClientWrapper(verifier, address, clientKeySet)\nval socket = clientWrapper(SocketChannel.open(address))\n// ... Do read/write, etc ...\nsocket.close()\n```\n\n## TLS server\n```scala              \nval verifier: CertificateVerifier = ... // Client certificate verifier\nval serverKeySet: TLS.KeySet = keyStore.getKeySet(\"example-server\") // Server certificate is required\n\n// Accepting connection\nval serverWrapper = new TLSServerWrapper(serverKeySet, clientAuth = true, verifier)\nval serverSocket = ServerSocketChannel.open()\nserverSocket.bind(new InetSocketAddress(\"0.0.0.0\", 443))\n\nval socket = serverWrapper(serverSocket.accept())\n// ... Do read/write, etc ...\nsocket.close()\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkarasiq%2Fcryptoutils","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkarasiq%2Fcryptoutils","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkarasiq%2Fcryptoutils/lists"}