This repository was archived by the owner on Aug 30, 2022. It is now read-only.
This repository was archived by the owner on Aug 30, 2022. It is now read-only.
BouncyCastle security concern about BKS-V1 #74
Description
Detail about the security concern: https://www.kb.cert.org/vuls/id/306792/
The issue was fixed but added back to the library because of :
A new KeyStore type, BKS-V1, has been added for people needing to create key stores compatible with earlier versions of Bouncy Castle.
More detail in BouncyCastle release notes (version 2.13.3)
The BKS-V1 keystore is presented as an option in the library and as long as we don't use that keystore then it does not effect us.
EOSIO SDK for Java is utilizing BouncyCastle for cryptography functionality on:
- Parse ASN1 data.
- Parse/write PEM object.
- Encoding/Decoding keys by SECP256K1 and SECP256R1 curves.
- RipeMD160 digestion.