Is the Java – bouncy castle API thread safe?

Is bouncy castle API thread safe? especially,

org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher
org.bouncycastle.crypto.paddings.PKCS7Padding
org.bouncycastle.crypto.engines.AESFastEngine
org.bouncycastle.crypto.modes.CBCBlockCipher

I intend to write a single spring bean in my application for basic cryptography support Because it is a web application, threads that access this component multiple times have a greater chance Therefore, down - to - earth safety is essential

Please let me know if you use bouncy castle

Solution

This is not important if the API / code is thread safe CBC encryption itself is not thread safe

E(X) = Enctrypt message X
D(X) = Dectrypt X. (Note that D(E(X)) = X)
IV = Initialization vector. A random sequence to bootstrap the CBC algorithm
CBC = Cipher block chaining.

A very simple CBC implementation might look like this: P1, P2, P3 = plain text messages

1. Generate an IV,just random bits.
2. Calculate E( P1 xor IV) call this C1
3. Calculate E( P2 xor C1) call this C2
4. Calculate E( P3 xor C2) call this C3.

It can be seen that the results of encrypting P1, P2 and P3 (in order) are different from encrypting P2, P1 and P3 (in order)

Therefore, in the implementation of CBC, sequence is very important Any algorithm that is sequentially important by definition cannot be thread safe

You can make a singleton factory that provides encrypted objects, but you can't believe that they are thread safe