Documentation
Open Source Release Policy
Export Compliance
Using BouncyCastle
Installing the API
Enabling Logging
Per-Connection Logging
Third Party Dependencies
Generating SSH Keys
Using BouncyCastle
Using SSH Public Keys in Java
Supporting ED25519/Curve25519
Supporting Compression
Integrating Licensing into Maven Builds
Creating an SSH Client
Public Key Authentication
Keyboard Interactive Authentication
Public Key Authentication with sshagent
Executing Single Commands
Executing Commands within a Shell
Transferring Files
Connecting through Proxies
Display the Authentication Banner
Using the SFTP Client
Port Forwarding
Working Examples
Configuring Listening Interfaces
Configuring Host Keys
Password Authentication
Public Key Authentication
Challenge-Response Authentication
Configuring Port Forwarding
Configuring SFTP
Supporting SCP
Implementing your own File System
Creating an Interactive Terminal
Proxy Protocol Support
Using BouncyCastle with the Synergy API
The Maverick Synergy Java SSH API has in-built support for using the BouncyCastle JCE as the preferred cryptographic provider.
There are several reasons we feel you should be using the BouncyCastle JCE in your applications. Mainly this comes down to the support in BC for larger Diffie Hellman primes when compared against the SunJCE and some other issues around prime multiples that we have seen occurring much too often with the SunJCE.
When you include the maverick-bc or maverick-bcfips module in your application ensure you call the following method before any other calls to the API:
JCEProvider.enableBouncyCastle(true);Code language: JavaScript (javascript)This has the effect of:
- The API checks to see if BC is available, and installs it as a SecurityProvider if it is, and it’s not already registered.
- The EC algorithm name is changed to ECDSA to prevent issues we have seen due to a misalignment of algorithm names between SunJCE and BC.
- Configures the BC JCE as the default for all algorithms within the API.
- Adds the ability to load OpenSSL private keys for use in authentication or as host keys.
If you don’t want BC to be the default for all algorithms then we do at a minimum recommend it being the default for all DH algorithms. If you prefer this option, along with the other fixes and enhancements listed above then call:
JCEProvider.enableBouncyCastle(false);Code language: JavaScript (javascript)