rreynaud
commented
7 years ago This issue may be linked with the #197
Closed rreynaud closed 7 years ago
rreynaud
commented
7 years ago This issue may be linked with the #197
peterdettman
commented
7 years ago The intention is that you call exportKeyingMaterial during the notifyHandshakeComplete callback on your TlsClient subclass. Now that I look at it again though, possibly this function could be available on TlsSession (the session keeps a copy of the master secret after handshake completion), if that would be helpful. If neither of those would work for you, please give more details of your use case.
BTW, are you using the old API (org.bouncycastle.crypto.tls package) or the new one (org.bouncycastle.tls)?
rreynaud
commented
7 years ago Thanks a lot, it works perfectly. I think I am using the old API provided by maven artifact
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>Glad that works for you. At some point you will want to transition to the new bctls jar, as new features and API improvements will be focused there (and the old API will eventually be deprecated and withdrawn). For most users of the existing API changes involved should be quite small, although we now include a JSSE wrapper ("BCJSSE") if that's of interest.
The new API is not officially stable yet, but it would be useful to get feedback from users converting to it.
TlsContext.exportKeyingMaterial fails with NullPointerException if method is called after handshake completion (id DTLSTransport retrieved) . This is because SecurityParameters are cleared in a finally block of DTLSClientProtocol.connect and DTLSServerProtocol.accept . MasterSecret is reset to null and can not be used anymore in TlsUtils.PRF for example.
This was working correctly in v1.55 but no more in v1.56 - v1.57 .