jasongoodwin
commented
8 years ago I investigated this and bouncycastle's providers still hold state so unless I can see a good reason to use it I'll stick with the java libraries.
Closed jasongoodwin closed 8 years ago
jasongoodwin
commented
8 years ago I investigated this and bouncycastle's providers still hold state so unless I can see a good reason to use it I'll stick with the java libraries.
We have to be careful with handling jdk security classes so we end up making a bunch of extra objects to avoid thread safety issues. I think bouncycastle offers threadsafe alternatives - it would be worthwhile to change the signing and verification to use bouncycastle