1
votes

I'm using Bouncy Castle to TLS connection with sending client certificate to server. But I don't know which interface I should use as TlsCredentials, is this should be: TlsSignerCredentials or TlsAgreementCredentials and how to implement this.

For example what is the correct implementation

byte[] GenerateCertificateSignature(byte[] md5andsha1);

in TlsSignerCredentials and when I should use this instead of TlsAgreementCredentials

Could you give me a sample implementation or give any clue, please ?

Thanks in advance!

Artur

1

1 Answers

1
votes

You probably want TlsSignerCredentials, which is used when the key exchange will involve a client signature (basically all of them except DH, ECDH). There is a usable default implementation DefaultTlsSignerCredentials, which you give your certificate and the corresponding private key. It recognises DSA, ECDSA, and RSA credentials.

TlsAgreementCredentials similarly has DefaultTlsAgreementCredentials implementation, but agreement credentials are only used in DH/ECDH key exchanges, which are rarely used.