Reconcile with gingerbread-release gingerbread-mr4-release honeycomb-LTE-release

Change-Id: I320527540fdce2e199519850517b765fee6724e5
diff --git a/Android.mk b/Android.mk
index d67dd89..9d162fb 100644
--- a/Android.mk
+++ b/Android.mk
@@ -24,6 +24,7 @@
 LOCAL_JAVACFLAGS := -encoding UTF-8
 LOCAL_JAVA_LIBRARIES := core
 LOCAL_NO_STANDARD_LIBRARIES := true
+LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
 include $(BUILD_JAVA_LIBRARY)
 
 # This is used to generate a list of what is unused so it can be removed when bouncycastle is updated.
@@ -76,5 +77,6 @@
     LOCAL_NO_STANDARD_LIBRARIES := true
     LOCAL_BUILD_HOST_DEX := true
     LOCAL_MODULE_TAGS := optional
+    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
     include $(BUILD_HOST_JAVA_LIBRARY)
 endif
diff --git a/NOTICE b/NOTICE
index 9c07f83..d2e4437 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,22 +1,16 @@
-<html>
-<body bgcolor=#ffffff>
+Copyright (c) 2000-2010 The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
 
-Copyright (c) 2000-2009 The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
-<p>
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software 
-and associated documentation files (the "Software"), to deal in the Software without restriction, 
-including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
 and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
 subject to the following conditions:
-<p>
+
 The above copyright notice and this permission notice shall be included in all copies or substantial
 portions of the Software.
-<p>
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
-INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
-PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
-</body>
-</html>
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.android b/README.android
index 4e041ed..fe40d40 100644
--- a/README.android
+++ b/README.android
@@ -12,13 +12,14 @@
 
 1) Retrieve the appropriate version of the Bouncy Castle source from
    www.bouncycastle.org/latest_releases.html (in bcprov-jdk*-*.tar.gz
-   file). Check the checksum (found at bouncycastle.org/checksums.html) with:
+   file). Check the checksum (found at http://bouncycastle.org/checksums.html) with:
 
      md5sum bcprov-jdk*-*.tar.gz
      sha1sum bcprov-jdk*-*.tar.gz
 
 2) Update the variables in bouncycastle.config and bouncycastle.version as appropriate.
    At the very least you will need to update the bouncycastle.version.
+   Similarly update ThirdPartyProject.prop.
 
 3) Run:
 
diff --git a/ThirdPartyProject.prop b/ThirdPartyProject.prop
index 38a8176..fc91c28 100644
--- a/ThirdPartyProject.prop
+++ b/ThirdPartyProject.prop
@@ -1,7 +1,7 @@
 # Copyright 2010 Google Inc. All Rights Reserved.
 #Fri Jul 16 10:03:08 PDT 2010
-currentVersion=bcprov-jdk16-145
-version=bcprov-jdk16-145
+currentVersion=bcprov-jdk16-146
+version=bcprov-jdk16-146
 isNative=false
 feedurl=http\://www.bouncycastle.org/releasenotes.html
 name=bouncy_castle
diff --git a/bouncycastle.config b/bouncycastle.config
index 42ca610..bcc47ee 100644
--- a/bouncycastle.config
+++ b/bouncycastle.config
@@ -13,14 +13,13 @@
 org/bouncycastle/asn1/mozilla \
 org/bouncycastle/asn1/ntt \
 org/bouncycastle/asn1/ocsp \
-org/bouncycastle/asn1/sec \
 org/bouncycastle/asn1/smime \
 org/bouncycastle/asn1/test \
 org/bouncycastle/asn1/tsp \
-org/bouncycastle/asn1/x500 \
 org/bouncycastle/asn1/x509/qualified \
 org/bouncycastle/asn1/x509/sigi \
 org/bouncycastle/bcpg \
+org/bouncycastle/cert \
 org/bouncycastle/cms \
 org/bouncycastle/crypto/agreement/kdf \
 org/bouncycastle/crypto/agreement/srp \
@@ -30,15 +29,14 @@
 org/bouncycastle/crypto/tls/ \
 org/bouncycastle/i18n/ \
 org/bouncycastle/jce/examples \
-org/bouncycastle/jce/provider/asymmetric/ \
 org/bouncycastle/jce/provider/test \
 org/bouncycastle/mail \
-org/bouncycastle/math \
 org/bouncycastle/mozilla \
 org/bouncycastle/ocsp \
 org/bouncycastle/openpgp \
 org/bouncycastle/openssl/test \
-org/bouncycastle/sasn1 \
+org/bouncycastle/operator \
+org/bouncycastle/pkcs \
 org/bouncycastle/tsp \
 org/bouncycastle/util/encoders/test \
 org/bouncycastle/util/test \
@@ -49,6 +47,7 @@
 # files
 UNNEEDED_SOURCES+=" \
 org/bouncycastle/LICENSE.java \
+org/bouncycastle/asn1/ASN1Boolean.java \
 org/bouncycastle/asn1/ASN1Generator.java \
 org/bouncycastle/asn1/BERGenerator.java \
 org/bouncycastle/asn1/BERNull.java \
@@ -58,11 +57,13 @@
 org/bouncycastle/asn1/DERSequenceGenerator.java \
 org/bouncycastle/asn1/cms/Attribute.java \
 org/bouncycastle/asn1/cms/AttributeTable.java \
+org/bouncycastle/asn1/cms/Attributes.java \
 org/bouncycastle/asn1/cms/AuthEnvelopedData.java \
 org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.java \
 org/bouncycastle/asn1/cms/AuthenticatedData.java \
 org/bouncycastle/asn1/cms/AuthenticatedDataParser.java \
 org/bouncycastle/asn1/cms/CMSAttributes.java \
+org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java \
 org/bouncycastle/asn1/cms/CompressedData.java \
 org/bouncycastle/asn1/cms/CompressedDataParser.java \
 org/bouncycastle/asn1/cms/ContentInfoParser.java \
@@ -71,12 +72,14 @@
 org/bouncycastle/asn1/cms/EncryptedData.java \
 org/bouncycastle/asn1/cms/EnvelopedData.java \
 org/bouncycastle/asn1/cms/EnvelopedDataParser.java \
+org/bouncycastle/asn1/cms/Evidence.java \
 org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java \
 org/bouncycastle/asn1/cms/KEKIdentifier.java \
 org/bouncycastle/asn1/cms/KEKRecipientInfo.java \
 org/bouncycastle/asn1/cms/KeyAgreeRecipientIdentifier.java \
 org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.java \
 org/bouncycastle/asn1/cms/KeyTransRecipientInfo.java \
+org/bouncycastle/asn1/cms/MetaData.java \
 org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java \
 org/bouncycastle/asn1/cms/OriginatorInfo.java \
 org/bouncycastle/asn1/cms/OriginatorPublicKey.java \
@@ -92,6 +95,10 @@
 org/bouncycastle/asn1/cms/SignerIdentifier.java \
 org/bouncycastle/asn1/cms/SignerInfo.java \
 org/bouncycastle/asn1/cms/Time.java \
+org/bouncycastle/asn1/cms/TimeStampAndCRL.java \
+org/bouncycastle/asn1/cms/TimeStampTokenEvidence.java \
+org/bouncycastle/asn1/cms/TimeStampedData.java \
+org/bouncycastle/asn1/cms/TimeStampedDataParser.java \
 org/bouncycastle/asn1/cms/package.html \
 org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.java \
 org/bouncycastle/asn1/cryptopro/ECGOST3410ParamSetParameters.java \
@@ -114,7 +121,6 @@
 org/bouncycastle/asn1/misc/CAST5CBCParameters.java \
 org/bouncycastle/asn1/misc/IDEACBCPar.java \
 org/bouncycastle/asn1/misc/package.html \
-org/bouncycastle/asn1/nist/NISTNamedCurves.java \
 org/bouncycastle/asn1/nist/package.html \
 org/bouncycastle/asn1/oiw/ElGamalParameter.java \
 org/bouncycastle/asn1/oiw/package.html \
@@ -123,6 +129,7 @@
 org/bouncycastle/asn1/pkcs/RC2CBCParameter.java \
 org/bouncycastle/asn1/pkcs/SignerInfo.java \
 org/bouncycastle/asn1/pkcs/package.html \
+org/bouncycastle/asn1/sec/package.html \
 org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java \
 org/bouncycastle/asn1/teletrust/package.html \
 org/bouncycastle/asn1/util/DERDump.java \
@@ -152,20 +159,10 @@
 org/bouncycastle/asn1/x509/package.html \
 org/bouncycastle/asn1/x9/KeySpecificInfo.java \
 org/bouncycastle/asn1/x9/OtherInfo.java \
-org/bouncycastle/asn1/x9/X962NamedCurves.java \
-org/bouncycastle/asn1/x9/X962Parameters.java \
-org/bouncycastle/asn1/x9/X9Curve.java \
-org/bouncycastle/asn1/x9/X9ECParameters.java \
-org/bouncycastle/asn1/x9/X9ECParametersHolder.java \
-org/bouncycastle/asn1/x9/X9ECPoint.java \
-org/bouncycastle/asn1/x9/X9FieldElement.java \
-org/bouncycastle/asn1/x9/X9FieldID.java \
-org/bouncycastle/asn1/x9/X9IntegerConverter.java \
 org/bouncycastle/asn1/x9/package.html \
 org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java \
 org/bouncycastle/crypto/MaxBytesExceededException.java \
 org/bouncycastle/crypto/agreement/DHAgreement.java \
-org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java \
 org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java \
 org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java \
 org/bouncycastle/crypto/agreement/package.html \
@@ -220,7 +217,6 @@
 org/bouncycastle/crypto/engines/package.html \
 org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java \
 org/bouncycastle/crypto/generators/DHKeyPairGenerator.java \
-org/bouncycastle/crypto/generators/ECKeyPairGenerator.java \
 org/bouncycastle/crypto/generators/ElGamalKeyPairGenerator.java \
 org/bouncycastle/crypto/generators/ElGamalParametersGenerator.java \
 org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java \
@@ -236,25 +232,25 @@
 org/bouncycastle/crypto/io/package.html \
 org/bouncycastle/crypto/macs/BlockCipherMac.java \
 org/bouncycastle/crypto/macs/CFBBlockCipherMac.java \
+org/bouncycastle/crypto/macs/CMac.java \
 org/bouncycastle/crypto/macs/GOST28147Mac.java \
 org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java \
 org/bouncycastle/crypto/macs/OldHMac.java \
 org/bouncycastle/crypto/macs/VMPCMac.java \
 org/bouncycastle/crypto/macs/package.html \
+org/bouncycastle/crypto/modes/EAXBlockCipher.java \
 org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java \
 org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java \
 org/bouncycastle/crypto/modes/PaddedBlockCipher.java \
+org/bouncycastle/crypto/modes/gcm/BasicGCMExponentiator.java \
 org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java \
+org/bouncycastle/crypto/modes/gcm/GCMExponentiator.java \
+org/bouncycastle/crypto/modes/gcm/Tables1kGCMExponentiator.java \
 org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java \
 org/bouncycastle/crypto/modes/package.html \
 org/bouncycastle/crypto/package.html \
 org/bouncycastle/crypto/paddings/package.html \
 org/bouncycastle/crypto/params/CCMParameters.java \
-org/bouncycastle/crypto/params/ECDomainParameters.java \
-org/bouncycastle/crypto/params/ECKeyGenerationParameters.java \
-org/bouncycastle/crypto/params/ECKeyParameters.java \
-org/bouncycastle/crypto/params/ECPrivateKeyParameters.java \
-org/bouncycastle/crypto/params/ECPublicKeyParameters.java \
 org/bouncycastle/crypto/params/ElGamalKeyGenerationParameters.java \
 org/bouncycastle/crypto/params/ElGamalKeyParameters.java \
 org/bouncycastle/crypto/params/ElGamalParameters.java \
@@ -282,7 +278,6 @@
 org/bouncycastle/crypto/params/RSABlindingParameters.java \
 org/bouncycastle/crypto/params/package.html \
 org/bouncycastle/crypto/signers/DSADigestSigner.java \
-org/bouncycastle/crypto/signers/ECDSASigner.java \
 org/bouncycastle/crypto/signers/ECGOST3410Signer.java \
 org/bouncycastle/crypto/signers/ECNRSigner.java \
 org/bouncycastle/crypto/signers/GOST3410Signer.java \
@@ -294,21 +289,13 @@
 org/bouncycastle/crypto/util/package.html \
 org/bouncycastle/jce/ECGOST3410NamedCurveTable.java \
 org/bouncycastle/jce/ECKeyUtil.java \
-org/bouncycastle/jce/ECNamedCurveTable.java \
 org/bouncycastle/jce/ECPointUtil.java \
 org/bouncycastle/jce/MultiCertStoreParameters.java \
-org/bouncycastle/jce/PKCS7SignedData.java \
+org/bouncycastle/jce/PKCS12Util.java \
 org/bouncycastle/jce/X509KeyUsage.java \
 org/bouncycastle/jce/X509LDAPCertStoreParameters.java \
-org/bouncycastle/jce/X509V1CertificateGenerator.java \
-org/bouncycastle/jce/X509V2CRLGenerator.java \
-org/bouncycastle/jce/X509V3CertificateGenerator.java \
 org/bouncycastle/jce/exception/ExtCertificateEncodingException.java \
 org/bouncycastle/jce/exception/ExtIOException.java \
-org/bouncycastle/jce/interfaces/ECKey.java \
-org/bouncycastle/jce/interfaces/ECPointEncoder.java \
-org/bouncycastle/jce/interfaces/ECPrivateKey.java \
-org/bouncycastle/jce/interfaces/ECPublicKey.java \
 org/bouncycastle/jce/interfaces/ElGamalKey.java \
 org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java \
 org/bouncycastle/jce/interfaces/ElGamalPublicKey.java \
@@ -324,12 +311,8 @@
 org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java \
 org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java \
 org/bouncycastle/jce/provider/BrokenPBE.java \
-org/bouncycastle/jce/provider/DSABase.java \
-org/bouncycastle/jce/provider/DSAEncoder.java \
 org/bouncycastle/jce/provider/ElGamalUtil.java \
 org/bouncycastle/jce/provider/GOST3410Util.java \
-org/bouncycastle/jce/provider/JCEECPrivateKey.java \
-org/bouncycastle/jce/provider/JCEECPublicKey.java \
 org/bouncycastle/jce/provider/JCEElGamalCipher.java \
 org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java \
 org/bouncycastle/jce/provider/JCEElGamalPublicKey.java \
@@ -358,25 +341,26 @@
 org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java \
 org/bouncycastle/jce/provider/X509StoreLDAPCerts.java \
 org/bouncycastle/jce/provider/symmetric/CAST5.java \
-org/bouncycastle/jce/provider/symmetric/CAST5Mappings.java \
+org/bouncycastle/jce/provider/symmetric/CAST6.java \
 org/bouncycastle/jce/provider/symmetric/Camellia.java \
-org/bouncycastle/jce/provider/symmetric/CamelliaMappings.java \
 org/bouncycastle/jce/provider/symmetric/Grain128.java \
-org/bouncycastle/jce/provider/symmetric/Grain128Mappings.java \
 org/bouncycastle/jce/provider/symmetric/Grainv1.java \
-org/bouncycastle/jce/provider/symmetric/Grainv1Mappings.java \
+org/bouncycastle/jce/provider/symmetric/HC128.java \
+org/bouncycastle/jce/provider/symmetric/HC256.java \
 org/bouncycastle/jce/provider/symmetric/IDEA.java \
-org/bouncycastle/jce/provider/symmetric/IDEAMappings.java \
 org/bouncycastle/jce/provider/symmetric/Noekeon.java \
-org/bouncycastle/jce/provider/symmetric/NoekeonMappings.java \
+org/bouncycastle/jce/provider/symmetric/RC5.java \
+org/bouncycastle/jce/provider/symmetric/RC6.java \
+org/bouncycastle/jce/provider/symmetric/Rijndael.java \
 org/bouncycastle/jce/provider/symmetric/SEED.java \
-org/bouncycastle/jce/provider/symmetric/SEEDMappings.java \
-org/bouncycastle/jce/spec/ECKeySpec.java \
-org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java \
-org/bouncycastle/jce/spec/ECNamedCurveSpec.java \
-org/bouncycastle/jce/spec/ECParameterSpec.java \
-org/bouncycastle/jce/spec/ECPrivateKeySpec.java \
-org/bouncycastle/jce/spec/ECPublicKeySpec.java \
+org/bouncycastle/jce/provider/symmetric/Salsa20.java \
+org/bouncycastle/jce/provider/symmetric/Serpent.java \
+org/bouncycastle/jce/provider/symmetric/Skipjack.java \
+org/bouncycastle/jce/provider/symmetric/TEA.java \
+org/bouncycastle/jce/provider/symmetric/Twofish.java \
+org/bouncycastle/jce/provider/symmetric/VMPC.java \
+org/bouncycastle/jce/provider/symmetric/VMPCKSA3.java \
+org/bouncycastle/jce/provider/symmetric/XTEA.java \
 org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java \
 org/bouncycastle/jce/spec/ElGamalKeySpec.java \
 org/bouncycastle/jce/spec/ElGamalParameterSpec.java \
@@ -392,10 +376,10 @@
 org/bouncycastle/jce/spec/MQVPrivateKeySpec.java \
 org/bouncycastle/jce/spec/MQVPublicKeySpec.java \
 org/bouncycastle/jce/spec/package.html \
-org/bouncycastle/openssl/PEMException.java \
-org/bouncycastle/openssl/PEMReader.java \
-org/bouncycastle/openssl/PasswordException.java \
-org/bouncycastle/openssl/PasswordFinder.java \
+org/bouncycastle/math/ec/ReferenceMultiplier.java \
+org/bouncycastle/math/ec/package.html \
+org/bouncycastle/math/ec/test \
+org/bouncycastle/openssl/PKCS8Generator.java \
 org/bouncycastle/openssl/package.html \
 org/bouncycastle/util/AllTests.java \
 org/bouncycastle/util/CollectionStore.java \
@@ -409,6 +393,9 @@
 org/bouncycastle/util/encoders/UrlBase64.java \
 org/bouncycastle/util/encoders/UrlBase64Encoder.java \
 org/bouncycastle/util/encoders/package.html \
+org/bouncycastle/util/io/TeeInputStream.java \
+org/bouncycastle/util/io/TeeOutputStream.java \
+org/bouncycastle/util/io/pem/AllTests.java \
 org/bouncycastle/x509/CertPathReviewerException.java \
 org/bouncycastle/x509/CertPathReviewerMessages_de.properties \
 org/bouncycastle/x509/NoSuchParserException.java \
diff --git a/bouncycastle.version b/bouncycastle.version
index 4f5851f..281f7f5 100644
--- a/bouncycastle.version
+++ b/bouncycastle.version
@@ -1,2 +1,2 @@
 BOUNCYCASTLE_JDK=16
-BOUNCYCASTLE_VERSION=145
+BOUNCYCASTLE_VERSION=146
diff --git a/import_bouncycastle.sh b/import_bouncycastle.sh
index 2271dc0..297efef 100755
--- a/import_bouncycastle.sh
+++ b/import_bouncycastle.sh
@@ -104,7 +104,7 @@
 
   cd $BOUNCYCASTLE_DIR
 
-  cp -f LICENSE.html ../NOTICE
+  sed 's/<p>/& <BR>/g' LICENSE.html | html2text -width 102 -nobs -ascii > ../NOTICE
   touch ../MODULE_LICENSE_BSD_LIKE
 
   cd ..
diff --git a/jarjar-rules.txt b/jarjar-rules.txt
new file mode 100644
index 0000000..2f40de1
--- /dev/null
+++ b/jarjar-rules.txt
@@ -0,0 +1 @@
+rule org.bouncycastle.** com.android.@0
diff --git a/patches/README b/patches/README
index 7b4b872..d56a5d8 100644
--- a/patches/README
+++ b/patches/README
@@ -12,27 +12,28 @@
 - MD2
 - RC2
 
-Other performance (both speed and memory) changes:
+Other performance (both speed and memory) and correctness changes:
 - singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
 - similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
+- removed use of Boolean constructor
 - DERPrintableString interns its internal String values
 - DERObjectIdentifier interns its internal String indentifer value
 - changed uses of 'new Integer' to 'Integer.valueOf'
-- Added X509NameElementList to reduce small Vector allocation for X509Name key/value operations
-- Replaced X509Extensions hash/vector with new OrderedTable instance to cut down on memory allocation
-- PKCS12BagAttributeCarrier also uses OrderedTable to cut down on memory allocation
 - X509CertificateObject.getEncoded caches its result
-- Added IndexedPKIXParameters for faster cert lookup in CertPathValidatorUtilities.findTrustAnchor
-- CertPathValidatorUtilities.findTrustAnchor fast path compares encoded certs similar to PKIXCertPathValidatorSpi
-- Added ASN1Collection for use as new parent for ASN1Collection and ASN1Set to reduce small Vector allocation
 - removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
 - OpenSSLDigest uses NativeCrypto JNI API
 - KeyStoreSpis made more tolerant of non-existant and null aliases
 - PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases
 - Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
 - Make PKCS12 KeyStore tolerate setting with an empty certificate chain
+- Fixed cut & paste instanceof error in EncryptedPrivateKeyInfo
+- Make BouncyCastleProvider.PROVIDER_NAME final
 - Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
+- Added DSA support to JDKKeyManager.engineGetKeySpec
 
 Other security changes:
-- blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
-- blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
+- Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
+- Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
+
+Other changes:
+- Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime
diff --git a/patches/android.patch b/patches/android.patch
index f18dcab..452ec68 100644
--- a/patches/android.patch
+++ b/patches/android.patch
@@ -1,322 +1,20 @@
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java	2011-09-01 17:21:06.000000000 +0000
-@@ -0,0 +1,298 @@
-+package org.bouncycastle.asn1;
-+
-+import java.io.ByteArrayOutputStream;
-+import java.io.IOException;
-+import java.util.Enumeration;
-+import java.util.ConcurrentModificationException;
-+
-+// BEGIN android-note
-+/*
-+ * This is a new class that was synthesized from ASN1Sequence and
-+ * ASN1Set, but with extra smarts about efficiently storing its
-+ * elements.
-+ */
-+// END android-note
-+
-+/**
-+ * Base class for collection-like <code>DERObject</code>s. Instances
-+ * of this class will keep up to four elements directly, resorting to
-+ * an external collection only if more elements than that need to be
-+ * stored.
-+ */
-+public abstract class ASN1Collection
-+    extends ASN1Object
-+{
-+    /** &gt;= 0; size of the collection */
-+    private int size;
-+
-+    /** null-ok; element #0 */
-+    private DEREncodable obj0;
-+
-+    /** null-ok; element #1 */
-+    private DEREncodable obj1;
-+
-+    /** null-ok; element #2 */
-+    private DEREncodable obj2;
-+
-+    /** null-ok; element #3 */
-+    private DEREncodable obj3;
-+
-+    /** null-ok; elements #4 and higher */
-+    private DEREncodable[] rest;
-+
-+    /**
-+     * Returns the object at the postion indicated by index.
-+     *
-+     * @param index the index (starting at zero) of the object
-+     * @return the object at the postion indicated by index
-+     */
-+    public DEREncodable getObjectAt(int index) {
-+        if ((index < 0) || (index >= size)) {
-+            throw new IndexOutOfBoundsException(Integer.toString(index));
-+        }
-+                    
-+        switch (index) {
-+            case 0: return obj0;
-+            case 1: return obj1;
-+            case 2: return obj2;
-+            case 3: return obj3;
-+            default: return rest[index - 4];
-+        }
-+    }
-+
-+    /**
-+     * Returns the number of objects in this instance.
-+     *
-+     * @return the number of objects in this instance
-+     */
-+    public int size() {
-+        return size;
-+    }
-+
-+    /** {@inheritDoc} */
-+    public final int hashCode() {
-+        Enumeration e = this.getObjects();
-+        int hashCode = 0;
-+
-+        while (e.hasMoreElements()) {
-+            Object o = e.nextElement();
-+            
-+            if (o != null) {
-+                hashCode ^= o.hashCode();
-+            }
-+        }
-+
-+        return hashCode;
-+    }
-+
-+    /**
-+     * Adds a new element to this instance.
-+     * 
-+     * @param obj non-null; the instance to add
-+     */
-+    protected void addObject(DEREncodable obj) {
-+        if (obj == null) {
-+            throw new NullPointerException("obj == null");
-+        }
-+
-+        int sz = size;
-+        
-+        switch (sz) {
-+            case 0: obj0 = obj; break;
-+            case 1: obj1 = obj; break;
-+            case 2: obj2 = obj; break;
-+            case 3: obj3 = obj; break;
-+            case 4: {
-+                // Initial allocation of rest.
-+                rest = new DEREncodable[5];
-+                rest[0] = obj;
-+                break;
-+            }
-+            default: {
-+                int index = sz - 4;
-+                if (index >= rest.length) {
-+                    // Grow rest.
-+                    DEREncodable[] newRest = new DEREncodable[index * 2 + 10];
-+                    System.arraycopy(rest, 0, newRest, 0, rest.length);
-+                    rest = newRest;
-+                }
-+                rest[index] = obj;
-+                break;
-+            }
-+        }
-+
-+        size++;
-+    }
-+
-+    /**
-+     * Sets the element at a given index (used by {@link #sort}).
-+     * 
-+     * @param obj non-null; the object to set
-+     * @param index &gt;= 0; the index
-+     */
-+    private void setObjectAt(DEREncodable obj, int index) {
-+        switch (index) {
-+            case 0: obj0 = obj; break;
-+            case 1: obj1 = obj; break;
-+            case 2: obj2 = obj; break;
-+            case 3: obj3 = obj; break;
-+            default: {
-+                rest[index - 4] = obj;
-+                break;
-+            }
-+        }
-+    }
-+
-+    /**
-+     * Encodes this instance to the given stream.
-+     * 
-+     * @param out non-null; stream to encode to
-+     */
-+    /*package*/ abstract void encode(DEROutputStream out) throws IOException;
-+
-+    /**
-+     * Gets an enumeration of all the objects in this collection.
-+     * 
-+     * @return non-null; the enumeration
-+     */
-+    public Enumeration getObjects() {
-+        return new ASN1CollectionEnumeration();
-+    }
-+
-+    /**
-+     * Associated enumeration class.
-+     */
-+    private class ASN1CollectionEnumeration implements Enumeration {
-+        /** original size; used for modification detection */
-+        private final int origSize = size;
-+
-+        /** &gt;= 0; current cursor */
-+        private int at = 0;
-+
-+        /** {@inheritDoc} */
-+        public boolean hasMoreElements() {
-+            if (size != origSize) {
-+                throw new ConcurrentModificationException();
-+            }
-+
-+            return at < origSize;
-+        }
-+
-+        /** {@inheritDoc} */
-+        public Object nextElement() {
-+            if (size != origSize) {
-+                throw new ConcurrentModificationException();
-+            }
-+
-+            switch (at++) {
-+                case 0: return obj0;
-+                case 1: return obj1;
-+                case 2: return obj2;
-+                case 3: return obj3;
-+                default: return rest[at - 5];
-+            }
-+        }
-+    }
-+
-+    /**
-+     * Sorts the elements in this instance.
-+     */
-+    protected void sort() {
-+        if (size <= 1) {
-+            return;
-+        }
-+
-+        boolean swapped = true;
-+
-+        // TODO: This is bubble sort. Probably not the best choice.
-+        while (swapped) {
-+            int index = 0;
-+            byte[] a = getEncoded(getObjectAt(0));
-+                
-+            swapped = false;
-+                
-+            while (index != size - 1) {
-+                int nextIndex = index + 1;
-+                byte[] b = getEncoded(getObjectAt(nextIndex));
-+
-+                if (lessThanOrEqual(a, b)) {
-+                    a = b;
-+                } else {
-+                    DEREncodable o = getObjectAt(index);
-+                    
-+                    setObjectAt(getObjectAt(nextIndex), index);
-+                    setObjectAt(o, nextIndex);
-+
-+                    swapped = true;
-+                }
-+
-+                index++;
-+            }
-+        }
-+    }
-+    
-+    /**
-+     * Returns true if a <= b (arrays are assumed padded with zeros).
-+     */
-+    private static boolean lessThanOrEqual(byte[] a, byte[] b) {
-+        if (a.length <= b.length) {
-+            for (int i = 0; i != a.length; i++) {
-+                int l = a[i] & 0xff;
-+                int r = b[i] & 0xff;
-+                 
-+                if (r > l) {
-+                    return true;
-+                } else if (l > r) {
-+                    return false;
-+                }
-+            }
-+
-+            return true;
-+        } else {
-+            for (int i = 0; i != b.length; i++) {
-+                 int l = a[i] & 0xff;
-+                 int r = b[i] & 0xff;
-+                 
-+                 if (r > l) {
-+                     return true;
-+                 } else if (l > r) {
-+                     return false;
-+                 }
-+             }
-+
-+             return false;
-+         }
-+    }
-+
-+    /**
-+     * Gets the encoded form of an object.
-+     * 
-+     * @param obj non-null; object to encode
-+     * @return non-null; the encoded form
-+     */
-+    private static byte[] getEncoded(DEREncodable obj) {
-+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-+        ASN1OutputStream aOut = new ASN1OutputStream(bOut);
-+
-+        try {
-+            aOut.writeObject(obj);
-+        } catch (IOException e) {
-+            throw new IllegalArgumentException(
-+                    "cannot encode object added to collection");
-+        }
-+
-+        return bOut.toByteArray();
-+    }
-+
-+    /** {@inheritDoc} */
-+    public final String toString() {
-+        StringBuilder sb = new StringBuilder();
-+        sb.append('[');
-+        for (int i = 0; i < size; i++) {
-+            if (i != 0) sb.append(", ");
-+            sb.append(getObjectAt(i));
-+        }
-+        sb.append(']');
-+        return sb.toString();
-+    }
-+}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java	2011-09-01 17:21:06.000000000 +0000
-@@ -348,7 +348,9 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1InputStream.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java	2011-09-08 21:28:50.000000000 +0000
+@@ -363,7 +363,9 @@
              case BMP_STRING:
                  return new DERBMPString(bytes);
              case BOOLEAN:
--                return new DERBoolean(bytes);
+-                return new ASN1Boolean(bytes);
 +                // BEGIN android-changed
 +                return DERBoolean.getInstance(bytes);
 +                // END android-changed
              case ENUMERATED:
-                 return new DEREnumerated(bytes);
+                 return new ASN1Enumerated(bytes);
              case GENERALIZED_TIME:
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java	2011-09-08 21:28:50.000000000 +0000
 @@ -8,9 +8,11 @@
  public abstract class ASN1Null
      extends ASN1Object
@@ -330,522 +28,9 @@
  
      public int hashCode()
      {
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java	2011-09-01 17:21:06.000000000 +0000
-@@ -2,12 +2,20 @@
- 
- import java.io.IOException;
- import java.util.Enumeration;
--import java.util.Vector;
-+// BEGIN android-removed
-+// import java.util.Vector;
-+// END android-removed
-+
-+// BEGIN android-note
-+// Changed inheritence of class.
-+// END android-note
- 
- public abstract class ASN1Sequence
--    extends ASN1Object
-+    extends ASN1Collection
- {
--    private Vector seq = new Vector();
-+    // BEGIN android-removed
-+    // private Vector seq = new Vector();
-+    // END android-removed
- 
-     /**
-      * return an ASN1Sequence from the given object.
-@@ -85,10 +93,12 @@
-         throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName());
-     }
- 
--    public Enumeration getObjects()
--    {
--        return seq.elements();
--    }
-+    // BEGIN android-removed
-+    // public Enumeration getObjects()
-+    // {
-+    //     return seq.elements();
-+    // }
-+    // END android-removed
- 
-     public ASN1SequenceParser parser()
-     {
-@@ -127,45 +137,47 @@
-         };
-     }
- 
--    /**
--     * return the object at the sequence position indicated by index.
--     *
--     * @param index the sequence number (starting at zero) of the object
--     * @return the object at the sequence position indicated by index.
--     */
--    public DEREncodable getObjectAt(
--        int index)
--    {
--        return (DEREncodable)seq.elementAt(index);
--    }
--
--    /**
--     * return the number of objects in this sequence.
--     *
--     * @return the number of objects in this sequence.
--     */
--    public int size()
--    {
--        return seq.size();
--    }
--
--    public int hashCode()
--    {
--        Enumeration             e = this.getObjects();
--        int                     hashCode = size();
--
--        while (e.hasMoreElements())
--        {
--            Object o = e.nextElement();
--            hashCode *= 17;
--            if (o != null)
--            {
--                hashCode ^= o.hashCode();
--            }
--        }
--
--        return hashCode;
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * return the object at the sequence position indicated by index.
-+    //  *
-+    //  * @param index the sequence number (starting at zero) of the object
-+    //  * @return the object at the sequence position indicated by index.
-+    //  */
-+    // public DEREncodable getObjectAt(
-+    //     int index)
-+    // {
-+    //     return (DEREncodable)seq.elementAt(index);
-+    // }
-+    //
-+    // /**
-+    //  * return the number of objects in this sequence.
-+    //  *
-+    //  * @return the number of objects in this sequence.
-+    //  */
-+    // public int size()
-+    // {
-+    //     return seq.size();
-+    // }
-+    //
-+    // public int hashCode()
-+    // {
-+    //     Enumeration             e = this.getObjects();
-+    //     int                     hashCode = size();
-+    //
-+    //     while (e.hasMoreElements())
-+    //     {
-+    //         Object o = e.nextElement();
-+    //         hashCode *= 17;
-+    //         if (o != null)
-+    //         {
-+    //             hashCode ^= o.hashCode();
-+    //         }
-+    //     }
-+    //
-+    //     return hashCode;
-+    // }
-+    // END android-removed
- 
-     boolean asn1Equals(
-         DERObject  o)
-@@ -201,17 +213,19 @@
-         return true;
-     }
- 
--    protected void addObject(
--        DEREncodable obj)
--    {
--        seq.addElement(obj);
--    }
--
--    abstract void encode(DEROutputStream out)
--        throws IOException;
--
--    public String toString() 
--    {
--      return seq.toString();
--    }
-+    // BEGIN android-removed
-+    //protected void addObject(
-+    //    DEREncodable obj)
-+    //{
-+    //    seq.addElement(obj);
-+    //}
-+
-+    //abstract void encode(DEROutputStream out)
-+    //    throws IOException;
-+
-+    //public String toString() 
-+    //{
-+    //  return seq.toString();
-+    //}
-+    // END android-removed
- }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java	2011-09-01 17:21:06.000000000 +0000
-@@ -3,12 +3,20 @@
- import java.io.ByteArrayOutputStream;
- import java.io.IOException;
- import java.util.Enumeration;
--import java.util.Vector;
-+// BEGIN android-removed
-+// import java.util.Vector;
-+// END android-removed
-+
-+// BEGIN android-note
-+// Changed inheritence of class.
-+// END android-note
- 
- abstract public class ASN1Set
--    extends ASN1Object
-+    extends ASN1Collection
- {
--    protected Vector set = new Vector();
-+    // BEGIN android-removed
-+    // protected Vector set = new Vector();
-+    // END android-removed
- 
-     /**
-      * return an ASN1Set from the given object.
-@@ -104,32 +112,34 @@
-     {
-     }
- 
--    public Enumeration getObjects()
--    {
--        return set.elements();
--    }
--
--    /**
--     * return the object at the set position indicated by index.
--     *
--     * @param index the set number (starting at zero) of the object
--     * @return the object at the set position indicated by index.
--     */
--    public DEREncodable getObjectAt(
--        int index)
--    {
--        return (DEREncodable)set.elementAt(index);
--    }
--
--    /**
--     * return the number of objects in this set.
--     *
--     * @return the number of objects in this set.
--     */
--    public int size()
--    {
--        return set.size();
--    }
-+    // BEGIN android-removed
-+    // public Enumeration getObjects()
-+    // {
-+    //     return set.elements();
-+    // }
-+    //
-+    // /**
-+    //  * return the object at the set position indicated by index.
-+    //  *
-+    //  * @param index the set number (starting at zero) of the object
-+    //  * @return the object at the set position indicated by index.
-+    //  */
-+    // public DEREncodable getObjectAt(
-+    //     int index)
-+    // {
-+    //     return (DEREncodable)set.elementAt(index);
-+    // }
-+    //
-+    // /**
-+    //  * return the number of objects in this set.
-+    //  *
-+    //  * @return the number of objects in this set.
-+    //  */
-+    // public int size()
-+    // {
-+    //     return set.size();
-+    // }
-+    // END android-removed
- 
-     public ASN1SetParser parser()
-     {
-@@ -168,23 +178,25 @@
-         };
-     }
- 
--    public int hashCode()
--    {
--        Enumeration             e = this.getObjects();
--        int                     hashCode = size();
--
--        while (e.hasMoreElements())
--        {
--            Object o = e.nextElement();
--            hashCode *= 17;
--            if (o != null)
--            {
--                hashCode ^= o.hashCode();
--            }
--        }
--
--        return hashCode;
--    }
-+    // BEGIN android-removed
-+    // public int hashCode()
-+    // {
-+    //     Enumeration             e = this.getObjects();
-+    //     int                     hashCode = size();
-+    //
-+    //     while (e.hasMoreElements())
-+    //     {
-+    //         Object o = e.nextElement();
-+    //         hashCode *= 17;
-+    //         if (o != null)
-+    //         {
-+    //             hashCode ^= o.hashCode();
-+    //         }
-+    //     }
-+    //
-+    //     return hashCode;
-+    // }
-+    // END android-removed
- 
-     boolean asn1Equals(
-         DERObject  o)
-@@ -220,52 +232,54 @@
-         return true;
-     }
- 
--    /**
--     * return true if a <= b (arrays are assumed padded with zeros).
--     */
--    private boolean lessThanOrEqual(
--         byte[] a,
--         byte[] b)
--    {
--         if (a.length <= b.length)
--         {
--             for (int i = 0; i != a.length; i++)
--             {
--                 int    l = a[i] & 0xff;
--                 int    r = b[i] & 0xff;
--                 
--                 if (r > l)
--                 {
--                     return true;
--                 }
--                 else if (l > r)
--                 {
--                     return false;
--                 }
--             }
--
--             return true;
--         }
--         else
--         {
--             for (int i = 0; i != b.length; i++)
--             {
--                 int    l = a[i] & 0xff;
--                 int    r = b[i] & 0xff;
--                 
--                 if (r > l)
--                 {
--                     return true;
--                 }
--                 else if (l > r)
--                 {
--                     return false;
--                 }
--             }
--
--             return false;
--         }
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * return true if a <= b (arrays are assumed padded with zeros).
-+    //  */
-+    // private boolean lessThanOrEqual(
-+    //      byte[] a,
-+    //      byte[] b)
-+    // {
-+    //      if (a.length <= b.length)
-+    //      {
-+    //          for (int i = 0; i != a.length; i++)
-+    //          {
-+    //              int    l = a[i] & 0xff;
-+    //              int    r = b[i] & 0xff;
-+    //
-+    //              if (r > l)
-+    //              {
-+    //                  return true;
-+    //              }
-+    //              else if (l > r)
-+    //              {
-+    //                  return false;
-+    //              }
-+    //          }
-+    //
-+    //          return true;
-+    //      }
-+    //      else
-+    //      {
-+    //          for (int i = 0; i != b.length; i++)
-+    //          {
-+    //              int    l = a[i] & 0xff;
-+    //              int    r = b[i] & 0xff;
-+    //
-+    //              if (r > l)
-+    //              {
-+    //                  return true;
-+    //              }
-+    //              else if (l > r)
-+    //              {
-+    //                  return false;
-+    //              }
-+    //          }
-+    //
-+    //          return false;
-+    //      }
-+    // }
-+    // END android-removed
- 
-     private byte[] getEncoded(
-         DEREncodable obj)
-@@ -285,59 +299,61 @@
-         return bOut.toByteArray();
-     }
- 
--    protected void sort()
--    {
--        if (set.size() > 1)
--        {
--            boolean    swapped = true;
--            int        lastSwap = set.size() - 1;
--
--            while (swapped)
--            {
--                int    index = 0;
--                int    swapIndex = 0;
--                byte[] a = getEncoded((DEREncodable)set.elementAt(0));
--                
--                swapped = false;
--
--                while (index != lastSwap)
--                {
--                    byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1));
--
--                    if (lessThanOrEqual(a, b))
--                    {
--                        a = b;
--                    }
--                    else
--                    {
--                        Object  o = set.elementAt(index);
--
--                        set.setElementAt(set.elementAt(index + 1), index);
--                        set.setElementAt(o, index + 1);
--
--                        swapped = true;
--                        swapIndex = index;
--                    }
--
--                    index++;
--                }
--
--                lastSwap = swapIndex;
--            }
--        }
--    }
--
--    protected void addObject(
--        DEREncodable obj)
--    {
--        set.addElement(obj);
--    }
--
--    abstract void encode(DEROutputStream out)
--            throws IOException;
--
--    public String toString() 
--    {
--      return set.toString();
--    }
-+    // BEGIN android-removed
-+    // protected void sort()
-+    // {
-+    //     if (set.size() > 1)
-+    //     {
-+    //         boolean    swapped = true;
-+    //         int        lastSwap = set.size() - 1;
-+    //
-+    //         while (swapped)
-+    //         {
-+    //             int    index = 0;
-+    //             int    swapIndex = 0;
-+    //             byte[] a = getEncoded((DEREncodable)set.elementAt(0));
-+    //
-+    //             swapped = false;
-+    //
-+    //             while (index != lastSwap)
-+    //             {
-+    //                 byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1));
-+    //
-+    //                 if (lessThanOrEqual(a, b))
-+    //                 {
-+    //                     a = b;
-+    //                 }
-+    //                 else
-+    //                 {
-+    //                     Object  o = set.elementAt(index);
-+    //
-+    //                     set.setElementAt(set.elementAt(index + 1), index);
-+    //                     set.setElementAt(o, index + 1);
-+    //
-+    //                     swapped = true;
-+    //                     swapIndex = index;
-+    //                 }
-+    //
-+    //                 index++;
-+    //             }
-+    //
-+    //             lastSwap = swapIndex;
-+    //         }
-+    //     }
-+    // }
-+    //
-+    // protected void addObject(
-+    //     DEREncodable obj)
-+    // {
-+    //     set.addElement(obj);
-+    // }
-+    //
-+    // abstract void encode(DEROutputStream out)
-+    //         throws IOException;
-+    //
-+    // public String toString() 
-+    // {
-+    //   return set.toString();
-+    // }
-+    // END android-removed
- }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java	2011-09-08 21:28:50.000000000 +0000
 @@ -5,7 +5,9 @@
  public class DERBoolean
      extends ASN1Object
@@ -857,18 +42,7 @@
  
      public static final DERBoolean FALSE = new DERBoolean(false);
      public static final DERBoolean TRUE  = new DERBoolean(true);
-@@ -25,7 +27,9 @@
- 
-         if (obj instanceof ASN1OctetString)
-         {
--            return new DERBoolean(((ASN1OctetString)obj).getOctets());
-+            // BEGIN android-changed
-+            return getInstance(((ASN1OctetString)obj).getOctets());
-+            // END android-changed
-         }
- 
-         if (obj instanceof ASN1TaggedObject)
-@@ -45,6 +49,17 @@
+@@ -35,6 +37,17 @@
          return (value ? TRUE : FALSE);
      }
  
@@ -886,64 +60,51 @@
      /**
       * return a Boolean from a tagged object.
       *
-@@ -60,18 +75,22 @@
-     {
-         return getInstance(obj.getObject());
+@@ -56,23 +69,29 @@
+         }
+         else
+         {
+-            return new DERBoolean(((ASN1OctetString)o).getOctets());
++            // BEGIN android-changed
++            return getInstance(((ASN1OctetString)o).getOctets());
++            // END android-changed
+         }
      }
--    
+     
 -    public DERBoolean(
 -        byte[]       value)
 -    {
+-        if (value.length != 1)
+-        {
+-            throw new IllegalArgumentException("byte value should have 1 byte in it");
+-        }
+-        
 -        this.value = value[0];
 -    }
++    // BEGIN android-removed
++    // public DERBoolean(
++    //     byte[]       value)
++    // {
++    //     if (value.length != 1)
++    //     {
++    //         throw new IllegalArgumentException("byte value should have 1 byte in it");
++    //     }
++    //
++    //     this.value = value[0];
++    // }
++    // END android-removed
  
 -    public DERBoolean(
-+    // BEGIN android-removed
-+    //private DERBoolean(
-+    //    byte[]       value)
-+    //{
-+    //    this.value = value[0];
-+    //}
-+    // END android-removed
-+
 +    // BEGIN android-changed
-+    private DERBoolean(
++    protected DERBoolean(
          boolean     value)
++    // END android-changed
      {
          this.value = (value) ? (byte)0xff : (byte)0;
      }
-+    // END android-changed
- 
-     public boolean isTrue()
-     {
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java	2011-09-01 17:21:06.000000000 +0000
-@@ -144,7 +144,9 @@
-                 return new DERConstructedSet(v);
-             }
-         case BOOLEAN:
--            return new DERBoolean(bytes);
-+            // BEGIN android-changed
-+            return DERBoolean.getInstance(bytes);
-+            // BEGIN android-changed
-         case INTEGER:
-             return new DERInteger(bytes);
-         case ENUMERATED:
-@@ -195,7 +197,9 @@
-                 {
-                     if ((tag & CONSTRUCTED) == 0)
-                     {
--                        return new DERTaggedObject(false, tag & 0x1f, new DERNull());
-+                        // BEGIN android-changed
-+                        return new DERTaggedObject(false, tag & 0x1f, DERNull.INSTANCE);
-+                        // END android-changed
-                     }
-                     else
-                     {
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java	2011-09-08 21:28:50.000000000 +0000
 @@ -10,9 +10,13 @@
  {
      public static final DERNull INSTANCE = new DERNull();
@@ -960,10 +121,10 @@
      {
      }
  
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java	2011-09-01 17:21:06.000000000 +0000
-@@ -111,7 +111,13 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java	2011-09-08 21:28:50.000000000 +0000
+@@ -110,7 +110,13 @@
              }
          }
  
@@ -978,7 +139,7 @@
      }
  
      public DERObjectIdentifier(
-@@ -122,7 +128,13 @@
+@@ -121,7 +127,13 @@
              throw new IllegalArgumentException("string " + identifier + " not an OID");
          }
  
@@ -993,9 +154,9 @@
      }
  
      public String getId()
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERPrintableString.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java	2011-09-08 21:28:50.000000000 +0000
 @@ -9,7 +9,9 @@
      extends ASN1Object
      implements DERString
@@ -1007,7 +168,7 @@
  
      /**
       * return a printable string from the passed in object.
-@@ -66,7 +68,9 @@
+@@ -65,7 +67,9 @@
              cs[i] = (char)(string[i] & 0xff);
          }
  
@@ -1018,7 +179,7 @@
      }
  
      /**
-@@ -95,7 +99,9 @@
+@@ -94,7 +98,9 @@
              throw new IllegalArgumentException("string contains illegal characters");
          }
  
@@ -1029,321 +190,99 @@
      }
  
      public String getString()
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java	2011-09-01 17:21:06.000000000 +0000
-@@ -0,0 +1,281 @@
-+package org.bouncycastle.asn1;
-+
-+import java.util.Enumeration;
-+import java.util.ConcurrentModificationException;
-+
-+// BEGIN android-note
-+/*
-+ * This is a new class that was synthesized from the observed
-+ * requirement for a lookup table that preserves order. Since in
-+ * practice the element count is typically very low, we just use a
-+ * flat list rather than doing any hashing / bucketing.
-+ */
-+// END android-note
-+
-+/**
-+ * Ordered lookup table. Instances of this class will keep up to four
-+ * key-value pairs directly, resorting to an external collection only
-+ * if more elements than that need to be stored.
-+ */
-+public final class OrderedTable {
-+    /** null-ok; key #0 */
-+    private DERObjectIdentifier key0;
-+    
-+    /** null-ok; key #1 */
-+    private DERObjectIdentifier key1;
-+
-+    /** null-ok; key #2 */
-+    private DERObjectIdentifier key2;
-+
-+    /** null-ok; key #3 */
-+    private DERObjectIdentifier key3;
-+    
-+    /** null-ok; value #0 */
-+    private Object value0;
-+    
-+    /** null-ok; value #1 */
-+    private Object value1;
-+
-+    /** null-ok; value #2 */
-+    private Object value2;
-+
-+    /** null-ok; value #3 */
-+    private Object value3;
-+    
-+    /**
-+     * null-ok; array of additional keys and values, alternating
-+     * key then value, etc. 
-+     */
-+    private Object[] rest;
-+
-+    /** &gt;= 0; number of elements in the list */
-+    private int size;
-+
-+    // Note: Default public constructor.
-+
-+    /**
-+     * Adds an element assuming no duplicate key.
-+     * 
-+     * @see #put
-+     * 
-+     * @param key non-null; the key
-+     * @param value non-null; the value
-+     */
-+    public void add(DERObjectIdentifier key, Object value) {
-+        if (key == null) {
-+            throw new NullPointerException("key == null");
-+        }
-+
-+        if (value == null) {
-+            throw new NullPointerException("value == null");
-+        }
-+
-+        int sz = size;
-+
-+        switch (sz) {
-+            case 0: {
-+                key0 = key;
-+                value0 = value;
-+                break;
-+            }
-+            case 1: {
-+                key1 = key;
-+                value1 = value;
-+                break;
-+            }
-+            case 2: {
-+                key2 = key;
-+                value2 = value;
-+                break;
-+            }
-+            case 3: {
-+                key3 = key;
-+                value3 = value;
-+                break;
-+            }
-+            case 4: {
-+                // Do initial allocation of rest.
-+                rest = new Object[10];
-+                rest[0] = key;
-+                rest[1] = value;
-+                break;
-+            }
-+            default: {
-+                int index = (sz - 4) * 2;
-+                int index1 = index + 1;
-+                if (index1 >= rest.length) {
-+                    // Grow rest.
-+                    Object[] newRest = new Object[index1 * 2 + 10];
-+                    System.arraycopy(rest, 0, newRest, 0, rest.length);
-+                    rest = newRest;
-+                }
-+                rest[index] = key;
-+                rest[index1] = value;
-+                break;
-+            }
-+        }
-+        
-+        size = sz + 1;
-+    }
-+
-+    /**
-+     * Gets the number of elements in this instance.
-+     */
-+    public int size() {
-+        return size;
-+    }
-+
-+    /**
-+     * Look up the given key, returning the associated value if found.
-+     * 
-+     * @param key non-null; the key to look up
-+     * @return null-ok; the associated value
-+     */
-+    public Object get(DERObjectIdentifier key) {
-+        int keyHash = key.hashCode();
-+        int sz = size;
-+
-+        for (int i = 0; i < size; i++) {
-+            DERObjectIdentifier probe = getKey(i);
-+            if ((probe.hashCode() == keyHash) &&
-+                    probe.equals(key)) {
-+                return getValue(i);
-+            }
-+        }
-+
-+        return null;
-+    }
-+    
-+    /**
-+     * Replace a key if present, otherwise add
-+     * 
-+     * @see #add
-+     * 
-+     * @param key non-null; the key
-+     * @param value non-null; the value
-+     */
-+    public void put(DERObjectIdentifier key, Object value) {
-+        if (key == null) {
-+            throw new NullPointerException("key == null");
-+        }
-+
-+        if (value == null) {
-+            throw new NullPointerException("value == null");
-+        }
-+
-+        int keyHash = key.hashCode();
-+        int sz = size;
-+
-+        for (int i = 0; i < size; i++) {
-+            DERObjectIdentifier probe = getKey(i);
-+            if ((probe.hashCode() == keyHash) &&
-+                    probe.equals(key)) {
-+                setValue(i, value);
-+                return;
-+            }
-+        }
-+
-+        add(key, value);
-+    }
-+    
-+    /**
-+     * Gets the nth key.
-+     * 
-+     * @param n index
-+     * @return non-null; the nth key
-+     */
-+    public DERObjectIdentifier getKey(int n) {
-+        if ((n < 0) || (n >= size)) {
-+            throw new IndexOutOfBoundsException(Integer.toString(n));
-+        }
-+
-+        switch (n) {
-+            case 0: return key0;
-+            case 1: return key1;
-+            case 2: return key2;
-+            case 3: return key3;
-+            default: return (DERObjectIdentifier) rest[(n - 4) * 2];
-+        }
-+    }
-+
-+    /**
-+     * Gets the nth value.
-+     * 
-+     * @param n index
-+     * @return non-null; the nth value
-+     */
-+    public Object getValue(int n) {
-+        if ((n < 0) || (n >= size)) {
-+            throw new IndexOutOfBoundsException(Integer.toString(n));
-+        }
-+
-+        switch (n) {
-+            case 0: return value0;
-+            case 1: return value1;
-+            case 2: return value2;
-+            case 3: return value3;
-+            default: return rest[((n - 4) * 2) + 1];
-+        }
-+    }
-+
-+    /**
-+     * Sets the nth value.
-+     * 
-+     * @param n index
-+     * @param value non-null object
-+     */
-+    public void setValue(int n, Object value) {
-+        if ((n < 0) || (n >= size)) {
-+            throw new IndexOutOfBoundsException(Integer.toString(n));
-+        }
-+        if (value == null) {
-+            throw new NullPointerException("value == null");
-+        }
-+
-+        switch (n) {
-+            case 0: value0 = value; return;
-+            case 1: value1 = value; return;
-+            case 2: value2 = value; return;
-+            case 3: value3 = value; return;
-+            default: rest[((n - 4) * 2) + 1] = value; return;
-+        }
-+    }
-+
-+    /**
-+     * Gets an enumeration of the keys, in order.
-+     * 
-+     * @return non-null; an enumeration of the keys
-+     */
-+    public Enumeration getKeys() {
-+        return new KeyEnumeration();
-+    }
-+
-+    /**
-+     * Associated enumeration class.
-+     */
-+    private class KeyEnumeration implements Enumeration {
-+        /** original size; used for modification detection */
-+        private final int origSize = size;
-+
-+        /** &gt;= 0; current cursor */
-+        private int at = 0;
-+
-+        /** {@inheritDoc} */
-+        public boolean hasMoreElements() {
-+            if (size != origSize) {
-+                throw new ConcurrentModificationException();
-+            }
-+
-+            return at < origSize;
-+        }
-+
-+        /** {@inheritDoc} */
-+        public Object nextElement() {
-+            if (size != origSize) {
-+                throw new ConcurrentModificationException();
-+            }
-+
-+            return getKey(at++);
-+        }
-+    }
-+}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2011-09-01 17:21:06.000000000 +0000
-@@ -10,7 +10,10 @@
-     //
-     static final String                 pkcs_1                    = "1.2.840.113549.1.1";
-     static final DERObjectIdentifier    rsaEncryption             = new DERObjectIdentifier(pkcs_1 + ".1");
--    static final DERObjectIdentifier    md2WithRSAEncryption      = new DERObjectIdentifier(pkcs_1 + ".2");
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/cms/ContentInfo.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java	2011-09-08 21:28:50.000000000 +0000
+@@ -12,7 +12,9 @@
+ 
+ public class ContentInfo
+     extends ASN1Encodable
+-    implements CMSObjectIdentifiers
 +    // BEGIN android-removed
-+    // Dropping MD2
-+    // static final DERObjectIdentifier    md2WithRSAEncryption      = new DERObjectIdentifier(pkcs_1 + ".2");
++    // implements CMSObjectIdentifiers
 +    // END android-removed
-     static final DERObjectIdentifier    md4WithRSAEncryption      = new DERObjectIdentifier(pkcs_1 + ".3");
-     static final DERObjectIdentifier    md5WithRSAEncryption      = new DERObjectIdentifier(pkcs_1 + ".4");
-     static final DERObjectIdentifier    sha1WithRSAEncryption     = new DERObjectIdentifier(pkcs_1 + ".5");
-@@ -65,7 +68,10 @@
+ {
+     private ASN1ObjectIdentifier contentType;
+     private DEREncodable        content;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java	2011-09-08 21:28:50.000000000 +0000
+@@ -37,10 +37,13 @@
+     public static EncryptedPrivateKeyInfo getInstance(
+         Object  obj)
+     {
+-        if (obj instanceof EncryptedData)
++        // BEGIN android-changed
++        //     fix copy and paste error in instanceof call
++        if (obj instanceof EncryptedPrivateKeyInfo)
+         {
+             return (EncryptedPrivateKeyInfo)obj;
+         }
++        // END android-changed
+         else if (obj instanceof ASN1Sequence)
+         { 
+             return new EncryptedPrivateKeyInfo((ASN1Sequence)obj);
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2011-09-08 21:28:50.000000000 +0000
+@@ -10,8 +10,10 @@
+     //
+     static final ASN1ObjectIdentifier    pkcs_1                    = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
+     static final ASN1ObjectIdentifier    rsaEncryption             = pkcs_1.branch("1");
+-    static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
+-    static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
++    // BEGIN android-removed
++    // static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
++    // static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
++    // END android-removed
+     static final ASN1ObjectIdentifier    md5WithRSAEncryption      = pkcs_1.branch("4");
+     static final ASN1ObjectIdentifier    sha1WithRSAEncryption     = pkcs_1.branch("5");
+     static final ASN1ObjectIdentifier    srsaOAEPEncryptionSET     = pkcs_1.branch("6");
+@@ -22,7 +24,9 @@
+     static final ASN1ObjectIdentifier    sha256WithRSAEncryption   = pkcs_1.branch("11");
+     static final ASN1ObjectIdentifier    sha384WithRSAEncryption   = pkcs_1.branch("12");
+     static final ASN1ObjectIdentifier    sha512WithRSAEncryption   = pkcs_1.branch("13");
+-    static final ASN1ObjectIdentifier    sha224WithRSAEncryption   = pkcs_1.branch("14");
++    // BEGIN android-removed
++    // static final ASN1ObjectIdentifier    sha224WithRSAEncryption   = pkcs_1.branch("14");
++    // END android-removed
+ 
+     //
+     // pkcs-3 OBJECT IDENTIFIER ::= {
+@@ -65,13 +69,17 @@
      // md2 OBJECT IDENTIFIER ::=
      //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2}
      //
--    static final DERObjectIdentifier    md2                     = new DERObjectIdentifier(digestAlgorithm + ".2");
+-    static final ASN1ObjectIdentifier    md2                    = digestAlgorithm.branch("2");
 +    // BEGIN android-removed
-+    // Dropping MD2
-+    // static final DERObjectIdentifier    md2                     = new DERObjectIdentifier(digestAlgorithm + ".2");
++    // static final ASN1ObjectIdentifier    md2                    = digestAlgorithm.branch("2");
 +    // END android-removed
  
      //
      // md4 OBJECT IDENTIFIER ::=
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java	2011-09-01 17:21:06.000000000 +0000
+     //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4}
+     //
+-    static final ASN1ObjectIdentifier    md4 = digestAlgorithm.branch("4");
++    // BEGIN android-removed
++    // static final ASN1ObjectIdentifier    md4 = digestAlgorithm.branch("4");
++    // END android-removed
+ 
+     //
+     // md5 OBJECT IDENTIFIER ::=
+@@ -80,7 +88,9 @@
+     static final ASN1ObjectIdentifier    md5                     = digestAlgorithm.branch("5");
+ 
+     static final ASN1ObjectIdentifier    id_hmacWithSHA1         = digestAlgorithm.branch("7");
+-    static final ASN1ObjectIdentifier    id_hmacWithSHA224       = digestAlgorithm.branch("8");
++    // BEGIN android-removed
++    // static final ASN1ObjectIdentifier    id_hmacWithSHA224       = digestAlgorithm.branch("8");
++    // END android-removed
+     static final ASN1ObjectIdentifier    id_hmacWithSHA256       = digestAlgorithm.branch("9");
+     static final ASN1ObjectIdentifier    id_hmacWithSHA384       = digestAlgorithm.branch("10");
+     static final ASN1ObjectIdentifier    id_hmacWithSHA512       = digestAlgorithm.branch("11");
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java	2011-09-08 21:28:50.000000000 +0000
 @@ -19,7 +19,9 @@
      private AlgorithmIdentifier maskGenAlgorithm;
      private AlgorithmIdentifier pSourceAlgorithm;
@@ -1355,9 +294,9 @@
      public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM);
      public final static AlgorithmIdentifier DEFAULT_P_SOURCE_ALGORITHM = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(new byte[0]));
      
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java	2011-09-08 21:28:50.000000000 +0000
 @@ -20,7 +20,9 @@
      private DERInteger          saltLength;
      private DERInteger          trailerField;
@@ -1369,10 +308,10 @@
      public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM);
      public final static DERInteger          DEFAULT_SALT_LENGTH = new DERInteger(20);
      public final static DERInteger          DEFAULT_TRAILER_FIELD = new DERInteger(1);
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java	2011-09-01 17:21:06.000000000 +0000
-@@ -90,7 +90,9 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java	2011-09-08 21:28:50.000000000 +0000
+@@ -79,7 +79,9 @@
              {
                  Object  o = e.nextElement();
  
@@ -1383,9 +322,9 @@
                  {
                      buf.append(tab);
                      buf.append("NULL");
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java	2011-09-08 21:28:50.000000000 +0000
 @@ -45,7 +45,7 @@
          ASN1TaggedObject obj,
          boolean          explicit)
@@ -1395,9 +334,9 @@
      }
  
      /**
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java	2011-09-08 21:28:50.000000000 +0000
 @@ -14,7 +14,9 @@
  public class BasicConstraints
      extends ASN1Encodable
@@ -1442,9 +381,9 @@
          this.pathLenConstraint = new DERInteger(pathLenConstraint);
      }
  
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java	2011-09-08 21:28:50.000000000 +0000
 @@ -96,11 +96,15 @@
          }
          if (onlyContainsUserCerts)
@@ -1481,156 +420,10 @@
          }
  
          seq = new DERSequence(vec);
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java	2011-09-01 17:21:06.000000000 +0000
-@@ -9,6 +9,9 @@
- import org.bouncycastle.asn1.DERObject;
- import org.bouncycastle.asn1.DERObjectIdentifier;
- import org.bouncycastle.asn1.DERSequence;
-+// BEGIN android-added
-+import org.bouncycastle.asn1.OrderedTable;
-+// END android-added
- 
- import java.util.Enumeration;
- import java.util.Hashtable;
-@@ -172,8 +175,9 @@
-      */
-     public static final DERObjectIdentifier TargetInformation = new DERObjectIdentifier("2.5.29.55");
-     
--    private Hashtable               extensions = new Hashtable();
--    private Vector                  ordering = new Vector();
-+    // BEGIN android-changed
-+    private OrderedTable table = new OrderedTable();
-+    // END android-changed
- 
-     public static X509Extensions getInstance(
-         ASN1TaggedObject obj,
-@@ -217,20 +221,26 @@
-         {
-             ASN1Sequence            s = ASN1Sequence.getInstance(e.nextElement());
- 
--            if (s.size() == 3)
-+            // BEGIN android-changed
-+            int sSize = s.size();
-+            DERObjectIdentifier key = (DERObjectIdentifier) s.getObjectAt(0);
-+            Object value;
-+            
-+            if (sSize == 3)
-             {
--                extensions.put(s.getObjectAt(0), new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))));
-+                value = new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2)));
-             }
--            else if (s.size() == 2)
-+            else if (sSize == 2)
-             {
--                extensions.put(s.getObjectAt(0), new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1))));
-+                value = new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1)));
-             }
-             else
-             {
--                throw new IllegalArgumentException("Bad sequence size: " + s.size());
-+                throw new IllegalArgumentException("Bad sequence size: " + sSize);
-             }
- 
--            ordering.addElement(s.getObjectAt(0));
-+            table.add(key, value);
-+            // END android-changed
-         }
-     }
- 
-@@ -265,20 +275,14 @@
-             e = ordering.elements();
-         }
- 
--        while (e.hasMoreElements())
--        {
--            this.ordering.addElement(e.nextElement()); 
--        }
--
--        e = this.ordering.elements();
--
-+        // BEGIN android-changed
-         while (e.hasMoreElements())
-         {
-             DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
-             X509Extension           ext = (X509Extension)extensions.get(oid);
--
--            this.extensions.put(oid, ext);
-+            table.add(oid, ext);
-         }
-+        // END android-changed
-     }
- 
-     /**
-@@ -293,23 +297,18 @@
-     {
-         Enumeration e = objectIDs.elements();
- 
--        while (e.hasMoreElements())
--        {
--            this.ordering.addElement(e.nextElement()); 
--        }
--
-+        // BEGIN android-changed
-         int count = 0;
-         
--        e = this.ordering.elements();
--
-         while (e.hasMoreElements())
-         {
-             DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
-             X509Extension           ext = (X509Extension)values.elementAt(count);
- 
--            this.extensions.put(oid, ext);
-+            table.add(oid, ext);
-             count++;
-         }
-+        // END android-changed
-     }
-     
-     /**
-@@ -317,7 +316,9 @@
-      */
-     public Enumeration oids()
-     {
--        return ordering.elements();
-+        // BEGIN android-changed
-+        return table.getKeys();
-+        // END android-changed
-     }
- 
-     /**
-@@ -329,7 +330,9 @@
-     public X509Extension getExtension(
-         DERObjectIdentifier oid)
-     {
--        return (X509Extension)extensions.get(oid);
-+        // BEGIN android-changed
-+        return (X509Extension)table.get(oid);
-+        // END android-changed
-     }
- 
-     /**
-@@ -345,19 +348,23 @@
-     public DERObject toASN1Object()
-     {
-         ASN1EncodableVector     vec = new ASN1EncodableVector();
--        Enumeration             e = ordering.elements();
-+        // BEGIN android-changed
-+        int                     size = table.size();
- 
--        while (e.hasMoreElements())
-+        for (int i = 0; i < size; i++)
-         {
--            DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
--            X509Extension           ext = (X509Extension)extensions.get(oid);
-+            DERObjectIdentifier     oid = table.getKey(i);
-+            X509Extension           ext = (X509Extension)table.getValue(i);
-+            // END android-changed
-             ASN1EncodableVector     v = new ASN1EncodableVector();
- 
-             v.add(oid);
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java	2011-09-08 21:28:50.000000000 +0000
+@@ -400,7 +400,9 @@
  
              if (ext.isCritical())
              {
@@ -1641,714 +434,47 @@
              }
  
              v.add(ext.getValue());
-@@ -371,18 +378,24 @@
-     public boolean equivalent(
-         X509Extensions other)
-     {
--        if (extensions.size() != other.extensions.size())
-+        // BEGIN android-changed
-+        if (table.size() != other.table.size())
-+        // END android-changed
-         {
-             return false;
-         }
- 
--        Enumeration     e1 = extensions.keys();
-+        // BEGIN android-changed
-+        Enumeration     e1 = table.getKeys();
-+        // END android-changed
- 
-         while (e1.hasMoreElements())
-         {
--            Object  key = e1.nextElement();
-+            // BEGIN android-changed
-+            DERObjectIdentifier  key = (DERObjectIdentifier)e1.nextElement();
- 
--            if (!extensions.get(key).equals(other.extensions.get(key)))
-+            if (!table.get(key).equals(other.table.get(key)))
-+            // END android-changed
-             {
-                 return false;
-             }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java	2011-09-01 17:21:06.000000000 +0000
-@@ -247,8 +247,10 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java	2011-09-08 21:28:50.000000000 +0000
+@@ -249,8 +249,10 @@
       */
      public static final Hashtable SymbolLookUp = DefaultLookUp;
  
 -    private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility
 -    private static final Boolean FALSE = new Boolean(false);
-+    // BEGIN android-removed
-+    //private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility
-+    //private static final Boolean FALSE = new Boolean(false);
-+    // END android-removed
++    // BEGIN android-changed
++    private static final Boolean TRUE = Boolean.TRUE;
++    private static final Boolean FALSE = Boolean.FALSE;
++    // END android-changed
  
      static
      {
-@@ -340,9 +342,9 @@
-     }
- 
-     private X509NameEntryConverter  converter = null;
--    private Vector                  ordering = new Vector();
--    private Vector                  values = new Vector();
--    private Vector                  added = new Vector();
-+    // BEGIN android-changed
-+    private X509NameElementList     elems = new X509NameElementList();
-+    // END android-changed
- 
-     private ASN1Sequence            seq;
- 
-@@ -403,26 +405,30 @@
-                        throw new IllegalArgumentException("badly sized pair");
-                    }
- 
--                   ordering.addElement(DERObjectIdentifier.getInstance(s.getObjectAt(0)));
-+                   // BEGIN android-changed
-+                   DERObjectIdentifier key = DERObjectIdentifier.getInstance(s.getObjectAt(0));
-                    
-                    DEREncodable value = s.getObjectAt(1);
-+                   String valueStr;
-                    if (value instanceof DERString && !(value instanceof DERUniversalString))
+@@ -432,7 +434,9 @@
                     {
-                        String v = ((DERString)value).getString();
-                        if (v.length() > 0 && v.charAt(0) == '#')
-                        {
--                           values.addElement("\\" + v);
-+                           valueStr = "\\" + v;
-                        }
-                        else
-                        {
--                           values.addElement(v);
-+                           valueStr = v;
-                        }
-                    }
-                    else
-                    {
--                       values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded())));
-+                       valueStr = "#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()));
+                        values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded())));
                     }
 -                   added.addElement((i != 0) ? TRUE : FALSE);  // to allow earlier JDK compatibility
-+                   boolean added = (i != 0);  // to allow earlier JDK compatibility
-+                   elems.add(key, valueStr, added);
++                   // BEGIN android-changed
++                   added.addElement(Boolean.valueOf(i != 0));
 +                   // END android-changed
              }
          }
      }
-@@ -476,14 +482,23 @@
-         Hashtable                attributes,
-         X509NameEntryConverter   converter)
-     {
-+        // BEGIN android-changed
-+        DERObjectIdentifier problem = null;
-         this.converter = converter;
- 
-         if (ordering != null)
-         {
-             for (int i = 0; i != ordering.size(); i++)
-             {
--                this.ordering.addElement(ordering.elementAt(i));
--                this.added.addElement(FALSE);
-+                DERObjectIdentifier key =
-+                    (DERObjectIdentifier) ordering.elementAt(i);
-+                String value = (String) attributes.get(key);
-+                if (value == null)
-+                {
-+                    problem = key;
-+                    break;
-+                }
-+                elems.add(key, value);
-             }
-         }
-         else
-@@ -492,22 +507,23 @@
- 
-             while (e.hasMoreElements())
-             {
--                this.ordering.addElement(e.nextElement());
--                this.added.addElement(FALSE);
-+                DERObjectIdentifier key =
-+                    (DERObjectIdentifier) e.nextElement();
-+                String value = (String) attributes.get(key);
-+                if (value == null)
-+                {
-+                    problem = key;
-+                    break;
-+                }
-+                elems.add(key, value);
-             }
-         }
- 
--        for (int i = 0; i != this.ordering.size(); i++)
-+        if (problem != null)
-         {
--            DERObjectIdentifier     oid = (DERObjectIdentifier)this.ordering.elementAt(i);
--
--            if (attributes.get(oid) == null)
--            {
--                throw new IllegalArgumentException("No attribute for object id - " + oid.getId() + " - passed to distinguished name");
--            }
--
--            this.values.addElement(attributes.get(oid)); // copy the hash table
-+            throw new IllegalArgumentException("No attribute for object id - " + problem.getId() + " - passed to distinguished name");
-         }
-+        // END android-changed
-     }
- 
-     /**
-@@ -540,9 +556,10 @@
- 
-         for (int i = 0; i < oids.size(); i++)
-         {
--            this.ordering.addElement(oids.elementAt(i));
--            this.values.addElement(values.elementAt(i));
--            this.added.addElement(FALSE);
-+            // BEGIN android-changed
-+            elems.add((DERObjectIdentifier) oids.elementAt(i),
-+                    (String) values.elementAt(i));
-+            // END android-changed
-         }
-     }
- 
-@@ -679,7 +696,7 @@
+@@ -689,7 +693,9 @@
  
              if (index == -1)
              {
 -                throw new IllegalArgumentException("badly formated directory string");
++                // BEGIN android-changed
 +                throw new IllegalArgumentException("badly formatted directory string");
++                // END android-changed
              }
  
              String              name = token.substring(0, index);
-@@ -691,9 +708,9 @@
-                 X509NameTokenizer   vTok = new X509NameTokenizer(value, '+');
-                 String  v = vTok.nextToken();
- 
--                this.ordering.addElement(oid);
--                this.values.addElement(v);
--                this.added.addElement(FALSE);
-+                // BEGIN android-changed
-+                this.elems.add(oid, v);
-+                // END android-changed
- 
-                 while (vTok.hasMoreTokens())
-                 {
-@@ -702,48 +719,24 @@
- 
-                     String  nm = sv.substring(0, ndx);
-                     String  vl = sv.substring(ndx + 1);
--                    this.ordering.addElement(decodeOID(nm, lookUp));
--                    this.values.addElement(vl);
--                    this.added.addElement(TRUE);
-+                    // BEGIN android-changed
-+                    this.elems.add(decodeOID(nm, lookUp), vl, true);
-+                    // END android-changed
-                 }
-             }
-             else
-             {
--                this.ordering.addElement(oid);
--                this.values.addElement(value);
--                this.added.addElement(FALSE);
-+                // BEGIN android-changed
-+                this.elems.add(oid, value);
-+                // END android-changed
-             }
-         }
- 
-         if (reverse)
-         {
--            Vector  o = new Vector();
--            Vector  v = new Vector();
--            Vector  a = new Vector();
--
--            int count = 1;
--
--            for (int i = 0; i < this.ordering.size(); i++)
--            {
--                if (((Boolean)this.added.elementAt(i)).booleanValue())
--                {
--                    o.insertElementAt(this.ordering.elementAt(i), count);
--                    v.insertElementAt(this.values.elementAt(i), count);
--                    a.insertElementAt(this.added.elementAt(i), count);
--                    count++;
--                }
--                else
--                {
--                    o.insertElementAt(this.ordering.elementAt(i), 0);
--                    v.insertElementAt(this.values.elementAt(i), 0);
--                    a.insertElementAt(this.added.elementAt(i), 0);
--                    count = 1;
--                }
--            }
--
--            this.ordering = o;
--            this.values = v;
--            this.added = a;
-+            // BEGIN android-changed
-+            this.elems = this.elems.reverse();
-+            // END android-changed
-         }
-     }
- 
-@@ -752,14 +745,17 @@
-      */
-     public Vector getOIDs()
-     {
-+        // BEGIN android-changed
-         Vector  v = new Vector();
-+        int     size = elems.size();
- 
--        for (int i = 0; i != ordering.size(); i++)
-+        for (int i = 0; i < size; i++)
-         {
--            v.addElement(ordering.elementAt(i));
-+            v.addElement(elems.getKey(i));
-         }
- 
-         return v;
-+        // END android-changed
-     }
- 
-     /**
-@@ -769,11 +765,14 @@
-     public Vector getValues()
-     {
-         Vector  v = new Vector();
-+        // BEGIN android-changed
-+        int     size = elems.size();
- 
--        for (int i = 0; i != values.size(); i++)
-+        for (int i = 0; i != size; i++)
-         {
--            v.addElement(values.elementAt(i));
-+            v.addElement(elems.getValue(i));
-         }
-+        // END android-changed
- 
-         return v;
-     }
-@@ -786,12 +785,14 @@
-         DERObjectIdentifier oid)
-     {
-         Vector  v = new Vector();
-+        int     size = elems.size();
-+        // BEGIN android-changed
- 
--        for (int i = 0; i != values.size(); i++)
-+        for (int i = 0; i != size; i++)
-         {
--            if (ordering.elementAt(i).equals(oid))
-+            if (elems.getKey(i).equals(oid))
-             {
--                String val = (String)values.elementAt(i);
-+                String val = elems.getValue(i);
- 
-                 if (val.length() > 2 && val.charAt(0) == '\\' && val.charAt(1) == '#')
-                 {
-@@ -803,6 +804,7 @@
-                 }
-             }
-         }
-+        // END android-changed
- 
-         return v;
-     }
-@@ -814,20 +816,23 @@
-             ASN1EncodableVector  vec = new ASN1EncodableVector();
-             ASN1EncodableVector  sVec = new ASN1EncodableVector();
-             DERObjectIdentifier  lstOid = null;
-+            // BEGIN android-changed
-+            int                  size = elems.size();
-             
--            for (int i = 0; i != ordering.size(); i++)
-+            for (int i = 0; i != size; i++)
-             {
-                 ASN1EncodableVector     v = new ASN1EncodableVector();
--                DERObjectIdentifier     oid = (DERObjectIdentifier)ordering.elementAt(i);
-+                DERObjectIdentifier     oid = elems.getKey(i);
- 
-                 v.add(oid);
- 
--                String  str = (String)values.elementAt(i);
-+                String  str = elems.getValue(i);
- 
-                 v.add(converter.getConvertedValue(oid, str));
-  
-                 if (lstOid == null 
--                    || ((Boolean)this.added.elementAt(i)).booleanValue())
-+                    || this.elems.getAdded(i))
-+                // END android-changed
-                 {
-                     sVec.add(new DERSequence(v));
-                 }
-@@ -845,6 +850,7 @@
-             vec.add(new DERSet(sVec));
-             
-             seq = new DERSequence(vec);
-+            // END android-changed
-         }
- 
-         return seq;
-@@ -889,22 +895,28 @@
-             return false;
-         }
- 
--        int      orderingSize = ordering.size();
-+        // BEGIN android-changed
-+        int      orderingSize = elems.size();
- 
--        if (orderingSize != other.ordering.size())
-+        if (orderingSize != other.elems.size())
-+        // END android-changed
-         {
-             return false;
-         }
- 
-         for (int i = 0; i < orderingSize; i++)
-         {
--            DERObjectIdentifier  oid = (DERObjectIdentifier)ordering.elementAt(i);
--            DERObjectIdentifier  oOid = (DERObjectIdentifier)other.ordering.elementAt(i);
-+            // BEGIN android-changed
-+            DERObjectIdentifier  oid = elems.getKey(i);
-+            DERObjectIdentifier  oOid = other.elems.getKey(i);
-+            // END android-changed
- 
-             if (oid.equals(oOid))
-             {
--                String value = (String)values.elementAt(i);
--                String oValue = (String)other.values.elementAt(i);
-+                // BEGIN android-changed
-+                String value = elems.getValue(i);
-+                String oValue = other.elems.getValue(i);
-+                // END android-changed
- 
-                 if (!equivalentStrings(value, oValue))
-                 {
-@@ -930,9 +942,9 @@
-         isHashCodeCalculated = true;
- 
-         // this needs to be order independent, like equals
--        for (int i = 0; i != ordering.size(); i += 1)
-+        for (int i = 0; i != elems.size(); i += 1)
-         {
--            String value = (String)values.elementAt(i);
-+            String value = (String)elems.getValue(i);
- 
-             value = canonicalize(value);
-             value = stripInternalSpaces(value);
-@@ -976,9 +988,11 @@
-             return false;
-         }
- 
--        int      orderingSize = ordering.size();
-+        // BEGIN android-changed
-+        int      orderingSize = elems.size();
- 
--        if (orderingSize != other.ordering.size())
-+        if (orderingSize != other.elems.size())
-+            // END android-changed
-         {
-             return false;
-         }
-@@ -986,7 +1000,9 @@
-         boolean[] indexes = new boolean[orderingSize];
-         int       start, end, delta;
- 
--        if (ordering.elementAt(0).equals(other.ordering.elementAt(0)))   // guess forward
-+        // BEGIN android-changed
-+        if (elems.getKey(0).equals(other.elems.getKey(0)))   // guess forward
-+        // END android-changed
-         {
-             start = 0;
-             end = orderingSize;
-@@ -1002,8 +1018,10 @@
-         for (int i = start; i != end; i += delta)
-         {
-             boolean              found = false;
--            DERObjectIdentifier  oid = (DERObjectIdentifier)ordering.elementAt(i);
--            String               value = (String)values.elementAt(i);
-+            // BEGIN android-changed
-+            DERObjectIdentifier  oid = elems.getKey(i);
-+            String               value = elems.getValue(i);
-+            // END android-changed
- 
-             for (int j = 0; j < orderingSize; j++)
-             {
-@@ -1012,11 +1030,15 @@
-                     continue;
-                 }
- 
--                DERObjectIdentifier oOid = (DERObjectIdentifier)other.ordering.elementAt(j);
-+                // BEGIN android-changed
-+                DERObjectIdentifier oOid = other.elems.getKey(j);
-+                // END android-changed
- 
-                 if (oid.equals(oOid))
-                 {
--                    String oValue = (String)other.values.elementAt(j);
-+                    // BEGIN android-changed
-+                    String oValue = other.elems.getValue(j);
-+                    // END android-changed
- 
-                     if (equivalentStrings(value, oValue))
-                     {
-@@ -1181,28 +1203,36 @@
- 
-         StringBuffer ava = null;
- 
--        for (int i = 0; i < ordering.size(); i++)
-+        // BEGIN android-changed
-+        for (int i = 0; i < elems.size(); i++)
-+        // END android-changed
-         {
--            if (((Boolean)added.elementAt(i)).booleanValue())
-+            if (elems.getAdded(i))
-             {
-                 ava.append('+');
-                 appendValue(ava, oidSymbols,
--                    (DERObjectIdentifier)ordering.elementAt(i),
--                    (String)values.elementAt(i));
-+                    // BEGIN android-changed
-+                    elems.getKey(i),
-+                    elems.getValue(i));
-+                    // END android-changed
-             }
-             else
-             {
-                 ava = new StringBuffer();
-                 appendValue(ava, oidSymbols,
--                    (DERObjectIdentifier)ordering.elementAt(i),
--                    (String)values.elementAt(i));
-+                    // BEGIN android-changed
-+                    elems.getKey(i),
-+                    elems.getValue(i));
-+                    // END android-changed
-                 components.addElement(ava);
-             }
-         }
- 
-         if (reverse)
-         {
--            for (int i = components.size() - 1; i >= 0; i--)
-+            // BEGIN android-changed
-+            for (int i = elems.size() - 1; i >= 0; i--)
-+            // END android-changed
-             {
-                 if (first)
-                 {
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java	2011-09-01 17:21:06.000000000 +0000
-@@ -0,0 +1,206 @@
-+package org.bouncycastle.asn1.x509;
-+
-+import java.util.ArrayList;
-+import java.util.BitSet;
-+import org.bouncycastle.asn1.DERObjectIdentifier;
-+
-+// BEGIN android-note
-+// This class was extracted from X509Name as a way to keep the element
-+// list in a more controlled fashion.
-+// END android-note
-+
-+/**
-+ * List of elements of an X509 name. Each element has a key, a value, and
-+ * an "added" flag.
-+ */
-+public class X509NameElementList {
-+    /** null-ok; key #0 */
-+    private DERObjectIdentifier key0;
-+    
-+    /** null-ok; key #1 */
-+    private DERObjectIdentifier key1;
-+
-+    /** null-ok; key #2 */
-+    private DERObjectIdentifier key2;
-+
-+    /** null-ok; key #3 */
-+    private DERObjectIdentifier key3;
-+    
-+    /** null-ok; value #0 */
-+    private String value0;
-+    
-+    /** null-ok; value #1 */
-+    private String value1;
-+
-+    /** null-ok; value #2 */
-+    private String value2;
-+
-+    /** null-ok; value #3 */
-+    private String value3;
-+    
-+    /**
-+     * null-ok; array of additional keys and values, alternating
-+     * key then value, etc. 
-+     */
-+    private ArrayList<Object> rest;
-+
-+    /** bit vector for all the "added" bits */
-+    private BitSet added = new BitSet();
-+
-+    /** &gt;= 0; number of elements in the list */
-+    private int size;
-+
-+    // Note: Default public constructor.
-+    
-+    /**
-+     * Adds an element. The "added" flag is set to false for the element.
-+     * 
-+     * @param key non-null; the key
-+     * @param value non-null; the value
-+     */
-+    public void add(DERObjectIdentifier key, String value) {
-+        add(key, value, false);
-+    }
-+
-+    /**
-+     * Adds an element.
-+     * 
-+     * @param key non-null; the key
-+     * @param value non-null; the value
-+     * @param added the added bit
-+     */
-+    public void add(DERObjectIdentifier key, String value, boolean added) {
-+        if (key == null) {
-+            throw new NullPointerException("key == null");
-+        }
-+
-+        if (value == null) {
-+            throw new NullPointerException("value == null");
-+        }
-+
-+        int sz = size;
-+
-+        switch (sz) {
-+            case 0: {
-+                key0 = key;
-+                value0 = value;
-+                break;
-+            }
-+            case 1: {
-+                key1 = key;
-+                value1 = value;
-+                break;
-+            }
-+            case 2: {
-+                key2 = key;
-+                value2 = value;
-+                break;
-+            }
-+            case 3: {
-+                key3 = key;
-+                value3 = value;
-+                break;
-+            }
-+            case 4: {
-+                // Do initial allocation of rest.
-+                rest = new ArrayList<Object>();
-+                // Fall through...
-+            }
-+            default: {
-+                rest.add(key);
-+                rest.add(value);
-+                break;
-+            }
-+        }
-+
-+        if (added) {
-+            this.added.set(sz);
-+        }
-+        
-+        size = sz + 1;
-+    }
-+
-+    /**
-+     * Sets the "added" flag on the most recently added element.
-+     */
-+    public void setLastAddedFlag() {
-+        added.set(size - 1);
-+    }
-+
-+    /**
-+     * Gets the number of elements in this instance.
-+     */
-+    public int size() {
-+        return size;
-+    }
-+    
-+    /**
-+     * Gets the nth key.
-+     * 
-+     * @param n index
-+     * @return non-null; the nth key
-+     */
-+    public DERObjectIdentifier getKey(int n) {
-+        if ((n < 0) || (n >= size)) {
-+            throw new IndexOutOfBoundsException(Integer.toString(n));
-+        }
-+
-+        switch (n) {
-+            case 0: return key0;
-+            case 1: return key1;
-+            case 2: return key2;
-+            case 3: return key3;
-+            default: return (DERObjectIdentifier) rest.get((n - 4) * 2);
-+        }
-+    }
-+
-+    /**
-+     * Gets the nth value.
-+     * 
-+     * @param n index
-+     * @return non-null; the nth value
-+     */
-+    public String getValue(int n) {
-+        if ((n < 0) || (n >= size)) {
-+            throw new IndexOutOfBoundsException(Integer.toString(n));
-+        }
-+
-+        switch (n) {
-+            case 0: return value0;
-+            case 1: return value1;
-+            case 2: return value2;
-+            case 3: return value3;
-+            default: return (String) rest.get(((n - 4) * 2) + 1);
-+        }
-+    }
-+
-+    /**
-+     * Gets the nth added flag bit.
-+     * 
-+     * @param n index
-+     * @return the nth added flag bit
-+     */
-+    public boolean getAdded(int n) {
-+        if ((n < 0) || (n >= size)) {
-+            throw new IndexOutOfBoundsException(Integer.toString(n));
-+        }
-+
-+        return added.get(n);
-+    }
-+
-+    /**
-+     * Constructs and returns a new instance which consists of the
-+     * elements of this one in reverse order
-+     * 
-+     * @return non-null; the reversed instance
-+     */
-+    public X509NameElementList reverse() {
-+        X509NameElementList result = new X509NameElementList();
-+            
-+        for (int i = size - 1; i >= 0; i--) {
-+            result.add(getKey(i), getValue(i), getAdded(i));
-+        }
-+
-+        return result;
-+    }
-+}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java
---- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2011-09-08 21:28:50.000000000 +0000
 @@ -58,6 +58,17 @@
                  }
                  else
@@ -2374,9 +500,9 @@
 -}
 +}
 \ No newline at end of file
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java	2011-09-08 21:28:49.000000000 +0000
 @@ -136,7 +136,8 @@
      public static byte[] PKCS12PasswordToBytes(
          char[]  password)
@@ -2394,10 +520,10 @@
 +        // END android-changed
      }
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java	2011-09-01 17:21:06.000000000 +0000
-@@ -0,0 +1,122 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java	1970-01-01 00:00:00.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java	2011-09-08 21:28:49.000000000 +0000
+@@ -0,0 +1,159 @@
 +/*
 + * Copyright (C) 2008 The Android Open Source Project
 + *
@@ -2430,12 +556,24 @@
 +    private final String algorithm;
 +
 +    /**
-+     * Holds the OpenSSL name of the hashing algorithm, e.g. "sha1";
++     * Holds the EVP_MD for the hashing algorithm, e.g. EVP_get_digestbyname("sha1");
 +     */
-+    private final String openssl;
++    private final int evp_md;
 +
 +    /**
-+     * Holds a pointer to the native message digest context.
++     * Holds the output size of the message digest.
++     */
++    private final int size;
++
++    /**
++     * Holds the block size of the message digest.
++     */
++    private final int blockSize;
++
++    /**
++     * Holds a pointer to the native message digest context. It is
++     * lazily initialized to avoid having to reallocate on reset when
++     * its unlikely to be reused.
 +     */
 +    private int ctx;
 +
@@ -2447,25 +585,12 @@
 +    /**
 +     * Creates a new OpenSSLMessageDigest instance for the given algorithm
 +     * name.
-+     *
-+     * @param algorithm The standard name of the algorithm, e.g. "SHA-1".
-+     * @param algorithm The name of the openssl algorithm, e.g. "sha1".
 +     */
-+    private OpenSSLDigest(String algorithm, String openssl) {
++    private OpenSSLDigest(String algorithm, int evp_md, int size, int blockSize) {
 +        this.algorithm = algorithm;
-+        this.openssl = openssl;
-+        ctx = NativeCrypto.EVP_MD_CTX_create();
-+        try {
-+            NativeCrypto.EVP_DigestInit(ctx, openssl);
-+        } catch (Exception ex) {
-+            throw new RuntimeException(ex.getMessage() + " (" + algorithm + ")");
-+        }
-+    }
-+
-+    public int doFinal(byte[] out, int outOff) {
-+        int i = NativeCrypto.EVP_DigestFinal(ctx, out, outOff);
-+        reset();
-+        return i;
++        this.evp_md = evp_md;
++        this.size = size;
++        this.blockSize = blockSize;
 +    }
 +
 +    public String getAlgorithmName() {
@@ -2473,56 +598,94 @@
 +    }
 +
 +    public int getDigestSize() {
-+        return NativeCrypto.EVP_MD_CTX_size(ctx);
++        return size;
 +    }
 +
 +    public int getByteLength() {
-+        return NativeCrypto.EVP_MD_CTX_block_size(ctx);
++        return blockSize;
 +    }
 +
 +    public void reset() {
-+        NativeCrypto.EVP_DigestInit(ctx, openssl);
++        free();
 +    }
 +
 +    public void update(byte in) {
 +        singleByte[0] = in;
-+        NativeCrypto.EVP_DigestUpdate(ctx, singleByte, 0, 1);
++        update(singleByte, 0, 1);
 +    }
 +
 +    public void update(byte[] in, int inOff, int len) {
-+        NativeCrypto.EVP_DigestUpdate(ctx, in, inOff, len);
++        NativeCrypto.EVP_DigestUpdate(getCtx(), in, inOff, len);
++    }
++
++    public int doFinal(byte[] out, int outOff) {
++        int i = NativeCrypto.EVP_DigestFinal(getCtx(), out, outOff);
++        ctx = 0; // EVP_DigestFinal frees the context as a side effect
++        reset();
++        return i;
++    }
++
++    private int getCtx() {
++        if (ctx == 0) {
++            ctx = NativeCrypto.EVP_DigestInit(evp_md);
++        }
++        return ctx;
++    }
++
++    private void free() {
++        if (ctx != 0) {
++            NativeCrypto.EVP_MD_CTX_destroy(ctx);
++            ctx = 0;
++        }
 +    }
 +
 +    @Override
 +    protected void finalize() throws Throwable {
-+        super.finalize();
-+        NativeCrypto.EVP_MD_CTX_destroy(ctx);
-+        ctx = 0;
++        try {
++            free();
++        } finally {
++            super.finalize();
++        }
 +    }
 +
 +    public static class MD5 extends OpenSSLDigest {
-+        public MD5() { super("MD5", "md5"); }
++        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("md5");
++        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
++        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
++        public MD5() { super("MD5", EVP_MD, SIZE, BLOCK_SIZE); }
 +    }
 +
 +    public static class SHA1 extends OpenSSLDigest {
-+        public SHA1() { super("SHA-1", "sha1"); }
++        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha1");
++        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
++        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
++        public SHA1() { super("SHA-1", EVP_MD, SIZE, BLOCK_SIZE); }
 +    }
 +
 +    public static class SHA256 extends OpenSSLDigest {
-+        public SHA256() { super("SHA-256", "sha256"); }
++        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha256");
++        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
++        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
++        public SHA256() { super("SHA-256", EVP_MD, SIZE, BLOCK_SIZE); }
 +    }
 +
 +    public static class SHA384 extends OpenSSLDigest {
-+        public SHA384() { super("SHA-384", "sha384"); }
++        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha384");
++        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
++        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
++        public SHA384() { super("SHA-384", EVP_MD, SIZE, BLOCK_SIZE); }
 +    }
 +
 +    public static class SHA512 extends OpenSSLDigest {
-+        public SHA512() { super("SHA-512", "sha512"); }
++        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha512");
++        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
++        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
++        public SHA512() { super("SHA-512", EVP_MD, SIZE, BLOCK_SIZE); }
 +    }
 +}
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/engines/RC2Engine.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java	2011-09-08 21:28:49.000000000 +0000
 @@ -313,4 +313,4 @@
          out[outOff + 6] = (byte)x76;
          out[outOff + 7] = (byte)(x76 >> 8);
@@ -2530,9 +693,62 @@
 -}
 +}
 \ No newline at end of file
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java	2011-09-08 21:28:49.000000000 +0000
+@@ -3,10 +3,17 @@
+ import java.math.BigInteger;
+ import java.security.SecureRandom;
+ 
++// BEGIN android-added
++import java.util.logging.Logger;
++// END android-added
+ import org.bouncycastle.util.BigIntegers;
+ 
+ class DHParametersHelper
+ {
++    // BEGIN android-added
++    private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName());
++    // END android-added
++
+     private static final BigInteger ONE = BigInteger.valueOf(1);
+     private static final BigInteger TWO = BigInteger.valueOf(2);
+ 
+@@ -17,11 +24,19 @@
+      */
+     static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
+     {
++        // BEGIN android-added
++        logger.info("Generating safe primes. This may take a long time.");
++        long start = System.currentTimeMillis();
++        int tries = 0;
++        // END android-added
+         BigInteger p, q;
+         int qLength = size - 1;
+ 
+         for (;;)
+         {
++            // BEGIN android-added
++            tries++;
++            // END android-added
+             q = new BigInteger(qLength, 2, random);
+ 
+             // p <- 2q + 1
+@@ -32,6 +47,11 @@
+                 break;
+             }
+         }
++        // BEGIN android-added
++        long end = System.currentTimeMillis();
++        long duration = end - start;
++        logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms");
++        // END android-added
+ 
+         return new BigInteger[] { p, q };
+     }
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java	2011-09-08 21:28:49.000000000 +0000
 @@ -32,23 +32,23 @@
      {
          blockLengths = new Hashtable();
@@ -2572,9 +788,9 @@
      }
      
      private static int getByteLength(
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java	2011-09-08 21:28:49.000000000 +0000
 @@ -46,8 +46,10 @@
          oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384);
          oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512);
@@ -2588,405 +804,235 @@
          oidMap.put("MD5", PKCSObjectIdentifiers.md5);
      }
  
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2011-09-01 17:21:06.000000000 +0000
-@@ -7,31 +7,39 @@
- import org.bouncycastle.asn1.DERInteger;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2011-09-08 21:28:49.000000000 +0000
+@@ -12,7 +12,9 @@
  import org.bouncycastle.asn1.DERObject;
  import org.bouncycastle.asn1.DERObjectIdentifier;
--import org.bouncycastle.asn1.nist.NISTNamedCurves;
+ import org.bouncycastle.asn1.nist.NISTNamedCurves;
 -import org.bouncycastle.asn1.oiw.ElGamalParameter;
 +// BEGIN android-removed
-+// import org.bouncycastle.asn1.nist.NISTNamedCurves;
 +// import org.bouncycastle.asn1.oiw.ElGamalParameter;
 +// END android-removed
  import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
  import org.bouncycastle.asn1.pkcs.DHParameter;
  import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+@@ -20,7 +22,9 @@
  import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
--import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
--import org.bouncycastle.asn1.sec.SECNamedCurves;
+ import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+ import org.bouncycastle.asn1.sec.SECNamedCurves;
 -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
 +// BEGIN android-removed
-+// import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
-+// import org.bouncycastle.asn1.sec.SECNamedCurves;
 +// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
 +// END android-removed
  import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
  import org.bouncycastle.asn1.x509.DSAParameter;
--import org.bouncycastle.asn1.x9.X962NamedCurves;
--import org.bouncycastle.asn1.x9.X962Parameters;
--import org.bouncycastle.asn1.x9.X9ECParameters;
--import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.x9.X962NamedCurves;
-+// import org.bouncycastle.asn1.x9.X962Parameters;
-+// import org.bouncycastle.asn1.x9.X9ECParameters;
-+// import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
- import org.bouncycastle.crypto.params.DHParameters;
- import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
- import org.bouncycastle.crypto.params.DSAParameters;
+ import org.bouncycastle.asn1.x9.X962NamedCurves;
+@@ -34,8 +38,10 @@
  import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
--import org.bouncycastle.crypto.params.ECDomainParameters;
--import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+ import org.bouncycastle.crypto.params.ECDomainParameters;
+ import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 -import org.bouncycastle.crypto.params.ElGamalParameters;
 -import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
 +// BEGIN android-removed
-+// import org.bouncycastle.crypto.params.ECDomainParameters;
-+// import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 +// import org.bouncycastle.crypto.params.ElGamalParameters;
 +// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
 +// END android-removed
  import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
  
- import java.io.IOException;
-@@ -113,75 +121,77 @@
+ /**
+@@ -103,15 +109,17 @@
  
              return new DHPrivateKeyParameters(derX.getValue(), dhParams);
          }
 -        else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
 -        {
--            ElGamalParameter    params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
--            DERInteger          derX = (DERInteger)keyInfo.getPrivateKey();
--
--            return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(params.getP(), params.getG()));
--        }
--        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
--        {
+-            ElGamalParameter params = new ElGamalParameter(
+-                (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
 -            DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
--            DEREncodable de = keyInfo.getAlgorithmId().getParameters();
 -
--            DSAParameters parameters = null;
--            if (de != null)
--            {
--                DSAParameter params = DSAParameter.getInstance(de.getDERObject());
--                parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
--            }
--
--            return new DSAPrivateKeyParameters(derX.getValue(), parameters);
--        }
--        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
--        {
--            X962Parameters      params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
--            ECDomainParameters  dParams = null;
--            
--            if (params.isNamedCurve())
--            {
--                DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
--                X9ECParameters      ecP = X962NamedCurves.getByOID(oid);
--
--                if (ecP == null)
--                {
--                    ecP = SECNamedCurves.getByOID(oid);
--
--                    if (ecP == null)
--                    {
--                        ecP = NISTNamedCurves.getByOID(oid);
--
--                        if (ecP == null)
--                        {
--                            ecP = TeleTrusTNamedCurves.getByOID(oid);
--                        }
--                    }
--                }
--
--                dParams = new ECDomainParameters(
--                                            ecP.getCurve(),
--                                            ecP.getG(),
--                                            ecP.getN(),
--                                            ecP.getH(),
--                                            ecP.getSeed());
--            }
--            else
--            {
--                X9ECParameters ecP = new X9ECParameters(
--                            (ASN1Sequence)params.getParameters());
--                dParams = new ECDomainParameters(
--                                            ecP.getCurve(),
--                                            ecP.getG(),
--                                            ecP.getN(),
--                                            ecP.getH(),
--                                            ecP.getSeed());
--            }
--
--            ECPrivateKeyStructure   ec = new ECPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey());
--
--            return new ECPrivateKeyParameters(ec.getKey(), dParams);
+-            return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
+-                params.getP(), params.getG()));
 -        }
 +        // BEGIN android-removed
 +        // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
 +        // {
-+        //     ElGamalParameter    params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-+        //     DERInteger          derX = (DERInteger)keyInfo.getPrivateKey();
-+        //
-+        //     return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(params.getP(), params.getG()));
-+        // }
-+        // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
-+        // {
++        //     ElGamalParameter params = new ElGamalParameter(
++        //         (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
 +        //     DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
-+        //     DEREncodable de = keyInfo.getAlgorithmId().getParameters();
 +        //
-+        //     DSAParameters parameters = null;
-+        //     if (de != null)
-+        //     {
-+        //         DSAParameter params = DSAParameter.getInstance(de.getDERObject());
-+        //         parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
-+        //     }
-+        //
-+        //     return new DSAPrivateKeyParameters(derX.getValue(), parameters);
-+        // }
-+        // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
-+        // {
-+        //     X962Parameters      params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
-+        //     ECDomainParameters  dParams = null;
-+        //
-+        //     if (params.isNamedCurve())
-+        //     {
-+        //         DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-+        //         X9ECParameters      ecP = X962NamedCurves.getByOID(oid);
-+        //
-+        //         if (ecP == null)
-+        //         {
-+        //             ecP = SECNamedCurves.getByOID(oid);
-+        //
-+        //             if (ecP == null)
-+        //             {
-+        //                 ecP = NISTNamedCurves.getByOID(oid);
-+        //
-+        //                 if (ecP == null)
-+        //                 {
-+        //                     ecP = TeleTrusTNamedCurves.getByOID(oid);
-+        //                 }
-+        //             }
-+        //         }
-+        //
-+        //         dParams = new ECDomainParameters(
-+        //                                     ecP.getCurve(),
-+        //                                     ecP.getG(),
-+        //                                     ecP.getN(),
-+        //                                     ecP.getH(),
-+        //                                     ecP.getSeed());
-+        //     }
-+        //     else
-+        //     {
-+        //         X9ECParameters ecP = new X9ECParameters(
-+        //                     (ASN1Sequence)params.getParameters());
-+        //         dParams = new ECDomainParameters(
-+        //                                     ecP.getCurve(),
-+        //                                     ecP.getG(),
-+        //                                     ecP.getN(),
-+        //                                     ecP.getH(),
-+        //                                     ecP.getSeed());
-+        //     }
-+        //
-+        //     ECPrivateKeyStructure   ec = new ECPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey());
-+        //
-+        //     return new ECPrivateKeyParameters(ec.getKey(), dParams);
++        //     return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
++        //         params.getP(), params.getG()));
 +        // }
 +        // END android-removed
-         else
+         else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
          {
-             throw new RuntimeException("algorithm identifier in key not recognised");
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java
---- bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java	2011-09-01 17:21:06.000000000 +0000
-@@ -10,32 +10,40 @@
- import org.bouncycastle.asn1.DERObject;
+             DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
+@@ -145,10 +153,12 @@
+                     {
+                         ecP = NISTNamedCurves.getByOID(oid);
+ 
+-                        if (ecP == null)
+-                        {
+-                            ecP = TeleTrusTNamedCurves.getByOID(oid);
+-                        }
++                        // BEGIN android-removed
++                        // if (ecP == null)
++                        // {
++                        //     ecP = TeleTrusTNamedCurves.getByOID(oid);
++                        // }
++                        // END android-removed
+                     }
+                 }
+ 
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java	2011-09-08 21:28:49.000000000 +0000
+@@ -15,12 +15,16 @@
  import org.bouncycastle.asn1.DERObjectIdentifier;
  import org.bouncycastle.asn1.DEROctetString;
--import org.bouncycastle.asn1.nist.NISTNamedCurves;
+ import org.bouncycastle.asn1.nist.NISTNamedCurves;
 -import org.bouncycastle.asn1.oiw.ElGamalParameter;
 +// BEGIN android-removed
-+// import org.bouncycastle.asn1.nist.NISTNamedCurves;
 +// import org.bouncycastle.asn1.oiw.ElGamalParameter;
 +// END android-removed
  import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
  import org.bouncycastle.asn1.pkcs.DHParameter;
  import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
--import org.bouncycastle.asn1.sec.SECNamedCurves;
+ import org.bouncycastle.asn1.sec.SECNamedCurves;
 -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
 +// BEGIN android-removed
-+// import org.bouncycastle.asn1.sec.SECNamedCurves;
 +// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
 +// END android-removed
  import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
  import org.bouncycastle.asn1.x509.DSAParameter;
  import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
- import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
- import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
--import org.bouncycastle.asn1.x9.X962NamedCurves;
--import org.bouncycastle.asn1.x9.X962Parameters;
--import org.bouncycastle.asn1.x9.X9ECParameters;
--import org.bouncycastle.asn1.x9.X9ECPoint;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.x9.X962NamedCurves;
-+// import org.bouncycastle.asn1.x9.X962Parameters;
-+// import org.bouncycastle.asn1.x9.X9ECParameters;
-+// import org.bouncycastle.asn1.x9.X9ECPoint;
-+// END android-removed
- import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
- import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
- import org.bouncycastle.crypto.params.DHParameters;
- import org.bouncycastle.crypto.params.DHPublicKeyParameters;
- import org.bouncycastle.crypto.params.DSAParameters;
+@@ -42,8 +46,10 @@
  import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
--import org.bouncycastle.crypto.params.ECDomainParameters;
--import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+ import org.bouncycastle.crypto.params.ECDomainParameters;
+ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 -import org.bouncycastle.crypto.params.ElGamalParameters;
 -import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
 +// BEGIN android-removed
-+// import org.bouncycastle.crypto.params.ECDomainParameters;
-+// import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 +// import org.bouncycastle.crypto.params.ElGamalParameters;
 +// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
 +// END android-removed
  import org.bouncycastle.crypto.params.RSAKeyParameters;
  
- import java.io.IOException;
-@@ -112,13 +120,15 @@
+ /**
+@@ -139,15 +145,17 @@
  
              return new DHPublicKeyParameters(derY.getValue(), dhParams);
          }
 -        else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
 -        {
--            ElGamalParameter    params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
--            DERInteger          derY = (DERInteger)keyInfo.getPublicKey();
+-            ElGamalParameter params = new ElGamalParameter(
+-                (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
+-            DERInteger derY = (DERInteger)keyInfo.getPublicKey();
 -
--            return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(params.getP(), params.getG()));
+-            return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
+-                params.getP(), params.getG()));
 -        }
 +        // BEGIN android-removed
 +        // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
 +        // {
-+        //     ElGamalParameter    params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-+        //     DERInteger          derY = (DERInteger)keyInfo.getPublicKey();
++        //     ElGamalParameter params = new ElGamalParameter(
++        //         (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
++        //     DERInteger derY = (DERInteger)keyInfo.getPublicKey();
 +        //
-+        //     return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(params.getP(), params.getG()));
++        //     return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
++        //         params.getP(), params.getG()));
 +        // }
 +        // END android-removed
          else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)
-                  || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1))
+             || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1))
          {
-@@ -134,58 +144,60 @@
+@@ -182,10 +190,12 @@
+                     {
+                         ecP = NISTNamedCurves.getByOID(oid);
  
-             return new DSAPublicKeyParameters(derY.getValue(), parameters);
-         }
--        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
--        {
--            X962Parameters      params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
--            ECDomainParameters  dParams = null;
--            
--            if (params.isNamedCurve())
--            {
--                DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
--                X9ECParameters      ecP = X962NamedCurves.getByOID(oid);
--
--                if (ecP == null)
--                {
--                    ecP = SECNamedCurves.getByOID(oid);
--
--                    if (ecP == null)
--                    {
--                        ecP = NISTNamedCurves.getByOID(oid);
--
 -                        if (ecP == null)
 -                        {
 -                            ecP = TeleTrusTNamedCurves.getByOID(oid);
 -                        }
--                    }
--                }
--
--                dParams = new ECDomainParameters(
--                                            ecP.getCurve(),
--                                            ecP.getG(),
--                                            ecP.getN(),
--                                            ecP.getH(),
--                                            ecP.getSeed());
--            }
--            else
++                        // BEGIN android-removed
++                        // if (ecP == null)
++                        // {
++                        //     ecP = TeleTrusTNamedCurves.getByOID(oid);
++                        // }
++                        // END android-removed
+                     }
+                 }
+ 
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java	2011-09-08 21:28:49.000000000 +0000
+@@ -3,7 +3,9 @@
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.nist.NISTNamedCurves;
+ import org.bouncycastle.asn1.sec.SECNamedCurves;
+-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.x9.X962NamedCurves;
+ import org.bouncycastle.asn1.x9.X9ECParameters;
+ import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+@@ -55,21 +57,23 @@
+             }
+         }
+ 
+-        if (ecP == null)
+-        {
+-            ecP = TeleTrusTNamedCurves.getByName(name);
+-            if (ecP == null)
 -            {
--                X9ECParameters ecP = new X9ECParameters(
--                            (ASN1Sequence)params.getParameters());
--                dParams = new ECDomainParameters(
--                                            ecP.getCurve(),
--                                            ecP.getG(),
--                                            ecP.getN(),
--                                            ecP.getH(),
--                                            ecP.getSeed());
+-                try
+-                {
+-                    ecP = TeleTrusTNamedCurves.getByOID(new DERObjectIdentifier(name));
+-                }
+-                catch (IllegalArgumentException e)
+-                {
+-                    // ignore - not an oid
+-                }
 -            }
--
--            DERBitString    bits = keyInfo.getPublicKeyData();
--            byte[]          data = bits.getBytes();
--            ASN1OctetString key = new DEROctetString(data);
--
--            X9ECPoint       derQ = new X9ECPoint(dParams.getCurve(), key);
--            
--            return new ECPublicKeyParameters(derQ.getPoint(), dParams);
 -        }
 +        // BEGIN android-removed
-+        // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
++        // if (ecP == null)
 +        // {
-+        //     X962Parameters      params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
-+        //     ECDomainParameters  dParams = null;
-+        //
-+        //     if (params.isNamedCurve())
++        //     ecP = TeleTrusTNamedCurves.getByName(name);
++        //     if (ecP == null)
 +        //     {
-+        //         DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-+        //         X9ECParameters      ecP = X962NamedCurves.getByOID(oid);
-+        //
-+        //         if (ecP == null)
++        //         try
 +        //         {
-+        //             ecP = SECNamedCurves.getByOID(oid);
-+        //
-+        //             if (ecP == null)
-+        //             {
-+        //                 ecP = NISTNamedCurves.getByOID(oid);
-+        //
-+        //                 if (ecP == null)
-+        //                 {
-+        //                     ecP = TeleTrusTNamedCurves.getByOID(oid);
-+        //                 }
-+        //             }
++        //             ecP = TeleTrusTNamedCurves.getByOID(new DERObjectIdentifier(name));
 +        //         }
-+        //
-+        //         dParams = new ECDomainParameters(
-+        //                                     ecP.getCurve(),
-+        //                                     ecP.getG(),
-+        //                                     ecP.getN(),
-+        //                                     ecP.getH(),
-+        //                                     ecP.getSeed());
++        //         catch (IllegalArgumentException e)
++        //         {
++        //             // ignore - not an oid
++        //         }
 +        //     }
-+        //     else
-+        //     {
-+        //         X9ECParameters ecP = new X9ECParameters(
-+        //                     (ASN1Sequence)params.getParameters());
-+        //         dParams = new ECDomainParameters(
-+        //                                     ecP.getCurve(),
-+        //                                     ecP.getG(),
-+        //                                     ecP.getN(),
-+        //                                     ecP.getH(),
-+        //                                     ecP.getSeed());
-+        //     }
-+        //
-+        //     DERBitString    bits = keyInfo.getPublicKeyData();
-+        //     byte[]          data = bits.getBytes();
-+        //     ASN1OctetString key = new DEROctetString(data);
-+        //
-+        //     X9ECPoint       derQ = new X9ECPoint(dParams.getCurve(), key);
-+        //
-+        //     return new ECPublicKeyParameters(derQ.getPoint(), dParams);
 +        // }
 +        // END android-removed
-         else
+ 
+         if (ecP == null)
          {
-             throw new RuntimeException("algorithm identifier in key not recognised");
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java	2011-09-01 17:21:06.000000000 +0000
-@@ -78,8 +78,11 @@
+@@ -102,7 +106,9 @@
+         addEnumeration(v, X962NamedCurves.getNames());
+         addEnumeration(v, SECNamedCurves.getNames());
+         addEnumeration(v, NISTNamedCurves.getNames());
+-        addEnumeration(v, TeleTrusTNamedCurves.getNames());
++        // BEGIN android-removed
++        // addEnumeration(v, TeleTrusTNamedCurves.getNames());
++        // END android-removed
+ 
+         return v.elements();
+     }
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java	2011-09-08 21:28:49.000000000 +0000
+@@ -80,15 +80,20 @@
  
      static
      {
@@ -3000,8 +1046,91 @@
          algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
          algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
          algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
-@@ -129,7 +132,10 @@
-         oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
+         algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+         algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++        // BEGIN android-removed
++        // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++        // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++        // END android-removed
+         algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+         algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+         algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
+@@ -96,57 +101,78 @@
+         algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+         algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+         algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
++        // BEGIN android-removed
++        // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
++        // END android-removed
+         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+         algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
+-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++        // BEGIN android-removed
++        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
++        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
++        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
++        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
++        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++        // END android-removed
+         algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
+         algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
+-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
++        // BEGIN android-removed
++        // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
++        // END android-removed
+         algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
+         algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
+         algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
+         algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
+-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
++        // BEGIN android-removed
++        // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
++        // END android-removed
+         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
+         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
+         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
+         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
+-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+-        algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // BEGIN android-removed
++        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++        // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // END android-removed
+ 
+         //
+         // reverse mappings
+         //
+         oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
+-        oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
++        // BEGIN android-removed
++        // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
++        // END android-removed
+         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
+         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
+         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
+-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
+-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
++        // BEGIN android-removed
++        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
++        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
++        // END android-removed
          
          oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
 -        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
@@ -3011,8 +1140,49 @@
 +        // END android-removed
          oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
          oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
-         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
-@@ -168,19 +174,29 @@
+-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
++        // BEGIN android-removed
++        // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
++        // END android-removed
+         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
+         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
+         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
+         oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
+         oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA");
+-        oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
++        // BEGIN android-removed
++        // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
++        // END android-removed
+         oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
+         
+         //
+@@ -160,35 +186,53 @@
+         // The parameters field SHALL be NULL for RSA based signature algorithms.
+         //
+         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
+-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
++        // BEGIN android-removed
++        // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
++        // END android-removed
+         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
+         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
+         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
+         noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
+-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
++        // BEGIN android-removed
++        // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
++        // END android-removed
+         noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
+ 
+         //
+         // RFC 4491
+         //
+-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // BEGIN android-removed
++        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // END android-removed
          //
          // explicit params
          //
@@ -3023,12 +1193,16 @@
          params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
  
 -        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull());
-+        // BEGIN android-changed
-+        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
-+        // END android-changed
-         params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
- 
+-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+-
 -        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull());
++        // BEGIN android-removed
++        // // BEGIN android-changed
++        // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
++        // // END android-changed
++        // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
++        // END android-removed
++
 +        // BEGIN android-changed
 +        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
 +        // END android-changed
@@ -3047,35 +1221,97 @@
          params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64));
      }
  
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2011-09-01 17:21:06.000000000 +0000
-@@ -53,7 +53,12 @@
+@@ -594,10 +638,12 @@
+         {
+             return "SHA1";
+         }
+-        else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
+-        {
+-            return "SHA224";
+-        }
++        // BEGIN android-removed
++        // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
++        // {
++        //     return "SHA224";
++        // }
++        // END android-removed
+         else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
+         {
+             return "SHA256";
+@@ -610,22 +656,24 @@
+         {
+             return "SHA512";
+         }
+-        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+-        {
+-            return "RIPEMD128";
+-        }
+-        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+-        {
+-            return "RIPEMD160";
+-        }
+-        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+-        {
+-            return "RIPEMD256";
+-        }
+-        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+-        {
+-            return "GOST3411";
+-        }
++        // BEGIN android-removed
++        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
++        // {
++        //     return "RIPEMD128";
++        // }
++        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
++        // {
++        //     return "RIPEMD160";
++        // }
++        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
++        // {
++        //     return "RIPEMD256";
++        // }
++        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
++        // {
++        //     return "GOST3411";
++        // }
++        // END android-removed
+         else
+         {
+             return digestAlgOID.getId();            
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2011-09-08 21:28:49.000000000 +0000
+@@ -45,7 +45,10 @@
+ {
+     private static String info = "BouncyCastle Security Provider v1.46";
+ 
+-    public static String PROVIDER_NAME = "BC";
++    // BEGIN android-changed
++    //     this constant should be final
++    public static final String PROVIDER_NAME = "BC";
++    // END android-changed
+ 
+     /*
+      * Configurable symmetric ciphers
+@@ -53,8 +56,14 @@
      private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.symmetric.";
      private static final String[] SYMMETRIC_CIPHERS =
      {
--        "AES", "Camellia", "CAST5", "Grainv1", "Grain128", "IDEA", "Noekeon", "SEED"
+-        "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DESede", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
+-        "Noekeon", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
 +        // BEGIN android-removed
-+        // "AES", "Camellia", "CAST5", "Grainv1", "Grain128", "IDEA", "Noekeon", "SEED"
++        // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DESede", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
++        // "Noekeon", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
 +        // END android-removed
 +        // BEGIN android-added
-+        "AES",
++        "AES", "ARC4", "Blowfish", "DESede",
 +        // END android-added
++
      };
  
      /*
-@@ -62,7 +67,9 @@
-     private static final String ASYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.asymmetric.";
-     private static final String[] ASYMMETRIC_CIPHERS =
-     {
--        "EC"
-+        // BEGIN android-removed
-+        // "EC"
-+        // END android-removed
-     };
- 
-     /**
-@@ -89,26 +96,28 @@
+@@ -90,26 +99,28 @@
          loadAlgorithms(SYMMETRIC_CIPHER_PACKAGE, SYMMETRIC_CIPHERS);
          loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS);
  
@@ -3124,7 +1360,7 @@
  
  
          //
-@@ -117,14 +126,24 @@
+@@ -118,14 +129,24 @@
          put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore");
          put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore");
          put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore");
@@ -3157,7 +1393,7 @@
  
          put("Alg.Alias.KeyStore.UBER", "BouncyCastle");
          put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle");
-@@ -141,44 +160,63 @@
+@@ -142,44 +163,63 @@
          //
          put("AlgorithmParameterGenerator.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DH");
          put("AlgorithmParameterGenerator.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DSA");
@@ -3245,7 +1481,7 @@
          put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE");
          put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE");
          put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE");
-@@ -192,7 +230,7 @@
+@@ -193,7 +233,7 @@
          put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE");
          put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE");
          put("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE");
@@ -3254,7 +1490,7 @@
          put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE");
          put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE");
          put("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE");
-@@ -202,22 +240,24 @@
+@@ -203,22 +243,24 @@
  
          put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
          
@@ -3295,7 +1531,7 @@
          
          put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE");
          put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE");
-@@ -234,12 +274,14 @@
+@@ -235,12 +277,14 @@
          put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE");
          put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE");
          put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE");
@@ -3316,95 +1552,38 @@
          
          //
          // key agreement
-@@ -252,97 +294,129 @@
+@@ -252,71 +296,91 @@
+         // cipher engines
          //
          put("Cipher.DES", "org.bouncycastle.jce.provider.JCEBlockCipher$DES");
-         put("Cipher.DESEDE", "org.bouncycastle.jce.provider.JCEBlockCipher$DESede");
--        put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESedeCBC");
 -        put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC");
-+        // BEGIN android-removed
-+        // put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESedeCBC");
-+        // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC");
-+        // END android-removed
-         put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$DESEDEWrap");
--        put("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "org.bouncycastle.jce.provider.WrapCipherSpi$DESEDEWrap");
--        put("Cipher.SKIPJACK", "org.bouncycastle.jce.provider.JCEBlockCipher$Skipjack");
-+        // BEGIN android-changed
-+        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
-+        // END android-changed
-+        // BEGIN android-removed
-+        // put("Cipher.SKIPJACK", "org.bouncycastle.jce.provider.JCEBlockCipher$Skipjack");
-+        // END android-removed
-         put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Blowfish");
--        put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.JCEBlockCipher$BlowfishCBC");
--        put("Cipher.TWOFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Twofish");
+-
 -        put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2");
 -        put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
 -        put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
+-
+-        put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC");
 +        // BEGIN android-removed
-+        // put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.JCEBlockCipher$BlowfishCBC");
-+        // put("Cipher.TWOFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Twofish");
++        // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC");
++        //
 +        // put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2");
 +        // put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
 +        // put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
-+        // END android-removed
-         put("Cipher.ARC4", "org.bouncycastle.jce.provider.JCEStreamCipher$RC4");
-         put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4");
-         put("Alg.Alias.Cipher.ARCFOUR", "ARC4");
-         put("Alg.Alias.Cipher.RC4", "ARC4");
--        put("Cipher.SALSA20", "org.bouncycastle.jce.provider.JCEStreamCipher$Salsa20");
--        put("Cipher.HC128", "org.bouncycastle.jce.provider.JCEStreamCipher$HC128");
--        put("Cipher.HC256", "org.bouncycastle.jce.provider.JCEStreamCipher$HC256");
--        put("Cipher.VMPC", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPC");
--        put("Cipher.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPCKSA3");
--        put("Cipher.RC5", "org.bouncycastle.jce.provider.JCEBlockCipher$RC5");
--        put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC");
--        put("Alg.Alias.Cipher.RC5-32", "RC5");
--        put("Cipher.RC5-64", "org.bouncycastle.jce.provider.JCEBlockCipher$RC564");
--        put("Cipher.RC6", "org.bouncycastle.jce.provider.JCEBlockCipher$RC6");
--        put("Cipher.RIJNDAEL", "org.bouncycastle.jce.provider.JCEBlockCipher$Rijndael");
--        put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RFC3211DESedeWrap");
--        put("Cipher.SERPENT", "org.bouncycastle.jce.provider.JCEBlockCipher$Serpent");
--
--
--        put("Cipher.CAST6", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST6");
-+        // BEGIN android-removed
-+        // put("Cipher.SALSA20", "org.bouncycastle.jce.provider.JCEStreamCipher$Salsa20");
-+        // put("Cipher.HC128", "org.bouncycastle.jce.provider.JCEStreamCipher$HC128");
-+        // put("Cipher.HC256", "org.bouncycastle.jce.provider.JCEStreamCipher$HC256");
-+        // put("Cipher.VMPC", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPC");
-+        // put("Cipher.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPCKSA3");
-+        // put("Cipher.RC5", "org.bouncycastle.jce.provider.JCEBlockCipher$RC5");
++        //
 +        // put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC");
-+        // put("Alg.Alias.Cipher.RC5-32", "RC5");
-+        // put("Cipher.RC5-64", "org.bouncycastle.jce.provider.JCEBlockCipher$RC564");
-+        // put("Cipher.RC6", "org.bouncycastle.jce.provider.JCEBlockCipher$RC6");
-+        // put("Cipher.RIJNDAEL", "org.bouncycastle.jce.provider.JCEBlockCipher$Rijndael");
-+        // put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RFC3211DESedeWrap");
-+        // put("Cipher.SERPENT", "org.bouncycastle.jce.provider.JCEBlockCipher$Serpent");
 +        // END android-removed
-+
-+
-+        // BEGIN android-removed
-+        // put("Cipher.CAST6", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST6");
-+        // END android-removed
+         
          put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES",  "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
          
 -        put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147");
 -        put("Alg.Alias.Cipher.GOST", "GOST28147");
 -        put("Alg.Alias.Cipher.GOST-28147", "GOST28147");
 -        put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc");
--
--        put("Cipher.TEA", "org.bouncycastle.jce.provider.JCEBlockCipher$TEA");
--        put("Cipher.XTEA", "org.bouncycastle.jce.provider.JCEBlockCipher$XTEA");
 +        // BEGIN android-removed
 +        // put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147");
 +        // put("Alg.Alias.Cipher.GOST", "GOST28147");
 +        // put("Alg.Alias.Cipher.GOST-28147", "GOST28147");
 +        // put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc");
-+        //
-+        // put("Cipher.TEA", "org.bouncycastle.jce.provider.JCEBlockCipher$TEA");
-+        // put("Cipher.XTEA", "org.bouncycastle.jce.provider.JCEBlockCipher$XTEA");
 +        // END android-removed
  
          put("Cipher.RSA", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding");
@@ -3436,9 +1615,7 @@
 +        // put("Cipher.RSA/OAEP", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding");
 +        // put("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding");
 +        // put("Cipher.RSA/ISO9796-1", "org.bouncycastle.jce.provider.JCERSACipher$ISO9796d1Padding");
-+        // END android-removed
-+
-+        // BEGIN android-removed
++        //
 +        // put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES");
 +        // put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES");
 +        // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES");
@@ -3460,9 +1637,7 @@
 +        // put("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
 +        // put("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
 +        // put("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
-+        // END android-removed
-+        
-+        // BEGIN android-removed
++        //
 +        // put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1");
 +        // put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1");
 +        // put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL");
@@ -3503,16 +1678,18 @@
 -        put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "Cipher.PBEWITHSHAAND40BITRC2-CBC");
 -        put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "Cipher.PBEWITHSHAAND128BITRC4");
 -        put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "Cipher.PBEWITHSHAAND40BITRC4");
++        // BEGIN android-changed
 +        put("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
 +        put("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
 +        put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC");
 +        put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC");
 +        put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4");
 +        put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4");
++        // END android-changed
  
          put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC");
          put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC");
-@@ -350,7 +424,7 @@
+@@ -324,7 +388,7 @@
          put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC");
          put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC");
          put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC");
@@ -3521,86 +1698,37 @@
          put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
          put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
          put("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
-@@ -372,7 +446,9 @@
+@@ -346,10 +410,12 @@
          put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
          
          put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish");
 -        put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+-
+-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
 +        // BEGIN android-removed
 +        // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
++        //
++        // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
++        // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
 +        // END android-removed
- 
-         put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4");
-         put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4");
-@@ -387,38 +463,49 @@
+         put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
+         put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
+         put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
+@@ -368,13 +434,15 @@
          put("KeyGenerator.DES", "org.bouncycastle.jce.provider.JCEKeyGenerator$DES");
          put("Alg.Alias.KeyGenerator." + OIWObjectIdentifiers.desCBC, "DES");
-         put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede");
--        put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede3");
--        put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede");
--        put("KeyGenerator.SKIPJACK", "org.bouncycastle.jce.provider.JCEKeyGenerator$Skipjack");
-+        // BEGIN android-removed
-+        // put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede3");
-+        // put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede");
-+        // put("KeyGenerator.SKIPJACK", "org.bouncycastle.jce.provider.JCEKeyGenerator$Skipjack");
-+        // END android-removed
-         put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Blowfish");
-         put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
--        put("KeyGenerator.TWOFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Twofish");
+ 
 -        put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
 -        put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
-+        // BEGIN android-removed
-+        // put("KeyGenerator.TWOFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Twofish");
-+        // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
-+        // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
-+        // END android-removed
-         put("KeyGenerator.RC4", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC4");
-         put("Alg.Alias.KeyGenerator.ARC4", "RC4");
--        put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "RC4");
--        put("KeyGenerator.RC5", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC5");
--        put("Alg.Alias.KeyGenerator.RC5-32", "RC5");
--        put("KeyGenerator.RC5-64", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC564");
--        put("KeyGenerator.RC6", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC6");
--        put("KeyGenerator.RIJNDAEL", "org.bouncycastle.jce.provider.JCEKeyGenerator$Rijndael");
--
--        put("KeyGenerator.SERPENT", "org.bouncycastle.jce.provider.JCEKeyGenerator$Serpent");
--        put("KeyGenerator.SALSA20", "org.bouncycastle.jce.provider.JCEKeyGenerator$Salsa20");
--        put("KeyGenerator.HC128", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC128");
--        put("KeyGenerator.HC256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC256");
--        put("KeyGenerator.VMPC", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPC");
--        put("KeyGenerator.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPCKSA3");
--
--        put("KeyGenerator.CAST6", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST6");
--        put("KeyGenerator.TEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$TEA");
--        put("KeyGenerator.XTEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$XTEA");
 -
 -        put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147");
 -        put("Alg.Alias.KeyGenerator.GOST", "GOST28147");
 -        put("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147");
 -        put("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_cbc, "GOST28147");
-+        // BEGIN android-added
-+        put("Alg.Alias.KeyGenerator.ARCFOUR", "RC4");
-+        // END android-added
 +        // BEGIN android-removed
-+        // put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "RC4");
-+        // put("KeyGenerator.RC5", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC5");
-+        // put("Alg.Alias.KeyGenerator.RC5-32", "RC5");
-+        // put("KeyGenerator.RC5-64", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC564");
-+        // put("KeyGenerator.RC6", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC6");
-+        // put("KeyGenerator.RIJNDAEL", "org.bouncycastle.jce.provider.JCEKeyGenerator$Rijndael");
-+        //
-+        // put("KeyGenerator.SERPENT", "org.bouncycastle.jce.provider.JCEKeyGenerator$Serpent");
-+        // put("KeyGenerator.SALSA20", "org.bouncycastle.jce.provider.JCEKeyGenerator$Salsa20");
-+        // put("KeyGenerator.HC128", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC128");
-+        // put("KeyGenerator.HC256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC256");
-+        // put("KeyGenerator.VMPC", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPC");
-+        // put("KeyGenerator.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPCKSA3");
-+        // END android-removed
-+
-+        // BEGIN android-removed
-+        // put("KeyGenerator.CAST6", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST6");
-+        // put("KeyGenerator.TEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$TEA");
-+        // put("KeyGenerator.XTEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$XTEA");
++        // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
++        // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
 +        //
 +        // put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147");
 +        // put("Alg.Alias.KeyGenerator.GOST", "GOST28147");
@@ -3610,7 +1738,7 @@
  
          //
          // key pair generators.
-@@ -426,14 +513,18 @@
+@@ -382,14 +450,18 @@
          put("KeyPairGenerator.RSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$RSA");
          put("KeyPairGenerator.DH", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DH");
          put("KeyPairGenerator.DSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DSA");
@@ -3633,7 +1761,7 @@
  
          //
          // key factories
-@@ -441,20 +532,24 @@
+@@ -397,20 +469,24 @@
          put("KeyFactory.RSA", "org.bouncycastle.jce.provider.JDKKeyFactory$RSA");
          put("KeyFactory.DH", "org.bouncycastle.jce.provider.JDKKeyFactory$DH");
          put("KeyFactory.DSA", "org.bouncycastle.jce.provider.JDKKeyFactory$DSA");
@@ -3666,51 +1794,50 @@
  
          //
          // Algorithm parameters
-@@ -462,16 +557,22 @@
+@@ -418,24 +494,34 @@
          put("AlgorithmParameters.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
          put("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES");
          put("AlgorithmParameters.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
 -        put("AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
 -        put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
 -        put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
--        put("AlgorithmParameters.RC5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
--        put("AlgorithmParameters.RC6", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
 +        // BEGIN android-changed
 +        put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
 +        // END android-changed
 +        // BEGIN android-removed
 +        // put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
 +        // put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
-+        // put("AlgorithmParameters.RC5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-+        // put("AlgorithmParameters.RC6", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
 +        // END android-removed
-         put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-         put("Alg.Alias.AlgorithmParameters.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
--        put("AlgorithmParameters.TWOFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
--        put("AlgorithmParameters.SKIPJACK", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
--        put("AlgorithmParameters.RIJNDAEL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-+        // BEGIN android-removed
-+        // put("AlgorithmParameters.TWOFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-+        // put("AlgorithmParameters.SKIPJACK", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-+        // put("AlgorithmParameters.RIJNDAEL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-+        // END android-removed
- 
          
          //
-@@ -479,8 +580,10 @@
+         // secret key factories.
          //
          put("SecretKeyFactory.DES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DES");
-         put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DESede");
 -        put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES");
--        put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
+-
+-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
 +        // BEGIN android-removed
 +        // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES");
++        // END android-removed
++
++        // BEGIN android-removed
++        // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
++        // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
++        // END android-removed
+         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
+         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
+         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
+         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2");
+ 
+-        put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
++        // BEGIN android-removed
 +        // put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
 +        // END android-removed
          put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES");
          put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2");
          put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES");
-@@ -492,31 +595,41 @@
+@@ -447,31 +533,41 @@
          put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2");
          put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2");
          put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish");
@@ -3767,7 +1894,7 @@
          put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
          put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
          put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
-@@ -553,6 +666,10 @@
+@@ -508,6 +604,10 @@
          put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC");
          put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC");
          put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC");
@@ -3778,7 +1905,7 @@
  
          addMacAlgorithms();
  
-@@ -561,16 +678,23 @@
+@@ -516,16 +616,23 @@
          addSignatureAlgorithms();
  
      // Certification Path API
@@ -3809,7 +1936,7 @@
      }
  
      private void loadAlgorithms(String packageName, String[] names)
-@@ -631,68 +755,72 @@
+@@ -586,42 +693,46 @@
      //
      private void addMacAlgorithms()
      {
@@ -3818,49 +1945,23 @@
 -        put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8");
 -        put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
 -
--        put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.JCEMac$DESede");
--        put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
--        put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESedeCFB8");
--        put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
--        
 -        put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
 -        put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
--        
--        put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.JCEMac$DESede64");
--        put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
--
--        put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DESede64with7816d4");
--        put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
--        put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
--        put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
 -
 -        put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
 -        put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
 -        put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4");
 -        put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
 -
--        put("Mac.SKIPJACKMAC", "org.bouncycastle.jce.provider.JCEMac$Skipjack");
--        put("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC");
--        put("Mac.SKIPJACKMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$SkipjackCFB8");
--        put("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8");
--
 -        put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2");
 -        put("Alg.Alias.Mac.RC2", "RC2MAC");
 -        put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8");
 -        put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
 -
--        put("Mac.RC5MAC", "org.bouncycastle.jce.provider.JCEMac$RC5");
--        put("Alg.Alias.Mac.RC5", "RC5MAC");
--        put("Mac.RC5MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC5CFB8");
--        put("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8");
 -
 -        put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147");
 -        put("Alg.Alias.Mac.GOST28147", "GOST28147MAC");
 -
--        put("Mac.VMPCMAC", "org.bouncycastle.jce.provider.JCEMac$VMPC");
--        put("Alg.Alias.Mac.VMPC", "VMPCMAC");
--        put("Alg.Alias.Mac.VMPC-MAC", "VMPCMAC");
--
 -        put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384");
 -
 -        put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512");
@@ -3873,49 +1974,23 @@
 +        // put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8");
 +        // put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
 +        //
-+        // put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.JCEMac$DESede");
-+        // put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
-+        // put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESedeCFB8");
-+        // put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
-+        //
 +        // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
 +        // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
 +        //
-+        // put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.JCEMac$DESede64");
-+        // put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
-+        //
-+        // put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DESede64with7816d4");
-+        // put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-+        // put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-+        // put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-+        //
 +        // put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
 +        // put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
 +        // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4");
 +        // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
 +        //
-+        // put("Mac.SKIPJACKMAC", "org.bouncycastle.jce.provider.JCEMac$Skipjack");
-+        // put("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC");
-+        // put("Mac.SKIPJACKMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$SkipjackCFB8");
-+        // put("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8");
-+        //
 +        // put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2");
 +        // put("Alg.Alias.Mac.RC2", "RC2MAC");
 +        // put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8");
 +        // put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
 +        //
-+        // put("Mac.RC5MAC", "org.bouncycastle.jce.provider.JCEMac$RC5");
-+        // put("Alg.Alias.Mac.RC5", "RC5MAC");
-+        // put("Mac.RC5MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC5CFB8");
-+        // put("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8");
 +        //
 +        // put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147");
 +        // put("Alg.Alias.Mac.GOST28147", "GOST28147MAC");
 +        //
-+        // put("Mac.VMPCMAC", "org.bouncycastle.jce.provider.JCEMac$VMPC");
-+        // put("Alg.Alias.Mac.VMPC", "VMPCMAC");
-+        // put("Alg.Alias.Mac.VMPC-MAC", "VMPCMAC");
-+        //
 +        // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384");
 +        //
 +        // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512");
@@ -3938,7 +2013,7 @@
          addHMACAlgorithm("SHA256", "org.bouncycastle.jce.provider.JCEMac$SHA256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA256");
          addHMACAlias("SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256);
          addHMACAlgorithm("SHA384", "org.bouncycastle.jce.provider.JCEMac$SHA384", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA384");
-@@ -700,16 +828,20 @@
+@@ -629,16 +740,20 @@
          addHMACAlgorithm("SHA512", "org.bouncycastle.jce.provider.JCEMac$SHA512", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA512");
          addHMACAlias("SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512);
  
@@ -3966,7 +2041,7 @@
          put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA");
      }
  
-@@ -747,9 +879,11 @@
+@@ -676,9 +791,11 @@
          put("Alg.Alias.MessageDigest.SHA1", "SHA-1");
          put("Alg.Alias.MessageDigest.SHA", "SHA-1");
          put("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA-1");
@@ -3981,7 +2056,7 @@
          put("MessageDigest.SHA-256", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA256");
          put("Alg.Alias.MessageDigest.SHA256", "SHA-256");
          put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256");
-@@ -760,27 +894,31 @@
+@@ -689,27 +806,31 @@
          put("Alg.Alias.MessageDigest.SHA512", "SHA-512");
          put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512");
          
@@ -4032,7 +2107,7 @@
      }
      
      //
-@@ -788,55 +926,70 @@
+@@ -717,55 +838,70 @@
      //
      private void addSignatureAlgorithms()
      {
@@ -4141,7 +2216,7 @@
  
          put("Alg.Alias.Signature.SHA256withRSAEncryption", "SHA256WithRSAEncryption");
          put("Alg.Alias.Signature.SHA384withRSAEncryption", "SHA384WithRSAEncryption");
-@@ -850,24 +1003,30 @@
+@@ -779,24 +915,30 @@
          put("Alg.Alias.Signature.SHA384WITHRSAENCRYPTION", "SHA384WithRSAEncryption");
          put("Alg.Alias.Signature.SHA512WITHRSAENCRYPTION", "SHA512WithRSAEncryption");
  
@@ -4184,7 +2259,7 @@
          put("Alg.Alias.Signature.SHA256WithRSA", "SHA256WithRSAEncryption");
          put("Alg.Alias.Signature.SHA256withRSA", "SHA256WithRSAEncryption");
          put("Alg.Alias.Signature.SHA384WithRSA", "SHA384WithRSAEncryption");
-@@ -877,92 +1036,110 @@
+@@ -806,92 +948,110 @@
          put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSAEncryption");
          put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSAEncryption");
          put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1WithRSAEncryption");
@@ -4277,6 +2352,26 @@
 -        put("Alg.Alias.Signature.GOST3411WITHGOST3410", "GOST3410");
 -        put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410");
 -        put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410");
+-    }
+-
+-    private void addSignatureAlgorithm(
+-        String digest,
+-        String algorithm,
+-        String className,
+-        DERObjectIdentifier oid)
+-    {
+-        String mainName = digest + "WITH" + algorithm;
+-        String jdk11Variation1 = digest + "with" + algorithm;
+-        String jdk11Variation2 = digest + "With" + algorithm;
+-        String alias = digest + "/" + algorithm;
+-
+-        put("Signature." + mainName, className);
+-        put("Alg.Alias.Signature." + jdk11Variation1, mainName);
+-        put("Alg.Alias.Signature." + jdk11Variation2, mainName);
+-        put("Alg.Alias.Signature." + alias, mainName);
+-        put("Alg.Alias.Signature." + oid, mainName);
+-        put("Alg.Alias.Signature.OID." + oid, mainName);
+-    }
 +        // BEGIN android-removed
 +        // put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption");
 +        // put("Alg.Alias.Signature.RMD160WITHRSA", "RIPEMD160WithRSAEncryption");
@@ -4323,26 +2418,8 @@
 +        // put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410");
 +        // put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410");
 +        // END android-removed
-     }
- 
--    private void addSignatureAlgorithm(
--        String digest,
--        String algorithm,
--        String className,
--        DERObjectIdentifier oid)
--    {
--        String mainName = digest + "WITH" + algorithm;
--        String jdk11Variation1 = digest + "with" + algorithm;
--        String jdk11Variation2 = digest + "With" + algorithm;
--        String alias = digest + "/" + algorithm;
--
--        put("Signature." + mainName, className);
--        put("Alg.Alias.Signature." + jdk11Variation1, mainName);
--        put("Alg.Alias.Signature." + jdk11Variation2, mainName);
--        put("Alg.Alias.Signature." + alias, mainName);
--        put("Alg.Alias.Signature." + oid, mainName);
--        put("Alg.Alias.Signature.OID." + oid, mainName);
--    }
++    }
++
 +    // BEGIN android-removed
 +    // private void addSignatureAlgorithm(
 +    //     String digest,
@@ -4366,9 +2443,9 @@
  
      public void setParameter(String parameterName, Object parameter)
      {
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2011-09-08 21:28:49.000000000 +0000
 @@ -24,6 +24,7 @@
  import java.security.spec.DSAPublicKeySpec;
  import java.text.ParseException;
@@ -4377,18 +2454,7 @@
  import java.util.Collection;
  import java.util.Date;
  import java.util.Enumeration;
-@@ -35,6 +36,10 @@
- 
- import javax.security.auth.x500.X500Principal;
- 
-+// BEGIN android-added
-+import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters;
-+
-+// END android-added
- import org.bouncycastle.asn1.ASN1InputStream;
- import org.bouncycastle.asn1.ASN1Object;
- import org.bouncycastle.asn1.ASN1OctetString;
-@@ -59,13 +64,17 @@
+@@ -59,13 +60,17 @@
  import org.bouncycastle.asn1.x509.PolicyInformation;
  import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
  import org.bouncycastle.asn1.x509.X509Extensions;
@@ -4408,161 +2474,7 @@
  import org.bouncycastle.x509.X509AttributeCertificate;
  import org.bouncycastle.x509.X509CRLStoreSelector;
  import org.bouncycastle.x509.X509CertStoreSelector;
-@@ -110,29 +119,32 @@
-         "privilegeWithdrawn",
-         "aACompromise" };
-     
--    /**
--     * Search the given Set of TrustAnchor's for one that is the
--     * issuer of the given X509 certificate. Uses the default provider
--     * for signature verification.
--     *
--     * @param cert the X509 certificate
--     * @param trustAnchors a Set of TrustAnchor's
--     *
--     * @return the <code>TrustAnchor</code> object if found or
--     * <code>null</code> if not.
--     *
--     * @exception AnnotatedException
--     *                if a TrustAnchor was found but the signature verification
--     *                on the given certificate has thrown an exception.
--     */
--    protected static TrustAnchor findTrustAnchor(
--        X509Certificate cert,
--        Set             trustAnchors)
--            throws AnnotatedException
--    {
--        return findTrustAnchor(cert, trustAnchors, null);
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * Search the given Set of TrustAnchor's for one that is the
-+    //  * issuer of the given X509 certificate. Uses the default provider
-+    //  * for signature verification.
-+    //  *
-+    //  * @param cert the X509 certificate
-+    //  * @param trustAnchors a Set of TrustAnchor's
-+    //  *
-+    //  * @return the <code>TrustAnchor</code> object if found or
-+    //  * <code>null</code> if not.
-+    //  *
-+    //  * @exception AnnotatedException
-+    //  *                if a TrustAnchor was found but the signature verification
-+    //  *                on the given certificate has thrown an exception.
-+    //  */
-+    // protected static TrustAnchor findTrustAnchor(
-+    //     X509Certificate cert,
-+    //     Set             trustAnchors)
-+    //         throws AnnotatedException
-+    // {
-+    //     return findTrustAnchor(cert, trustAnchors, null);
-+    // }
-+    // END android-removed
-     
-+    // BEGIN android-changed
-     /**
-      * Search the given Set of TrustAnchor's for one that is the
-      * issuer of the given X509 certificate. Uses the specified
-@@ -140,8 +152,7 @@
-      * if null.
-      *
-      * @param cert the X509 certificate
--     * @param trustAnchors a Set of TrustAnchor's
--     * @param sigProvider the provider to use for signature verification
-+     * @param params used to find the trust anchors and signature provider
-      *
-      * @return the <code>TrustAnchor</code> object if found or
-      * <code>null</code> if not.
-@@ -152,10 +163,21 @@
-      */
-     protected static TrustAnchor findTrustAnchor(
-         X509Certificate cert,
--        Set             trustAnchors,
--        String          sigProvider) 
-+        PKIXParameters  params)
-             throws AnnotatedException
-+    // END android-changed
-     {
-+        // BEGIN android-changed
-+        // If we have a trust anchor index, use it.
-+        if (params instanceof IndexedPKIXParameters) {
-+            try {
-+                IndexedPKIXParameters indexed = (IndexedPKIXParameters) params;
-+                return indexed.findTrustAnchor(cert);
-+            } catch (CertPathValidatorException e) {
-+                throw new AnnotatedException(e.getMessage(), e);
-+            }
-+        }
-+        // END android-changed
-         TrustAnchor trust = null;
-         PublicKey trustPublicKey = null;
-         Exception invalidKeyEx = null;
-@@ -172,21 +194,49 @@
-             throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex);
-         }
- 
--        Iterator iter = trustAnchors.iterator();
-+        // BEGIN android-changed
-+        Iterator iter = params.getTrustAnchors().iterator();
-+        // END android-changed
-+        // BEGIN android-added
-+        byte[] certBytes = null;
-+        try {
-+            certBytes = cert.getEncoded();
-+        } catch (Exception e) {
-+            // ignore, just continue
-+        }
-+        // END android-added
-         while (iter.hasNext() && trust == null)
-         {
-             trust = (TrustAnchor) iter.next();
--            if (trust.getTrustedCert() != null)
-+            // BEGIN android-changed
-+            X509Certificate trustCert = trust.getTrustedCert();
-+            // END android-changed
-+            // BEGIN android-added
-+            // If the trust anchor is identical to the certificate we're
-+            // done. Just return the anchor.
-+            // There is similar code in PKIXCertPathValidatorSpi.
-+            try {
-+                byte[] trustBytes = trustCert.getEncoded();
-+                if (certBytes != null && Arrays.equals(trustBytes, certBytes)) {
-+                    return trust;
-+                }
-+            } catch (Exception e) {
-+                // ignore, continue and verify the certificate
-+            }
-+            // END android-added
-+            // BEGIN android-changed
-+            if (trustCert != null)
-             {
--                if (certSelectX509.match(trust.getTrustedCert()))
-+                if (certSelectX509.match(trustCert))
-                 {
--                    trustPublicKey = trust.getTrustedCert().getPublicKey();
-+                    trustPublicKey = trustCert.getPublicKey();
-                 }
-                 else
-                 {
-                     trust = null;
-                 }
-             }
-+            // END android-changed
-             else if (trust.getCAName() != null
-                     && trust.getCAPublicKey() != null)
-             {
-@@ -216,7 +266,9 @@
-             {
-                 try
-                 {
--                    verifyX509Certificate(cert, trustPublicKey, sigProvider);
-+                    // BEGIN android-changed
-+                    verifyX509Certificate(cert, trustPublicKey, params.getSigProvider());
-+                    // END android-changed
-                 }
-                 catch (Exception ex)
-                 {
-@@ -248,7 +300,9 @@
+@@ -250,7 +255,9 @@
              {
                  // look for URI
                  List list = (List) it.next();
@@ -4573,7 +2485,7 @@
                  {
                      // found
                      String temp = (String) list.get(1);
-@@ -721,38 +775,40 @@
+@@ -660,38 +667,40 @@
          {
              try
              {
@@ -4601,13 +2513,13 @@
 -                    X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
 -                        url, base).build();
 -                    pkixParams.addAdditionalStore(X509Store.getInstance(
--                        "CERTIFICATE/LDAP", params, "BC"));
+-                        "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
 -                    pkixParams.addAdditionalStore(X509Store.getInstance(
--                        "CRL/LDAP", params, "BC"));
+-                        "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
 -                    pkixParams.addAdditionalStore(X509Store.getInstance(
--                        "ATTRIBUTECERTIFICATE/LDAP", params, "BC"));
+-                        "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
 -                    pkixParams.addAdditionalStore(X509Store.getInstance(
--                        "CERTIFICATEPAIR/LDAP", params, "BC"));
+-                        "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
 -                }
 +                // BEGIN android-removed
 +                // if (location.startsWith("ldap://"))
@@ -4634,19 +2546,19 @@
 +                //     X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
 +                //         url, base).build();
 +                //     pkixParams.addAdditionalStore(X509Store.getInstance(
-+                //         "CERTIFICATE/LDAP", params, "BC"));
++                //         "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
 +                //     pkixParams.addAdditionalStore(X509Store.getInstance(
-+                //         "CRL/LDAP", params, "BC"));
++                //         "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
 +                //     pkixParams.addAdditionalStore(X509Store.getInstance(
-+                //         "ATTRIBUTECERTIFICATE/LDAP", params, "BC"));
++                //         "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
 +                //     pkixParams.addAdditionalStore(X509Store.getInstance(
-+                //         "CERTIFICATEPAIR/LDAP", params, "BC"));
++                //         "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
 +                // }
 +                // END android-removed
              }
              catch (Exception e)
              {
-@@ -819,35 +875,37 @@
+@@ -758,35 +767,37 @@
          return certs;
      }
  
@@ -4713,19 +2625,24 @@
  
      protected static void addAdditionalStoresFromCRLDistributionPoint(
          CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java	2011-09-01 17:21:06.000000000 +0000
-@@ -7,22 +7,31 @@
- import org.bouncycastle.crypto.InvalidCipherTextException;
- import org.bouncycastle.crypto.engines.AESFastEngine;
- import org.bouncycastle.crypto.engines.BlowfishEngine;
--import org.bouncycastle.crypto.engines.CAST5Engine;
--import org.bouncycastle.crypto.engines.CAST6Engine;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java	2011-09-08 21:28:49.000000000 +0000
+@@ -17,8 +17,10 @@
+ import javax.crypto.ShortBufferException;
+ import javax.crypto.spec.IvParameterSpec;
+ import javax.crypto.spec.PBEParameterSpec;
+-import javax.crypto.spec.RC2ParameterSpec;
+-import javax.crypto.spec.RC5ParameterSpec;
 +// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.CAST5Engine;
-+// import org.bouncycastle.crypto.engines.CAST6Engine;
++// import javax.crypto.spec.RC2ParameterSpec;
++// import javax.crypto.spec.RC5ParameterSpec;
 +// END android-removed
+ 
+ import org.bouncycastle.crypto.BlockCipher;
+ import org.bouncycastle.crypto.BufferedBlockCipher;
+@@ -28,7 +30,9 @@
+ import org.bouncycastle.crypto.engines.AESFastEngine;
  import org.bouncycastle.crypto.engines.DESEngine;
  import org.bouncycastle.crypto.engines.DESedeEngine;
 -import org.bouncycastle.crypto.engines.GOST28147Engine;
@@ -4733,34 +2650,16 @@
 +// import org.bouncycastle.crypto.engines.GOST28147Engine;
 +// END android-removed
  import org.bouncycastle.crypto.engines.RC2Engine;
--import org.bouncycastle.crypto.engines.RC532Engine;
--import org.bouncycastle.crypto.engines.RC564Engine;
--import org.bouncycastle.crypto.engines.RC6Engine;
--import org.bouncycastle.crypto.engines.RijndaelEngine;
--import org.bouncycastle.crypto.engines.SEEDEngine;
--import org.bouncycastle.crypto.engines.SerpentEngine;
--import org.bouncycastle.crypto.engines.SkipjackEngine;
--import org.bouncycastle.crypto.engines.TEAEngine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.RC532Engine;
-+// import org.bouncycastle.crypto.engines.RC564Engine;
-+// END android-removed
-+// import org.bouncycastle.crypto.engines.RC6Engine;
-+// import org.bouncycastle.crypto.engines.RijndaelEngine;
-+// import org.bouncycastle.crypto.engines.SEEDEngine;
-+// import org.bouncycastle.crypto.engines.SerpentEngine;
-+// import org.bouncycastle.crypto.engines.SkipjackEngine;
-+// import org.bouncycastle.crypto.engines.TEAEngine;
-+// END android-removed
  import org.bouncycastle.crypto.engines.TwofishEngine;
--import org.bouncycastle.crypto.engines.XTEAEngine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.XTEAEngine;
-+// END android-removed
  import org.bouncycastle.crypto.modes.AEADBlockCipher;
- import org.bouncycastle.crypto.modes.CBCBlockCipher;
+@@ -36,12 +40,16 @@
  import org.bouncycastle.crypto.modes.CCMBlockCipher;
-@@ -32,8 +41,10 @@
+ import org.bouncycastle.crypto.modes.CFBBlockCipher;
+ import org.bouncycastle.crypto.modes.CTSBlockCipher;
+-import org.bouncycastle.crypto.modes.EAXBlockCipher;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.modes.EAXBlockCipher;
++// END android-removed
  import org.bouncycastle.crypto.modes.GCMBlockCipher;
  import org.bouncycastle.crypto.modes.GOFBBlockCipher;
  import org.bouncycastle.crypto.modes.OFBBlockCipher;
@@ -4773,7 +2672,7 @@
  import org.bouncycastle.crypto.modes.SICBlockCipher;
  import org.bouncycastle.crypto.paddings.BlockCipherPadding;
  import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
-@@ -45,10 +56,12 @@
+@@ -53,10 +61,12 @@
  import org.bouncycastle.crypto.params.KeyParameter;
  import org.bouncycastle.crypto.params.ParametersWithIV;
  import org.bouncycastle.crypto.params.ParametersWithRandom;
@@ -4789,21 +2688,8 @@
 +// END android-removed
  import org.bouncycastle.util.Strings;
  
- import javax.crypto.BadPaddingException;
-@@ -59,8 +72,10 @@
- import javax.crypto.ShortBufferException;
- import javax.crypto.spec.IvParameterSpec;
- import javax.crypto.spec.PBEParameterSpec;
--import javax.crypto.spec.RC2ParameterSpec;
--import javax.crypto.spec.RC5ParameterSpec;
-+// BEGIN android-removed
-+// import javax.crypto.spec.RC2ParameterSpec;
-+// import javax.crypto.spec.RC5ParameterSpec;
-+// END android-removed
- import java.security.AlgorithmParameters;
- import java.security.InvalidAlgorithmParameterException;
- import java.security.InvalidKeyException;
-@@ -78,11 +93,15 @@
+ public class JCEBlockCipher extends WrapCipherSpi
+@@ -67,11 +77,15 @@
      //
      private Class[]                 availableSpecs =
                                      {
@@ -4822,7 +2708,7 @@
                                      };
   
      private BlockCipher             baseEngine;
-@@ -237,20 +256,22 @@
+@@ -226,20 +240,22 @@
                          new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
              }
          }
@@ -4859,7 +2745,26 @@
          else if (modeName.startsWith("SIC"))
          {
              ivLength = baseEngine.getBlockSize();
-@@ -376,13 +397,15 @@
+@@ -272,11 +288,13 @@
+             ivLength = baseEngine.getBlockSize();
+             cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
+         }
+-        else if (modeName.startsWith("EAX"))
+-        {
+-            ivLength = baseEngine.getBlockSize();
+-            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
+-        }
++        // BEGIN android-removed
++        // else if (modeName.startsWith("EAX"))
++        // {
++        //     ivLength = baseEngine.getBlockSize();
++        //     cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
++        // }
++        // END android-removed
+         else if (modeName.startsWith("GCM"))
+         {
+             ivLength = baseEngine.getBlockSize();
+@@ -365,13 +383,15 @@
              throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption.");
          }
          
@@ -4882,7 +2787,7 @@
  
          //
          // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it).
-@@ -448,63 +471,65 @@
+@@ -437,63 +457,65 @@
                  param = new KeyParameter(key.getEncoded());
              }
          }
@@ -5005,7 +2910,7 @@
          else
          {
              throw new InvalidAlgorithmParameterException("unknown parameter type.");
-@@ -708,10 +733,21 @@
+@@ -697,10 +719,21 @@
          int     inputLen,
          byte[]  output,
          int     outputOffset) 
@@ -5028,7 +2933,7 @@
          if (inputLen != 0)
          {
                  len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
-@@ -753,17 +789,19 @@
+@@ -742,62 +775,64 @@
          }
      }
  
@@ -5043,37 +2948,6 @@
 -            super(new CBCBlockCipher(new DESEngine()), 64);
 -        }
 -    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * DESCBC
-+    //  */
-+    // static public class DESCBC
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public DESCBC()
-+    //     {
-+    //         super(new CBCBlockCipher(new DESEngine()), 64);
-+    //     }
-+    // }
-+    // END android-removed
- 
-     /**
-      * DESede
-@@ -777,52 +815,54 @@
-         }
-     }
- 
--    /**
--     * DESedeCBC
--     */
--    static public class DESedeCBC
--        extends JCEBlockCipher
--    {
--        public DESedeCBC()
--        {
--            super(new CBCBlockCipher(new DESedeEngine()), 64);
--        }
--    }
 -
 -    /**
 -     *  GOST28147
@@ -5095,97 +2969,6 @@
 -            super(new CBCBlockCipher(new GOST28147Engine()), 64);
 -        }
 -    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * DESedeCBC
-+    //  */
-+    // static public class DESedeCBC
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public DESedeCBC()
-+    //     {
-+    //         super(new CBCBlockCipher(new DESedeEngine()), 64);
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  *  GOST28147
-+    //  */
-+    // static public class GOST28147
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public GOST28147()
-+    //     {
-+    //         super(new GOST28147Engine());
-+    //     }
-+    // }
-+    //    
-+    // static public class GOST28147cbc
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public GOST28147cbc()
-+    //     {
-+    //         super(new CBCBlockCipher(new GOST28147Engine()), 64);
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * SKIPJACK
-+    //  */
-+    // static public class Skipjack
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public Skipjack()
-+    //     {
-+    //         super(new SkipjackEngine());
-+    //     }
-+    // }
-+    // END android-removed
-     
-     /**
--     * SKIPJACK
--     */
--    static public class Skipjack
--        extends JCEBlockCipher
--    {
--        public Skipjack()
--        {
--            super(new SkipjackEngine());
--        }
--    }
--
--    /**
-      * Blowfish
-      */
-     static public class Blowfish
-@@ -833,236 +873,238 @@
-             super(new BlowfishEngine());
-         }
-     }
--
--    /**
--     * Blowfish CBC
--     */
--    static public class BlowfishCBC
--        extends JCEBlockCipher
--    {
--        public BlowfishCBC()
--        {
--            super(new CBCBlockCipher(new BlowfishEngine()), 64);
--        }
--    }
--
--    /**
--     * Twofish
--     */
--    static public class Twofish
--        extends JCEBlockCipher
--    {
--        public Twofish()
--        {
--            super(new TwofishEngine());
--        }
--    }
 -
 -    /**
 -     * RC2
@@ -5210,210 +2993,37 @@
 -            super(new CBCBlockCipher(new RC2Engine()), 64);
 -        }
 -    }
--
--    /**
--     * RC5
--     */
--    static public class RC5
--        extends JCEBlockCipher
--    {
--        public RC5()
--        {
--            super(new RC532Engine());
--        }
--    }
--
--    /**
--     * RC564
--     */
--    static public class RC564
--        extends JCEBlockCipher
--    {
--        public RC564()
--        {
--            super(new RC564Engine());
--        }
--    }
--
--    /**
--     * RC6
--     */
--    static public class RC6
--        extends JCEBlockCipher
--    {
--        public RC6()
--        {
--            super(new RC6Engine());
--        }
--    }
--
--    /**
--     * AES
--     */
--    static public class AES
--        extends JCEBlockCipher
--    {
--        public AES()
--        {
--            super(new AESFastEngine());
--        }
--    }
--
--    /**
--     * AESCBC
--     */
--    static public class AESCBC
--        extends JCEBlockCipher
--    {
--        public AESCBC()
--        {
--            super(new CBCBlockCipher(new AESFastEngine()), 128);
--        }
--    }
--
--    /**
--     * AESCFB
--     */
--    static public class AESCFB
--        extends JCEBlockCipher
--    {
--        public AESCFB()
--        {
--            super(new CFBBlockCipher(new AESFastEngine(), 128), 128);
--        }
--    }
--
--    /**
--     * AESOFB
--     */
--    static public class AESOFB
--        extends JCEBlockCipher
--    {
--        public AESOFB()
--        {
--            super(new OFBBlockCipher(new AESFastEngine(), 128), 128);
--        }
--    }
--
--    /**
--     * Rijndael
--     */
--    static public class Rijndael
--        extends JCEBlockCipher
--    {
--        public Rijndael()
--        {
--            super(new RijndaelEngine());
--        }
--    }
--
--    /**
--     * Serpent
--     */
--    static public class Serpent
--        extends JCEBlockCipher
--    {
--        public Serpent()
--        {
--            super(new SerpentEngine());
--        }
--    }
--
--
-     
--    /**
--     * CAST5
--     */
--    static public class CAST5
--        extends JCEBlockCipher
--    {
--        public CAST5()
--        {
--            super(new CAST5Engine());
--        }
--    }
--
--    /**
--     * CAST5 CBC
--     */
--    static public class CAST5CBC
--        extends JCEBlockCipher
--    {
--        public CAST5CBC()
--        {
--            super(new CBCBlockCipher(new CAST5Engine()), 64);
--        }
--    }
--
--    /**
--     * CAST6
--     */
--    static public class CAST6
--        extends JCEBlockCipher
--    {
--        public CAST6()
--        {
--            super(new CAST6Engine());
--        }
--    }
--
--    /**
--     * TEA
--     */
--    static public class TEA
--        extends JCEBlockCipher
--    {
--        public TEA()
--        {
--            super(new TEAEngine());
--        }
--    }
--
--    /**
--     * XTEA
--     */
--    static public class XTEA
--        extends JCEBlockCipher
--    {
--        public XTEA()
--        {
--            super(new XTEAEngine());
--        }
--    }
--
--    /**
--     * SEED
--     */
--    static public class SEED
--        extends JCEBlockCipher
--    {
--        public SEED()
--        {
--            super(new SEEDEngine());
--        }
--    }
 +    // BEGIN android-removed
 +    // /**
-+    //  * Blowfish CBC
++    //  * DESCBC
 +    //  */
-+    // static public class BlowfishCBC
++    // static public class DESCBC
 +    //     extends JCEBlockCipher
 +    // {
-+    //     public BlowfishCBC()
++    //     public DESCBC()
 +    //     {
-+    //         super(new CBCBlockCipher(new BlowfishEngine()), 64);
++    //         super(new CBCBlockCipher(new DESEngine()), 64);
 +    //     }
 +    // }
 +    //
 +    // /**
-+    //  * Twofish
++    //  *  GOST28147
 +    //  */
-+    // static public class Twofish
++    // static public class GOST28147
 +    //     extends JCEBlockCipher
 +    // {
-+    //     public Twofish()
++    //     public GOST28147()
 +    //     {
-+    //         super(new TwofishEngine());
++    //         super(new GOST28147Engine());
++    //     }
++    // }
++    //
++    // static public class GOST28147cbc
++    //     extends JCEBlockCipher
++    // {
++    //     public GOST28147cbc()
++    //     {
++    //         super(new CBCBlockCipher(new GOST28147Engine()), 64);
 +    //     }
 +    // }
 +    //
@@ -5440,193 +3050,11 @@
 +    //         super(new CBCBlockCipher(new RC2Engine()), 64);
 +    //     }
 +    // }
-+    //
-+    // /**
-+    //  * RC5
-+    //  */
-+    // static public class RC5
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public RC5()
-+    //     {
-+    //         super(new RC532Engine());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * RC564
-+    //  */
-+    // static public class RC564
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public RC564()
-+    //     {
-+    //         super(new RC564Engine());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * RC6
-+    //  */
-+    // static public class RC6
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public RC6()
-+    //     {
-+    //         super(new RC6Engine());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * AES
-+    //  */
-+    // static public class AES
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public AES()
-+    //     {
-+    //         super(new AESFastEngine());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * AESCBC
-+    //  */
-+    // static public class AESCBC
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public AESCBC()
-+    //     {
-+    //         super(new CBCBlockCipher(new AESFastEngine()), 128);
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * AESCFB
-+    //  */
-+    // static public class AESCFB
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public AESCFB()
-+    //     {
-+    //         super(new CFBBlockCipher(new AESFastEngine(), 128), 128);
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * AESOFB
-+    //  */
-+    // static public class AESOFB
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public AESOFB()
-+    //     {
-+    //         super(new OFBBlockCipher(new AESFastEngine(), 128), 128);
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * Rijndael
-+    //  */
-+    // static public class Rijndael
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public Rijndael()
-+    //     {
-+    //         super(new RijndaelEngine());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * Serpent
-+    //  */
-+    // static public class Serpent
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public Serpent()
-+    //     {
-+    //         super(new SerpentEngine());
-+    //     }
-+    // }
-+    //
-+    //
-+    //
-+    // /**
-+    //  * CAST5
-+    //  */
-+    // static public class CAST5
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public CAST5()
-+    //     {
-+    //         super(new CAST5Engine());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * CAST5 CBC
-+    //  */
-+    // static public class CAST5CBC
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public CAST5CBC()
-+    //     {
-+    //         super(new CBCBlockCipher(new CAST5Engine()), 64);
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * CAST6
-+    //  */
-+    // static public class CAST6
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public CAST6()
-+    //     {
-+    //         super(new CAST6Engine());
-+    //     }
-+    // }
-+    // 
-+    // /**
-+    //  * TEA
-+    //  */
-+    // static public class TEA
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public TEA()
-+    //     {
-+    //         super(new TEAEngine());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * XTEA
-+    //  */
-+    // static public class XTEA
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public XTEA()
-+    //     {
-+    //         super(new XTEAEngine());
-+    //     }
-+    // }
-+    // 
-+    // /**
-+    //  * SEED
-+    //  */
-+    // static public class SEED
-+    //     extends JCEBlockCipher
-+    // {
-+    //     public SEED()
-+    //     {
-+    //         super(new SEEDEngine());
-+    //     }
-+    // }
 +    // END android-removed
  
      /**
       * PBEWithMD5AndDES
-@@ -1087,7 +1129,7 @@
+@@ -822,7 +857,7 @@
              super(new CBCBlockCipher(new RC2Engine()));
          }
      }
@@ -5635,7 +3063,7 @@
      /**
       * PBEWithSHA1AndDES
       */
-@@ -1135,7 +1177,7 @@
+@@ -870,7 +905,7 @@
              super(new CBCBlockCipher(new DESedeEngine()));
          }
      }
@@ -5644,7 +3072,7 @@
      /**
       * PBEWithSHAAnd128BitRC2-CBC
       */
-@@ -1159,7 +1201,7 @@
+@@ -894,7 +929,7 @@
              super(new CBCBlockCipher(new RC2Engine()));
          }
      }
@@ -5653,7 +3081,7 @@
      /**
       * PBEWithSHAAndTwofish-CBC
       */
-@@ -1171,7 +1213,7 @@
+@@ -906,7 +941,7 @@
              super(new CBCBlockCipher(new TwofishEngine()));
          }
      }
@@ -5662,27 +3090,29 @@
      /**
       * PBEWithAES-CBC
       */
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java	2011-09-01 17:21:06.000000000 +0000
-@@ -37,9 +37,11 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java	2011-09-08 21:28:49.000000000 +0000
+@@ -36,10 +36,12 @@
  
      static
      {
 -        Integer i64 = new Integer(64);
 -        Integer i192 = new Integer(192);
 -        Integer i128 = new Integer(128);
+-        Integer i256 = new Integer(256);
 +        // BEGIN android-changed
 +        Integer i64 = Integer.valueOf(64);
 +        Integer i192 = Integer.valueOf(192);
 +        Integer i128 = Integer.valueOf(128);
++        Integer i256 = Integer.valueOf(256);
 +        // END android-changed
  
          algorithms.put("DES", i64);
          algorithms.put("DESEDE", i192);
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java	2011-09-08 21:28:49.000000000 +0000
 @@ -12,7 +12,9 @@
  import org.bouncycastle.crypto.Digest;
  import org.bouncycastle.crypto.digests.MD5Digest;
@@ -5763,83 +3193,345 @@
              || (sha256.contains(digest1) && sha256.contains(digest2))
              || (sha384.contains(digest1) && sha384.contains(digest2))
              || (sha512.contains(digest1) && sha512.contains(digest2))
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java	2011-09-01 17:21:06.000000000 +0000
-@@ -145,30 +145,32 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2011-09-08 21:28:49.000000000 +0000
+@@ -20,7 +20,9 @@
+ import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+ import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+ import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+@@ -199,21 +201,23 @@
+             DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+             X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
+ 
+-            if (ecP == null) // GOST Curve
+-            {
+-                ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
+-                EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
+-
+-                ecSpec = new ECNamedCurveSpec(
+-                        ECGOST3410NamedCurves.getName(oid),
+-                        ellipticCurve,
+-                        new ECPoint(
+-                                gParam.getG().getX().toBigInteger(),
+-                                gParam.getG().getY().toBigInteger()),
+-                        gParam.getN(),
+-                        gParam.getH());
+-            }
+-            else
++            // BEGIN android-removed
++            // if (ecP == null) // GOST Curve
++            // {
++            //     ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
++            //     EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
++            //
++            //     ecSpec = new ECNamedCurveSpec(
++            //             ECGOST3410NamedCurves.getName(oid),
++            //             ellipticCurve,
++            //             new ECPoint(
++            //                     gParam.getG().getX().toBigInteger(),
++            //                     gParam.getG().getY().toBigInteger()),
++            //             gParam.getN(),
++            //             gParam.getH());
++            // }
++            // else
++            // END android-removed
+             {
+                 EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
+ 
+@@ -324,11 +328,13 @@
+             keyStructure = new ECPrivateKeyStructure(this.getS(), params);
          }
+ 
+-        if (algorithm.equals("ECGOST3410"))
+-        {
+-            info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), keyStructure.getDERObject());
+-        }
+-        else
++        // BEGIN android-removed
++        // if (algorithm.equals("ECGOST3410"))
++        // {
++        //     info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), keyStructure.getDERObject());
++        // }
++        // else
++        // END android-removed
+         {
+ 
+             info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), keyStructure.getDERObject());
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java	2011-09-08 21:28:49.000000000 +0000
+@@ -20,8 +20,10 @@
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DEROctetString;
+ import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
++// END android-removed
+ import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+ import org.bouncycastle.asn1.x9.X962Parameters;
+@@ -31,11 +33,15 @@
+ import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+ import org.bouncycastle.crypto.params.ECDomainParameters;
+ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+-import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
++// BEGIN android-removed
++// import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
++// END android-removed
+ import org.bouncycastle.jce.interfaces.ECPointEncoder;
+ import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
+ import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
+-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
++// BEGIN android-removed
++// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
++// END android-removed
+ import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+ import org.bouncycastle.math.ec.ECCurve;
+ 
+@@ -46,7 +52,9 @@
+     private org.bouncycastle.math.ec.ECPoint q;
+     private ECParameterSpec         ecSpec;
+     private boolean                 withCompression;
+-    private GOST3410PublicKeyAlgParameters       gostParams;
++    // BEGIN android-removed
++    // private GOST3410PublicKeyAlgParameters       gostParams;
++    // END android-removed
+ 
+     public JCEECPublicKey(
+         String              algorithm,
+@@ -56,7 +64,9 @@
+         this.q = key.q;
+         this.ecSpec = key.ecSpec;
+         this.withCompression = key.withCompression;
+-        this.gostParams = key.gostParams;
++        // BEGIN android-removed
++        // this.gostParams = key.gostParams;
++        // END android-removed
      }
      
--    /**
--     * generate a desEDE key in the a-b-c format.
--     */
--    public static class DESede3
--        extends JCEKeyGenerator
--    {
--        public DESede3()
+     public JCEECPublicKey(
+@@ -179,54 +189,56 @@
+ 
+     private void populateFromPubKeyInfo(SubjectPublicKeyInfo info)
+     {
+-        if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
 -        {
--            super("DESede3", 192, new DESedeKeyGenerator());
--        }
--    }
+-            DERBitString bits = info.getPublicKeyData();
+-            ASN1OctetString key;
+-            this.algorithm = "ECGOST3410";
 -
--    /**
--     * SKIPJACK
--     */
--    public static class Skipjack
--        extends JCEKeyGenerator
--    {
--        public Skipjack()
+-            try
+-            {
+-                key = (ASN1OctetString) ASN1Object.fromByteArray(bits.getBytes());
+-            }
+-            catch (IOException ex)
+-            {
+-                throw new IllegalArgumentException("error recovering public key");
+-            }
+-
+-            byte[]          keyEnc = key.getOctets();
+-            byte[]          x = new byte[32];
+-            byte[]          y = new byte[32];
+-
+-            for (int i = 0; i != x.length; i++)
+-            {
+-                x[i] = keyEnc[32 - 1 - i];
+-            }
+-
+-            for (int i = 0; i != y.length; i++)
+-            {
+-                y[i] = keyEnc[64 - 1 - i];
+-            }
+-
+-            gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
+-
+-            ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
+-
+-            ECCurve curve = spec.getCurve();
+-            EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
+-
+-            this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
+-
+-            ecSpec = new ECNamedCurveSpec(
+-                    ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
+-                    ellipticCurve,
+-                    new ECPoint(
+-                            spec.getG().getX().toBigInteger(),
+-                            spec.getG().getY().toBigInteger()),
+-                            spec.getN(), spec.getH());
+-
+-        }
+-        else
++        // BEGIN android-removed
++        // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
++        // {
++        //     DERBitString bits = info.getPublicKeyData();
++        //     ASN1OctetString key;
++        //     this.algorithm = "ECGOST3410";
++        //
++        //     try
++        //     {
++        //         key = (ASN1OctetString) ASN1Object.fromByteArray(bits.getBytes());
++        //     }
++        //     catch (IOException ex)
++        //     {
++        //         throw new IllegalArgumentException("error recovering public key");
++        //     }
++        //
++        //     byte[]          keyEnc = key.getOctets();
++        //     byte[]          x = new byte[32];
++        //     byte[]          y = new byte[32];
++        //
++        //     for (int i = 0; i != x.length; i++)
++        //     {
++        //         x[i] = keyEnc[32 - 1 - i];
++        //     }
++        //
++        //     for (int i = 0; i != y.length; i++)
++        //     {
++        //         y[i] = keyEnc[64 - 1 - i];
++        //     }
++        //
++        //     gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
++        //
++        //     ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
++        //
++        //     ECCurve curve = spec.getCurve();
++        //     EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
++        //
++        //     this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
++        //
++        //     ecSpec = new ECNamedCurveSpec(
++        //             ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
++        //             ellipticCurve,
++        //             new ECPoint(
++        //                     spec.getG().getX().toBigInteger(),
++        //                     spec.getG().getY().toBigInteger()),
++        //                     spec.getN(), spec.getH());
++        //
++        // }
++        // else
++        // END android-removed
+         {
+             X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters());
+             ECCurve                 curve;
+@@ -315,45 +327,47 @@
+         ASN1Encodable        params;
+         SubjectPublicKeyInfo info;
+ 
+-        if (algorithm.equals("ECGOST3410"))
 -        {
--            super("SKIPJACK", 80, new CipherKeyGenerator());
--        }
--    }
+-            if (gostParams != null)
+-            {
+-                params = gostParams;
+-            }
+-            else
+-            {
+-                if (ecSpec instanceof ECNamedCurveSpec)
+-                {
+-                    params = new GOST3410PublicKeyAlgParameters(
+-                                   ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
+-                                   CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
+-                }
+-                else
+-                {   // strictly speaking this may not be applicable...
+-                    ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
 -
-+    // BEGIN android-removed
-+    // /**
-+    //  * generate a desEDE key in the a-b-c format.
-+    //  */
-+    // public static class DESede3
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public DESede3()
-+    //     {
-+    //         super("DESede3", 192, new DESedeKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * SKIPJACK
-+    //  */
-+    // public static class Skipjack
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public Skipjack()
-+    //     {
-+    //         super("SKIPJACK", 80, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    // END android-removed
-+    
-     /**
-      * Blowfish
-      */
-@@ -180,31 +182,33 @@
-             super("Blowfish", 128, new CipherKeyGenerator());
+-                    X9ECParameters ecP = new X9ECParameters(
+-                        curve,
+-                        EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+-                        ecSpec.getOrder(),
+-                        BigInteger.valueOf(ecSpec.getCofactor()),
+-                        ecSpec.getCurve().getSeed());
+-
+-                    params = new X962Parameters(ecP);
+-                }
+-            }
+-
+-            BigInteger      bX = this.q.getX().toBigInteger();
+-            BigInteger      bY = this.q.getY().toBigInteger();
+-            byte[]          encKey = new byte[64];
+-
+-            extractBytes(encKey, 0, bX);
+-            extractBytes(encKey, 32, bY);
+-
+-            info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey));
+-        }
+-        else
++        // BEGIN android-removed
++        // if (algorithm.equals("ECGOST3410"))
++        // {
++        //     if (gostParams != null)
++        //     {
++        //         params = gostParams;
++        //     }
++        //     else
++        //     {
++        //         if (ecSpec instanceof ECNamedCurveSpec)
++        //         {
++        //             params = new GOST3410PublicKeyAlgParameters(
++        //                            ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
++        //                            CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
++        //         }
++        //         else
++        //         {   // strictly speaking this may not be applicable...
++        //             ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
++        //
++        //             X9ECParameters ecP = new X9ECParameters(
++        //                 curve,
++        //                 EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
++        //                 ecSpec.getOrder(),
++        //                 BigInteger.valueOf(ecSpec.getCofactor()),
++        //                 ecSpec.getCurve().getSeed());
++        //
++        //             params = new X962Parameters(ecP);
++        //         }
++        //     }
++        //
++        //     BigInteger      bX = this.q.getX().toBigInteger();
++        //     BigInteger      bY = this.q.getY().toBigInteger();
++        //     byte[]          encKey = new byte[64];
++        //
++        //     extractBytes(encKey, 0, bX);
++        //     extractBytes(encKey, 32, bY);
++        //
++        //     info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey));
++        // }
++        // else
++        // END android-removed
+         {
+             if (ecSpec instanceof ECNamedCurveSpec)
+             {
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java	2011-09-08 21:28:49.000000000 +0000
+@@ -57,6 +57,11 @@
+     {
+         try
+         {
++            // BEGIN android-added
++            if (random == null) {
++                random = new SecureRandom();
++            }
++            // END android-added
+             engine.init(new KeyGenerationParameters(random, keySize));
+             uninitialised = false;
+         }
+@@ -93,56 +98,60 @@
          }
      }
--
--    /**
--     * Twofish
--     */
--    public static class Twofish
--        extends JCEKeyGenerator
--    {
--        public Twofish()
--        {
--            super("Twofish", 256, new CipherKeyGenerator());
--        }
--    }
--
+ 
 -    /**
 -     * RC2
 -     */
@@ -5852,77 +3544,6 @@
 -        }
 -    }
 -
-+    
-+    // BEGIN android-removed
-+    // /**
-+    //  * Twofish
-+    //  */
-+    // public static class Twofish
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public Twofish()
-+    //     {
-+    //         super("Twofish", 256, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * RC2
-+    //  */
-+    // public static class RC2
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public RC2()
-+    //     {
-+    //         super("RC2", 128, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    // END android-removed
-+    
-     /**
-      * RC4
-      */
-@@ -216,203 +220,207 @@
-             super("RC4", 128, new CipherKeyGenerator());
-         }
-     }
--
--    /**
--     * RC5
--     */
--    public static class RC5
--        extends JCEKeyGenerator
--    {
--        public RC5()
--        {
--            super("RC5", 128, new CipherKeyGenerator());
--        }
--    }
--
--    /**
--     * RC5
--     */
--    public static class RC564
--        extends JCEKeyGenerator
--    {
--        public RC564()
--        {
--            super("RC5-64", 256, new CipherKeyGenerator());
--        }
--    }
--
--    /**
--     * RC6
--     */
--    public static class RC6
--        extends JCEKeyGenerator
--    {
--        public RC6()
--        {
--            super("RC6", 256, new CipherKeyGenerator());
--        }
--    }
--
 -    /**
 -     * GOST28147
 -     */
@@ -5934,64 +3555,16 @@
 -            super("GOST28147", 256, new CipherKeyGenerator());
 -        }
 -    }
-     
--    /**
--     * Rijndael
--     */
--    public static class Rijndael
--        extends JCEKeyGenerator
--    {
--        public Rijndael()
--        {
--            super("Rijndael", 192, new CipherKeyGenerator());
--        }
--    }
--
--    /**
--     * Serpent
--     */
--    public static class Serpent
--        extends JCEKeyGenerator
--    {
--        public Serpent()
--        {
--            super("Serpent", 192, new CipherKeyGenerator());
--        }
--    }
 +    // BEGIN android-removed
 +    // /**
-+    //  * RC5
++    //  * RC2
 +    //  */
-+    // public static class RC5
++    // public static class RC2
 +    //     extends JCEKeyGenerator
 +    // {
-+    //     public RC5()
++    //     public RC2()
 +    //     {
-+    //         super("RC5", 128, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * RC5
-+    //  */
-+    // public static class RC564
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public RC564()
-+    //     {
-+    //         super("RC5-64", 256, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * RC6
-+    //  */
-+    // public static class RC6
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public RC6()
-+    //     {
-+    //         super("RC6", 256, new CipherKeyGenerator());
++    //         super("RC2", 128, new CipherKeyGenerator());
 +    //     }
 +    // }
 +    //
@@ -6006,225 +3579,6 @@
 +    //         super("GOST28147", 256, new CipherKeyGenerator());
 +    //     }
 +    // }
-     
--
--
--    /**
--     * CAST6
--     */
--    public static class CAST6
--        extends JCEKeyGenerator
--    {
--        public CAST6()
--        {
--            super("CAST6", 256, new CipherKeyGenerator());
--        }
--    }
--
--    /**
--     * TEA
--     */
--    public static class TEA
--        extends JCEKeyGenerator
--    {
--        public TEA()
--        {
--            super("TEA", 128, new CipherKeyGenerator());
--        }
--    }
--
--    /**
--     * XTEA
--     */
--    public static class XTEA
--        extends JCEKeyGenerator
--    {
--        public XTEA()
--        {
--            super("XTEA", 128, new CipherKeyGenerator());
--        }
--    }
--
--    /**
--     * Salsa20
--     */
--    public static class Salsa20
--        extends JCEKeyGenerator
--    {
--        public Salsa20()
--        {
--            super("Salsa20", 128, new CipherKeyGenerator());
--        }
--    }
--
--    /**
--     * HC128
--     */
--    public static class HC128
--        extends JCEKeyGenerator
--    {
--        public HC128()
--        {
--            super("HC128", 128, new CipherKeyGenerator());
--        }
--    }
--
--    /**
--     * HC256
--     */
--    public static class HC256
--        extends JCEKeyGenerator
--    {
--        public HC256()
--        {
--            super("HC256", 256, new CipherKeyGenerator());
--        }
--    }
--
--    /**
--     * VMPC
--     */
--    public static class VMPC
--        extends JCEKeyGenerator
--    {
--        public VMPC()
--        {
--            super("VMPC", 128, new CipherKeyGenerator());
--        }
--    }
--
--    /**
--     * VMPC-KSA3
--     */
--    public static class VMPCKSA3
--        extends JCEKeyGenerator
--    {
--        public VMPCKSA3()
--        {
--            super("VMPC-KSA3", 128, new CipherKeyGenerator());
--        }
--    }
-+    // /**
-+    //  * Rijndael
-+    //  */
-+    // public static class Rijndael
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public Rijndael()
-+    //     {
-+    //         super("Rijndael", 192, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * Serpent
-+    //  */
-+    // public static class Serpent
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public Serpent()
-+    //     {
-+    //         super("Serpent", 192, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    //
-+    //
-+    // /**
-+    //  * CAST6
-+    //  */
-+    // public static class CAST6
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public CAST6()
-+    //     {
-+    //         super("CAST6", 256, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * TEA
-+    //  */
-+    // public static class TEA
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public TEA()
-+    //     {
-+    //         super("TEA", 128, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * XTEA
-+    //  */
-+    // public static class XTEA
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public XTEA()
-+    //     {
-+    //         super("XTEA", 128, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * Salsa20
-+    //  */
-+    // public static class Salsa20
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public Salsa20()
-+    //     {
-+    //         super("Salsa20", 128, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * HC128
-+    //  */
-+    // public static class HC128
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public HC128()
-+    //     {
-+    //         super("HC128", 128, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * HC256
-+    //  */
-+    // public static class HC256
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public HC256()
-+    //     {
-+    //         super("HC256", 256, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * VMPC
-+    //  */
-+    // public static class VMPC
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public VMPC()
-+    //     {
-+    //         super("VMPC", 128, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * VMPC-KSA3
-+    //  */
-+    // public static class VMPCKSA3
-+    //     extends JCEKeyGenerator
-+    // {
-+    //     public VMPCKSA3()
-+    //     {
-+    //         super("VMPC-KSA3", 128, new CipherKeyGenerator());
-+    //     }
-+    // }
 +    // END android-removed
  
      // HMAC Related secret keys..
@@ -6282,7 +3636,7 @@
  
      /**
       * MD5HMAC
-@@ -427,29 +435,29 @@
+@@ -157,29 +166,29 @@
      }
  
  
@@ -6335,7 +3689,7 @@
  
  
      /**
-@@ -464,17 +472,19 @@
+@@ -194,17 +203,19 @@
          }
      }
  
@@ -6366,7 +3720,7 @@
      
      /**
       * HMACSHA256
-@@ -512,15 +522,17 @@
+@@ -242,15 +253,17 @@
          }
      }
      
@@ -6395,10 +3749,10 @@
 +    // }
 +    // END android-removed
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java	2011-09-01 17:21:06.000000000 +0000
-@@ -2,29 +2,43 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java	2011-09-08 21:28:49.000000000 +0000
+@@ -11,25 +11,39 @@
  
  import org.bouncycastle.crypto.CipherParameters;
  import org.bouncycastle.crypto.Mac;
@@ -6428,14 +3782,9 @@
 +// import org.bouncycastle.crypto.digests.TigerDigest;
 +// END android-removed
  import org.bouncycastle.crypto.engines.DESEngine;
- import org.bouncycastle.crypto.engines.DESedeEngine;
 -import org.bouncycastle.crypto.engines.RC2Engine;
--import org.bouncycastle.crypto.engines.RC532Engine;
--import org.bouncycastle.crypto.engines.SkipjackEngine;
 +// BEGIN android-removed
 +// import org.bouncycastle.crypto.engines.RC2Engine;
-+// import org.bouncycastle.crypto.engines.RC532Engine;
-+// import org.bouncycastle.crypto.engines.SkipjackEngine;
 +// END android-removed
  import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
 -import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
@@ -6447,16 +3796,14 @@
  import org.bouncycastle.crypto.macs.HMac;
 -import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
 -import org.bouncycastle.crypto.macs.OldHMac;
--import org.bouncycastle.crypto.macs.VMPCMac;
 +// BEGIN android-removed
 +// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
 +// import org.bouncycastle.crypto.macs.OldHMac;
-+// import org.bouncycastle.crypto.macs.VMPCMac;
 +// END android-removed
  import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
  import org.bouncycastle.crypto.params.KeyParameter;
  import org.bouncycastle.crypto.params.ParametersWithIV;
-@@ -146,224 +160,226 @@
+@@ -143,115 +157,117 @@
       * the classes that extend directly off us.
       */
  
@@ -6473,30 +3820,6 @@
 -    }
 -
 -    /**
--     * DESede
--     */
--    public static class DESede
--        extends JCEMac
--    {
--        public DESede()
--        {
--            super(new CBCBlockCipherMac(new DESedeEngine()));
--        }
--    }
--
--    /**
--     * SKIPJACK
--     */
--    public static class Skipjack
--        extends JCEMac
--    {
--        public Skipjack()
--        {
--            super(new CBCBlockCipherMac(new SkipjackEngine()));
--        }
--    }
--
--    /**
 -     * RC2
 -     */
 -    public static class RC2
@@ -6509,18 +3832,6 @@
 -    }
 -
 -    /**
--     * RC5
--     */
--    public static class RC5
--        extends JCEMac
--    {
--        public RC5()
--        {
--            super(new CBCBlockCipherMac(new RC532Engine()));
--        }
--    }
--
--    /**
 -     * GOST28147
 -     */
 -    public static class GOST28147
@@ -6532,17 +3843,7 @@
 -        }
 -    }
 -
--    /**
--     * VMPC
--     */
--    public static class VMPC
--        extends JCEMac
--    {
--        public VMPC()
--        {
--            super(new VMPCMac());
--        }
--    }
+-    
 -
 -    /**
 -     * DES
@@ -6557,30 +3858,6 @@
 -    }
 -
 -    /**
--     * DESede
--     */
--    public static class DESedeCFB8
--        extends JCEMac
--    {
--        public DESedeCFB8()
--        {
--            super(new CFBBlockCipherMac(new DESedeEngine()));
--        }
--    }
--
--    /**
--     * SKIPJACK
--     */
--    public static class SkipjackCFB8
--        extends JCEMac
--    {
--        public SkipjackCFB8()
--        {
--            super(new CFBBlockCipherMac(new SkipjackEngine()));
--        }
--    }
--
--    /**
 -     * RC2CFB8
 -     */
 -    public static class RC2CFB8
@@ -6593,17 +3870,52 @@
 -    }
 -
 -    /**
--     * RC5CFB8
+-     * DES9797Alg3with7816-4Padding
 -     */
--    public static class RC5CFB8
+-    public static class DES9797Alg3with7816d4
 -        extends JCEMac
 -    {
--        public RC5CFB8()
+-        public DES9797Alg3with7816d4()
 -        {
--            super(new CFBBlockCipherMac(new RC532Engine()));
+-            super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
 -        }
 -    }
--    
+-
+-    /**
+-     * DES9797Alg3
+-     */
+-    public static class DES9797Alg3
+-        extends JCEMac
+-    {
+-        public DES9797Alg3()
+-        {
+-            super(new ISO9797Alg3Mac(new DESEngine()));
+-        }
+-    }
+-
+-    /**
+-     * MD2 HMac
+-     */
+-    public static class MD2
+-        extends JCEMac
+-    {
+-        public MD2()
+-        {
+-            super(new HMac(new MD2Digest()));
+-        }
+-    }
+-
+-    /**
+-     * MD4 HMac
+-     */
+-    public static class MD4
+-        extends JCEMac
+-    {
+-        public MD4()
+-        {
+-            super(new HMac(new MD4Digest()));
+-        }
+-    }
 +    // BEGIN android-removed
 +    // /**
 +    //  * DES
@@ -6618,30 +3930,6 @@
 +    // }
 +    //
 +    // /**
-+    //  * DESede
-+    //  */
-+    // public static class DESede
-+    //     extends JCEMac
-+    // {
-+    //     public DESede()
-+    //     {
-+    //         super(new CBCBlockCipherMac(new DESedeEngine()));
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * SKIPJACK
-+    //  */
-+    // public static class Skipjack
-+    //     extends JCEMac
-+    // {
-+    //     public Skipjack()
-+    //     {
-+    //         super(new CBCBlockCipherMac(new SkipjackEngine()));
-+    //     }
-+    // }
-+    //
-+    // /**
 +    //  * RC2
 +    //  */
 +    // public static class RC2
@@ -6654,18 +3942,6 @@
 +    // }
 +    //
 +    // /**
-+    //  * RC5
-+    //  */
-+    // public static class RC5
-+    //     extends JCEMac
-+    // {
-+    //     public RC5()
-+    //     {
-+    //         super(new CBCBlockCipherMac(new RC532Engine()));
-+    //     }
-+    // }
-+    //
-+    // /**
 +    //  * GOST28147
 +    //  */
 +    // public static class GOST28147
@@ -6677,17 +3953,7 @@
 +    //     }
 +    // }
 +    //
-+    // /**
-+    //  * VMPC
-+    //  */
-+    // public static class VMPC
-+    //     extends JCEMac
-+    // {
-+    //     public VMPC()
-+    //     {
-+    //         super(new VMPCMac());
-+    //     }
-+    // }
++    //
 +    //
 +    // /**
 +    //  * DES
@@ -6702,30 +3968,6 @@
 +    // }
 +    //
 +    // /**
-+    //  * DESede
-+    //  */
-+    // public static class DESedeCFB8
-+    //     extends JCEMac
-+    // {
-+    //     public DESedeCFB8()
-+    //     {
-+    //         super(new CFBBlockCipherMac(new DESedeEngine()));
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * SKIPJACK
-+    //  */
-+    // public static class SkipjackCFB8
-+    //     extends JCEMac
-+    // {
-+    //     public SkipjackCFB8()
-+    //     {
-+    //         super(new CFBBlockCipherMac(new SkipjackEngine()));
-+    //     }
-+    // }
-+    //
-+    // /**
 +    //  * RC2CFB8
 +    //  */
 +    // public static class RC2CFB8
@@ -6738,43 +3980,6 @@
 +    // }
 +    //
 +    // /**
-+    //  * RC5CFB8
-+    //  */
-+    // public static class RC5CFB8
-+    //     extends JCEMac
-+    // {
-+    //     public RC5CFB8()
-+    //     {
-+    //         super(new CFBBlockCipherMac(new RC532Engine()));
-+    //     }
-+    // }
-+    //
-+    //
-+    // /**
-+    //  * DESede64
-+    //  */
-+    // public static class DESede64
-+    //     extends JCEMac
-+    // {
-+    //     public DESede64()
-+    //     {
-+    //         super(new CBCBlockCipherMac(new DESedeEngine(), 64));
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * DESede64with7816-4Padding
-+    //  */
-+    // public static class DESede64with7816d4
-+    //     extends JCEMac
-+    // {
-+    //     public DESede64with7816d4()
-+    //     {
-+    //         super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
-+    //     }
-+    // }
-+    //
-+    // /**
 +    //  * DES9797Alg3with7816-4Padding
 +    //  */
 +    // public static class DES9797Alg3with7816d4
@@ -6822,84 +4027,10 @@
 +    //     }
 +    // }
 +    // END android-removed
-     
+ 
      /**
--     * DESede64
--     */
--    public static class DESede64
--        extends JCEMac
--    {
--        public DESede64()
--        {
--            super(new CBCBlockCipherMac(new DESedeEngine(), 64));
--        }
--    }
--
--    /**
--     * DESede64with7816-4Padding
--     */
--    public static class DESede64with7816d4
--        extends JCEMac
--    {
--        public DESede64with7816d4()
--        {
--            super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
--        }
--    }
--
--    /**
--     * DES9797Alg3with7816-4Padding
--     */
--    public static class DES9797Alg3with7816d4
--        extends JCEMac
--    {
--        public DES9797Alg3with7816d4()
--        {
--            super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
--        }
--    }
--
--    /**
--     * DES9797Alg3
--     */
--    public static class DES9797Alg3
--        extends JCEMac
--    {
--        public DES9797Alg3()
--        {
--            super(new ISO9797Alg3Mac(new DESEngine()));
--        }
--    }
--
--    /**
--     * MD2 HMac
--     */
--    public static class MD2
--        extends JCEMac
--    {
--        public MD2()
--        {
--            super(new HMac(new MD2Digest()));
--        }
--    }
--
--    /**
--     * MD4 HMac
--     */
--    public static class MD4
--        extends JCEMac
--    {
--        public MD4()
--        {
--            super(new HMac(new MD4Digest()));
--        }
--    }
--
--    /**
       * MD5 HMac
-      */
-     public static class MD5
-@@ -374,7 +390,7 @@
+@@ -264,7 +280,7 @@
              super(new HMac(new MD5Digest()));
          }
      }
@@ -6908,7 +4039,7 @@
      /**
       * SHA1 HMac
       */
-@@ -386,18 +402,20 @@
+@@ -276,18 +292,20 @@
              super(new HMac(new SHA1Digest()));
          }
      }
@@ -6941,7 +4072,7 @@
      
      /**
       * SHA-256 HMac
-@@ -410,7 +428,7 @@
+@@ -300,7 +318,7 @@
              super(new HMac(new SHA256Digest()));
          }
      }
@@ -6950,7 +4081,7 @@
      /**
       * SHA-384 HMac
       */
-@@ -422,15 +440,17 @@
+@@ -312,15 +330,17 @@
              super(new HMac(new SHA384Digest()));
          }
      }
@@ -6977,7 +4108,7 @@
      
      /**
       * SHA-512 HMac
-@@ -443,73 +463,75 @@
+@@ -333,73 +353,75 @@
              super(new HMac(new SHA512Digest()));
          }
      }
@@ -7117,7 +4248,7 @@
      /**
       * PBEWithHmacSHA
       */
-@@ -521,16 +543,18 @@
+@@ -411,16 +433,18 @@
              super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160);
          }
      }
@@ -7148,10 +4279,10 @@
 +    // }
 +    // END android-removed
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java	2011-09-01 17:21:06.000000000 +0000
-@@ -534,48 +534,50 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSACipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSACipher.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java	2011-09-08 21:28:49.000000000 +0000
+@@ -535,48 +535,50 @@
          }
      }
  
@@ -7246,9 +4377,9 @@
 +    // }
 +    // END android-removed
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java	2011-09-08 21:28:49.000000000 +0000
 @@ -125,7 +125,9 @@
       */
      public byte[] getEncoded()
@@ -7260,9 +4391,9 @@
  
          return info.getDEREncoded();
      }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java	2011-09-08 21:28:49.000000000 +0000
 @@ -77,7 +77,9 @@
  
      public byte[] getEncoded()
@@ -7274,9 +4405,9 @@
  
          return info.getDEREncoded();
      }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java	2011-09-08 21:28:49.000000000 +0000
 @@ -90,7 +90,9 @@
  
      public byte[] getEncoded()
@@ -7288,13 +4419,13 @@
  
          return info.getDEREncoded();
      }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java	2011-09-01 17:21:06.000000000 +0000
-@@ -321,29 +321,31 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java	2011-09-08 21:28:49.000000000 +0000
+@@ -250,29 +250,31 @@
          }
      }
-     
+ 
 -    /**
 -     * PBEWithMD2AndDES
 -     */
@@ -7346,7 +4477,7 @@
  
     /**
      * PBEWithMD5AndDES
-@@ -477,17 +479,19 @@
+@@ -406,17 +408,19 @@
         }
     }
     
@@ -7377,7 +4508,7 @@
  
     /**
      * PBEWithHmacSHA
-@@ -501,17 +505,19 @@
+@@ -430,17 +434,19 @@
         }
     }
  
@@ -7408,7 +4539,7 @@
     
     /**
      * PBEWithSHA1And128BitAES-BC
-@@ -620,4 +626,56 @@
+@@ -549,4 +555,56 @@
             super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128);
         }
     }
@@ -7465,42 +4596,10 @@
 +    }
 +    // END android-added
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java	2011-09-01 17:21:06.000000000 +0000
-@@ -5,17 +5,21 @@
- import org.bouncycastle.crypto.DataLengthException;
- import org.bouncycastle.crypto.StreamBlockCipher;
- import org.bouncycastle.crypto.StreamCipher;
--import org.bouncycastle.crypto.engines.BlowfishEngine;
--import org.bouncycastle.crypto.engines.DESEngine;
--import org.bouncycastle.crypto.engines.DESedeEngine;
--import org.bouncycastle.crypto.engines.HC128Engine;
--import org.bouncycastle.crypto.engines.HC256Engine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.BlowfishEngine;
-+// import org.bouncycastle.crypto.engines.DESEngine;
-+// import org.bouncycastle.crypto.engines.DESedeEngine;
-+// import org.bouncycastle.crypto.engines.HC128Engine;
-+// import org.bouncycastle.crypto.engines.HC256Engine;
-+// END android-removed
- import org.bouncycastle.crypto.engines.RC4Engine;
--import org.bouncycastle.crypto.engines.Salsa20Engine;
--import org.bouncycastle.crypto.engines.SkipjackEngine;
--import org.bouncycastle.crypto.engines.TwofishEngine;
--import org.bouncycastle.crypto.engines.VMPCEngine;
--import org.bouncycastle.crypto.engines.VMPCKSA3Engine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.Salsa20Engine;
-+// import org.bouncycastle.crypto.engines.SkipjackEngine;
-+// import org.bouncycastle.crypto.engines.TwofishEngine;
-+// import org.bouncycastle.crypto.engines.VMPCEngine;
-+// import org.bouncycastle.crypto.engines.VMPCKSA3Engine;
-+// END android-removed
- import org.bouncycastle.crypto.modes.CFBBlockCipher;
- import org.bouncycastle.crypto.modes.OFBBlockCipher;
- import org.bouncycastle.crypto.params.KeyParameter;
-@@ -27,8 +31,10 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java	2011-09-08 21:28:49.000000000 +0000
+@@ -13,20 +13,26 @@
  import javax.crypto.ShortBufferException;
  import javax.crypto.spec.IvParameterSpec;
  import javax.crypto.spec.PBEParameterSpec;
@@ -7510,10 +4609,31 @@
 +// import javax.crypto.spec.RC2ParameterSpec;
 +// import javax.crypto.spec.RC5ParameterSpec;
 +// END android-removed
- import java.security.AlgorithmParameters;
- import java.security.InvalidAlgorithmParameterException;
- import java.security.InvalidKeyException;
-@@ -44,8 +50,10 @@
+ 
+ import org.bouncycastle.crypto.BlockCipher;
+ import org.bouncycastle.crypto.CipherParameters;
+ import org.bouncycastle.crypto.DataLengthException;
+ import org.bouncycastle.crypto.StreamBlockCipher;
+ import org.bouncycastle.crypto.StreamCipher;
+-import org.bouncycastle.crypto.engines.BlowfishEngine;
+-import org.bouncycastle.crypto.engines.DESEngine;
+-import org.bouncycastle.crypto.engines.DESedeEngine;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.engines.BlowfishEngine;
++// import org.bouncycastle.crypto.engines.DESEngine;
++// import org.bouncycastle.crypto.engines.DESedeEngine;
++// END android-removed
+ import org.bouncycastle.crypto.engines.RC4Engine;
+-import org.bouncycastle.crypto.engines.SkipjackEngine;
+-import org.bouncycastle.crypto.engines.TwofishEngine;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.engines.SkipjackEngine;
++// import org.bouncycastle.crypto.engines.TwofishEngine;
++// END android-removed
+ import org.bouncycastle.crypto.modes.CFBBlockCipher;
+ import org.bouncycastle.crypto.modes.OFBBlockCipher;
+ import org.bouncycastle.crypto.params.KeyParameter;
+@@ -40,8 +46,10 @@
      //
      private Class[]                 availableSpecs =
                                      {
@@ -7526,7 +4646,7 @@
                                          IvParameterSpec.class,
                                          PBEParameterSpec.class
                                      };
-@@ -374,125 +382,127 @@
+@@ -370,125 +378,127 @@
       * The ciphers that inherit from us.
       */
  
@@ -7772,8 +4892,8 @@
 +    // END android-removed
  
      /**
-      * RC4
-@@ -517,7 +527,7 @@
+      * PBEWithSHAAnd128BitRC4
+@@ -501,7 +511,7 @@
              super(new RC4Engine(), 0);
          }
      }
@@ -7782,137 +4902,17 @@
      /**
       * PBEWithSHAAnd40BitRC4
       */
-@@ -529,64 +539,66 @@
-             super(new RC4Engine(), 0);
-         }
-     }
--
--    /**
--     * Salsa20
--     */
--    static public class Salsa20
--        extends JCEStreamCipher
--    {
--        public Salsa20()
--        {
--            super(new Salsa20Engine(), 8);
--        }
--    }
--
--    /**
--     * HC-128
--     */
--    static public class HC128
--        extends JCEStreamCipher
--    {
--        public HC128()
--        {
--            super(new HC128Engine(), 16);
--        }
--    }
--
--    /**
--     * HC-256
--     */
--    static public class HC256
--        extends JCEStreamCipher
--    {
--        public HC256()
--        {
--            super(new HC256Engine(), 32);
--        }
--    }
--
--    /**
--     * VMPC
--     */
--    static public class VMPC
--        extends JCEStreamCipher
--    {
--        public VMPC()
--        {
--            super(new VMPCEngine(), 16);
--        }
--    }
--
--    /**
--     * VMPC-KSA3
--     */
--    static public class VMPCKSA3
--        extends JCEStreamCipher
--    {
--        public VMPCKSA3()
--        {
--            super(new VMPCKSA3Engine(), 16);
--        }
--    }
-+    
-+    // BEGIN android-removed
-+    // /**
-+    //  * Salsa20
-+    //  */
-+    // static public class Salsa20
-+    //     extends JCEStreamCipher
-+    // {
-+    //     public Salsa20()
-+    //     {
-+    //         super(new Salsa20Engine(), 8);
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * HC-128
-+    //  */
-+    // static public class HC128
-+    //     extends JCEStreamCipher
-+    // {
-+    //     public HC128()
-+    //     {
-+    //         super(new HC128Engine(), 16);
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * HC-256
-+    //  */
-+    // static public class HC256
-+    //     extends JCEStreamCipher
-+    // {
-+    //     public HC256()
-+    //     {
-+    //         super(new HC256Engine(), 32);
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * VMPC
-+    //  */
-+    // static public class VMPC
-+    //     extends JCEStreamCipher
-+    // {
-+    //     public VMPC()
-+    //     {
-+    //         super(new VMPCEngine(), 16);
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * VMPC-KSA3
-+    //  */
-+    // static public class VMPCKSA3
-+    //     extends JCEStreamCipher
-+    // {
-+    //     public VMPCKSA3()
-+    //     {
-+    //         super(new VMPCKSA3Engine(), 16);
-+    //     }
-+    // }
-+    // END android-removed
- }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java	2011-09-01 17:21:06.000000000 +0000
-@@ -2,19 +2,25 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java	2011-09-08 21:28:49.000000000 +0000
+@@ -11,18 +11,24 @@
+ import javax.crypto.spec.DHGenParameterSpec;
+ import javax.crypto.spec.DHParameterSpec;
+ import javax.crypto.spec.IvParameterSpec;
+-import javax.crypto.spec.RC2ParameterSpec;
++// BEGIN android-removed
++// import javax.crypto.spec.RC2ParameterSpec;
++// END android-removed
  
  import org.bouncycastle.crypto.generators.DHParametersGenerator;
  import org.bouncycastle.crypto.generators.DSAParametersGenerator;
@@ -7935,17 +4935,9 @@
 +// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
 +// END android-removed
  
- import javax.crypto.spec.DHGenParameterSpec;
- import javax.crypto.spec.DHParameterSpec;
- import javax.crypto.spec.IvParameterSpec;
--import javax.crypto.spec.RC2ParameterSpec;
-+// BEGIN android-removed
-+// import javax.crypto.spec.RC2ParameterSpec;
-+// END android-removed
- import java.security.AlgorithmParameterGeneratorSpi;
- import java.security.AlgorithmParameters;
- import java.security.InvalidAlgorithmParameterException;
-@@ -144,196 +150,198 @@
+ public abstract class JDKAlgorithmParameterGenerator
+     extends AlgorithmParameterGeneratorSpi
+@@ -145,196 +151,198 @@
          }
      }
  
@@ -7979,7 +4971,7 @@
 -            
 -            try
 -            {
--                params = AlgorithmParameters.getInstance("GOST3410", "BC");
+-                params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME);
 -                params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
 -            }
 -            catch (Exception e)
@@ -8031,7 +5023,7 @@
 -
 -            try
 -            {
--                params = AlgorithmParameters.getInstance("ElGamal", "BC");
+-                params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME);
 -                params.init(new DHParameterSpec(p.getP(), p.getG(), l));
 -            }
 -            catch (Exception e)
@@ -8069,7 +5061,7 @@
 -
 -            try
 -            {
--                params = AlgorithmParameters.getInstance("DES", "BC");
+-                params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
 -                params.init(new IvParameterSpec(iv));
 -            }
 -            catch (Exception e)
@@ -8117,7 +5109,7 @@
 -
 -                try
 -                {
--                    params = AlgorithmParameters.getInstance("RC2", "BC");
+-                    params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
 -                    params.init(new IvParameterSpec(iv));
 -                }
 -                catch (Exception e)
@@ -8129,7 +5121,7 @@
 -            {
 -                try
 -                {
--                    params = AlgorithmParameters.getInstance("RC2", "BC");
+-                    params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
 -                    params.init(spec);
 -                }
 -                catch (Exception e)
@@ -8141,204 +5133,204 @@
 -            return params;
 -        }
 -    }
-+   // BEGIN android-removed
-+   // public static class GOST3410
-+   //     extends JDKAlgorithmParameterGenerator
-+   // {
-+   //     protected void engineInit(
-+   //             AlgorithmParameterSpec  genParamSpec,
-+   //             SecureRandom            random)
-+   //     throws InvalidAlgorithmParameterException
-+   //     {
-+   //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation.");
-+   //     }
-+   //       
-+   //     protected AlgorithmParameters engineGenerateParameters()
-+   //     {
-+   //         GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator();
-+   //           
-+   //         if (random != null)
-+   //         {
-+   //             pGen.init(strength, 2, random);
-+   //         }
-+   //         else
-+   //         {
-+   //             pGen.init(strength, 2, new SecureRandom());
-+   //         }
-+   //           
-+   //         GOST3410Parameters p = pGen.generateParameters();
-+   //           
-+   //         AlgorithmParameters params;
-+   //           
-+   //         try
-+   //         {
-+   //             params = AlgorithmParameters.getInstance("GOST3410", "BC");
-+   //             params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
-+   //         }
-+   //         catch (Exception e)
-+   //         {
-+   //             throw new RuntimeException(e.getMessage());
-+   //         }
-+   //           
-+   //         return params;
-+   //     }
-+   // }
-+   //   
-+   // public static class ElGamal
-+   //     extends JDKAlgorithmParameterGenerator
-+   // {
-+   //     private int l = 0;
-+   //       
-+   //     protected void engineInit(
-+   //         AlgorithmParameterSpec  genParamSpec,
-+   //         SecureRandom            random)
-+   //         throws InvalidAlgorithmParameterException
-+   //     {
-+   //         if (!(genParamSpec instanceof DHGenParameterSpec))
-+   //         {
-+   //             throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation");
-+   //         }
-+   //         DHGenParameterSpec  spec = (DHGenParameterSpec)genParamSpec;
-+   //
-+   //         this.strength = spec.getPrimeSize();
-+   //         this.l = spec.getExponentSize();
-+   //         this.random = random;
-+   //     }
-+   //
-+   //     protected AlgorithmParameters engineGenerateParameters()
-+   //     {
-+   //         ElGamalParametersGenerator pGen = new ElGamalParametersGenerator();
-+   //
-+   //         if (random != null)
-+   //         {
-+   //             pGen.init(strength, 20, random);
-+   //         }
-+   //         else
-+   //         {
-+   //             pGen.init(strength, 20, new SecureRandom());
-+   //         }
-+   //
-+   //         ElGamalParameters p = pGen.generateParameters();
-+   //
-+   //         AlgorithmParameters params;
-+   //
-+   //         try
-+   //         {
-+   //             params = AlgorithmParameters.getInstance("ElGamal", "BC");
-+   //             params.init(new DHParameterSpec(p.getP(), p.getG(), l));
-+   //         }
-+   //         catch (Exception e)
-+   //         {
-+   //             throw new RuntimeException(e.getMessage());
-+   //         }
-+   //
-+   //         return params;
-+   //     }
-+   // }
-+   //
-+   //  public static class DES
-+   //      extends JDKAlgorithmParameterGenerator
-+   //  {
-+   //      protected void engineInit(
-+   //          AlgorithmParameterSpec  genParamSpec,
-+   //          SecureRandom            random)
-+   //          throws InvalidAlgorithmParameterException
-+   //      {
-+   //          throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
-+   //      }
-+   //
-+   //      protected AlgorithmParameters engineGenerateParameters()
-+   //      {
-+   //          byte[]  iv = new byte[8];
-+   //
-+   //          if (random == null)
-+   //          {
-+   //              random = new SecureRandom();
-+   //          }
-+   //
-+   //          random.nextBytes(iv);
-+   //
-+   //          AlgorithmParameters params;
-+   //
-+   //          try
-+   //          {
-+   //              params = AlgorithmParameters.getInstance("DES", "BC");
-+   //              params.init(new IvParameterSpec(iv));
-+   //          }
-+   //          catch (Exception e)
-+   //          {
-+   //              throw new RuntimeException(e.getMessage());
-+   //          }
-+   //
-+   //          return params;
-+   //      }
-+   //  }
-+   //
-+   //  public static class RC2
-+   //      extends JDKAlgorithmParameterGenerator
-+   //  {
-+   //      RC2ParameterSpec    spec = null;
-+   //
-+   //      protected void engineInit(
-+   //          AlgorithmParameterSpec  genParamSpec,
-+   //          SecureRandom            random)
-+   //          throws InvalidAlgorithmParameterException
-+   //      {
-+   //          if (genParamSpec instanceof RC2ParameterSpec)
-+   //          {
-+   //              spec = (RC2ParameterSpec)genParamSpec;
-+   //              return;
-+   //          }
-+   //
-+   //          throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
-+   //      }
-+   //
-+   //      protected AlgorithmParameters engineGenerateParameters()
-+   //      {
-+   //          AlgorithmParameters params;
-+   //
-+   //          if (spec == null)
-+   //          {
-+   //              byte[]  iv = new byte[8];
-+   //
-+   //              if (random == null)
-+   //              {
-+   //                  random = new SecureRandom();
-+   //              }
-+   //
-+   //              random.nextBytes(iv);
-+   //
-+   //              try
-+   //              {
-+   //                  params = AlgorithmParameters.getInstance("RC2", "BC");
-+   //                  params.init(new IvParameterSpec(iv));
-+   //              }
-+   //              catch (Exception e)
-+   //              {
-+   //                  throw new RuntimeException(e.getMessage());
-+   //              }
-+   //          }
-+   //          else
-+   //          {
-+   //              try
-+   //              {
-+   //                  params = AlgorithmParameters.getInstance("RC2", "BC");
-+   //                  params.init(spec);
-+   //              }
-+   //              catch (Exception e)
-+   //              {
-+   //                  throw new RuntimeException(e.getMessage());
-+   //              }
-+   //          }
-+   //
-+   //          return params;
-+   //      }
-+   //  }
-+   // END android-removed
++    // BEGIN android-removed
++    // public static class GOST3410
++    //     extends JDKAlgorithmParameterGenerator
++    // {
++    //     protected void engineInit(
++    //             AlgorithmParameterSpec  genParamSpec,
++    //             SecureRandom            random)
++    //     throws InvalidAlgorithmParameterException
++    //     {
++    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation.");
++    //     }
++    //    
++    //     protected AlgorithmParameters engineGenerateParameters()
++    //     {
++    //         GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator();
++    //        
++    //         if (random != null)
++    //         {
++    //             pGen.init(strength, 2, random);
++    //         }
++    //         else
++    //         {
++    //             pGen.init(strength, 2, new SecureRandom());
++    //         }
++    //        
++    //         GOST3410Parameters p = pGen.generateParameters();
++    //        
++    //         AlgorithmParameters params;
++    //
++    //         try
++    //         {
++    //             params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME);
++    //             params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
++    //         }
++    //         catch (Exception e)
++    //         {
++    //             throw new RuntimeException(e.getMessage());
++    //         }
++    //
++    //         return params;
++    //     }
++    // }
++    //
++    // public static class ElGamal
++    //     extends JDKAlgorithmParameterGenerator
++    // {
++    //     private int l = 0;
++    //
++    //     protected void engineInit(
++    //         AlgorithmParameterSpec  genParamSpec,
++    //         SecureRandom            random)
++    //         throws InvalidAlgorithmParameterException
++    //     {
++    //         if (!(genParamSpec instanceof DHGenParameterSpec))
++    //         {
++    //             throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation");
++    //         }
++    //         DHGenParameterSpec  spec = (DHGenParameterSpec)genParamSpec;
++    //
++    //         this.strength = spec.getPrimeSize();
++    //         this.l = spec.getExponentSize();
++    //         this.random = random;
++    //     }
++    //
++    //     protected AlgorithmParameters engineGenerateParameters()
++    //     {
++    //         ElGamalParametersGenerator pGen = new ElGamalParametersGenerator();
++    //
++    //         if (random != null)
++    //         {
++    //             pGen.init(strength, 20, random);
++    //         }
++    //         else
++    //         {
++    //             pGen.init(strength, 20, new SecureRandom());
++    //         }
++    //
++    //         ElGamalParameters p = pGen.generateParameters();
++    //
++    //         AlgorithmParameters params;
++    //
++    //         try
++    //         {
++    //             params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME);
++    //             params.init(new DHParameterSpec(p.getP(), p.getG(), l));
++    //         }
++    //         catch (Exception e)
++    //         {
++    //             throw new RuntimeException(e.getMessage());
++    //         }
++    //
++    //         return params;
++    //     }
++    // }
++    //
++    // public static class DES
++    //     extends JDKAlgorithmParameterGenerator
++    // {
++    //     protected void engineInit(
++    //         AlgorithmParameterSpec  genParamSpec,
++    //         SecureRandom            random)
++    //         throws InvalidAlgorithmParameterException
++    //     {
++    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
++    //     }
++    //
++    //     protected AlgorithmParameters engineGenerateParameters()
++    //     {
++    //         byte[]  iv = new byte[8];
++    //
++    //         if (random == null)
++    //         {
++    //             random = new SecureRandom();
++    //         }
++    //
++    //         random.nextBytes(iv);
++    //
++    //         AlgorithmParameters params;
++    //
++    //         try
++    //         {
++    //             params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
++    //             params.init(new IvParameterSpec(iv));
++    //         }
++    //         catch (Exception e)
++    //         {
++    //             throw new RuntimeException(e.getMessage());
++    //         }
++    //
++    //         return params;
++    //     }
++    // }
++    //
++    // public static class RC2
++    //     extends JDKAlgorithmParameterGenerator
++    // {
++    //     RC2ParameterSpec    spec = null;
++    //
++    //     protected void engineInit(
++    //         AlgorithmParameterSpec  genParamSpec,
++    //         SecureRandom            random)
++    //         throws InvalidAlgorithmParameterException
++    //     {
++    //         if (genParamSpec instanceof RC2ParameterSpec)
++    //         {
++    //             spec = (RC2ParameterSpec)genParamSpec;
++    //             return;
++    //         }
++    //
++    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
++    //     }
++    //
++    //     protected AlgorithmParameters engineGenerateParameters()
++    //     {
++    //         AlgorithmParameters params;
++    //
++    //         if (spec == null)
++    //         {
++    //             byte[]  iv = new byte[8];
++    //
++    //             if (random == null)
++    //             {
++    //                 random = new SecureRandom();
++    //             }
++    //
++    //             random.nextBytes(iv);
++    //
++    //             try
++    //             {
++    //                 params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
++    //                 params.init(new IvParameterSpec(iv));
++    //             }
++    //             catch (Exception e)
++    //             {
++    //                 throw new RuntimeException(e.getMessage());
++    //             }
++    //         }
++    //         else
++    //         {
++    //             try
++    //             {
++    //                 params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
++    //                 params.init(spec);
++    //             }
++    //             catch (Exception e)
++    //             {
++    //                 throw new RuntimeException(e.getMessage());
++    //             }
++    //         }
++    //
++    //         return params;
++    //     }
++    // }
++    // END android-removed
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java	2011-09-08 21:28:49.000000000 +0000
 @@ -10,21 +10,27 @@
  import org.bouncycastle.asn1.DERObjectIdentifier;
  import org.bouncycastle.asn1.DEROctetString;
@@ -9836,12 +6828,12 @@
 +    // }
 +    // END android-removed
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java	2011-09-01 17:21:06.000000000 +0000
-@@ -22,13 +22,17 @@
- import org.bouncycastle.crypto.DSA;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDSASigner.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java	2011-09-08 21:28:49.000000000 +0000
+@@ -23,13 +23,17 @@
  import org.bouncycastle.crypto.Digest;
+ import org.bouncycastle.crypto.digests.NullDigest;
  import org.bouncycastle.crypto.digests.SHA1Digest;
 -import org.bouncycastle.crypto.digests.SHA224Digest;
 +// BEGIN android-removed
@@ -9856,9 +6848,9 @@
 +// BEGIN android-removed
 +// import org.bouncycastle.jce.interfaces.GOST3410Key;
 +// END android-removed
- import org.bouncycastle.jce.provider.util.NullDigest;
  
  public class JDKDSASigner
+     extends SignatureSpi
 @@ -53,11 +57,16 @@
      {
          CipherParameters    param;
@@ -9987,10 +6979,10 @@
  
      static public class noneDSA
          extends JDKDSASigner
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java	2011-09-01 17:21:06.000000000 +0000
-@@ -23,14 +23,20 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java	2011-09-08 21:28:49.000000000 +0000
+@@ -23,15 +23,21 @@
  import org.bouncycastle.crypto.AsymmetricBlockCipher;
  import org.bouncycastle.crypto.CipherParameters;
  import org.bouncycastle.crypto.Digest;
@@ -10001,6 +6993,7 @@
 +// import org.bouncycastle.crypto.digests.MD4Digest;
 +// END android-removed
  import org.bouncycastle.crypto.digests.MD5Digest;
+ import org.bouncycastle.crypto.digests.NullDigest;
 -import org.bouncycastle.crypto.digests.RIPEMD128Digest;
 -import org.bouncycastle.crypto.digests.RIPEMD160Digest;
 -import org.bouncycastle.crypto.digests.RIPEMD256Digest;
@@ -10017,32 +7010,6 @@
  import org.bouncycastle.crypto.digests.SHA256Digest;
  import org.bouncycastle.crypto.digests.SHA384Digest;
  import org.bouncycastle.crypto.digests.SHA512Digest;
-@@ -179,13 +185,13 @@
-                 }
-             }
-         }
--        else if (sig.length == expected.length - 2)  // NULL left out
-+        else if (expected.length == sig.length - 2)  // NULL left out
-         {
-             int sigOffset = sig.length - hash.length - 2;
-             int expectedOffset = expected.length - hash.length - 2;
- 
--            expected[1] -= 2;      // adjust lengths
--            expected[3] -= 2;
-+            sig[1] -= 2;      // adjust lengths
-+            sig[3] -= 2;
- 
-             for (int i = 0; i < hash.length; i++)
-             {
-@@ -195,7 +201,7 @@
-                 }
-             }
- 
--            for (int i = 0; i < sigOffset; i++)
-+            for (int i = 0; i < expectedOffset; i++)
-             {
-                 if (sig[i] != expected[i])  // check header less NULL
-                 {
 @@ -265,14 +271,16 @@
          }
      }
@@ -10188,9 +7155,9 @@
 +    // }
 +    // END android-removed
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java	2011-09-08 21:28:49.000000000 +0000
 @@ -36,17 +36,21 @@
  import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
  import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -10220,7 +7187,28 @@
      
      public JDKKeyFactory()
      {
-@@ -162,25 +166,33 @@
+@@ -140,6 +144,20 @@
+            
+            return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG());
+        }
++       // BEGIN android-added
++       else if (spec.isAssignableFrom(DSAPublicKeySpec.class) && key instanceof DSAPublicKey)
++       {
++            DSAPublicKey    k = (DSAPublicKey)key;
++
++            return new DSAPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG());
++       }
++       else if (spec.isAssignableFrom(DSAPrivateKeySpec.class) && key instanceof DSAPrivateKey)
++       {
++            DSAPrivateKey    k = (DSAPrivateKey)key;
++
++            return new DSAPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG());
++       }
++       // END android-added
+ 
+        throw new RuntimeException("not implemented yet " + key + " " + spec);
+     }
+@@ -162,25 +180,33 @@
          }
          else if (key instanceof DHPublicKey)
          {
@@ -10268,7 +7256,7 @@
          }
          else if (key instanceof DSAPublicKey)
          {
-@@ -190,14 +202,16 @@
+@@ -190,14 +216,16 @@
          {
              return new JDKDSAPrivateKey((DSAPrivateKey)key);
          }
@@ -10293,7 +7281,7 @@
  
          throw new InvalidKeyException("key type unknown");
      }
-@@ -233,10 +247,12 @@
+@@ -233,10 +261,12 @@
          {
              return new JCEDHPublicKey(info);
          }
@@ -10310,14 +7298,10 @@
          else if (algOid.equals(X9ObjectIdentifiers.id_dsa))
          {
              return new JDKDSAPublicKey(info);
-@@ -245,18 +261,19 @@
+@@ -249,14 +279,15 @@
          {
-             return new JDKDSAPublicKey(info);
+             return new JCEECPublicKey(info);
          }
--        else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
--        {
--            return new JCEECPublicKey(info);
--        }
 -        else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
 -        {
 -            return new JDKGOST3410PublicKey(info);
@@ -10327,10 +7311,6 @@
 -            return new JCEECPublicKey(info);
 -        }
 +        // BEGIN android-removed
-+        // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-+        // {
-+        //     return new JCEECPublicKey(info);
-+        // }
 +        // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
 +        // {
 +        //     return new JDKGOST3410PublicKey(info);
@@ -10342,7 +7322,7 @@
          else
          {
              throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised");
-@@ -290,26 +307,30 @@
+@@ -294,10 +325,12 @@
          {
                return new JCEDHPrivateKey(info);
          }
@@ -10359,11 +7339,10 @@
          else if (algOid.equals(X9ObjectIdentifiers.id_dsa))
          {
                return new JDKDSAPrivateKey(info);
+@@ -306,14 +339,16 @@
+         {
+               return new JCEECPrivateKey(info);
          }
--        else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
--        {
--              return new JCEECPrivateKey(info);
--        }
 -        else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
 -        {
 -              return new JDKGOST3410PrivateKey(info);
@@ -10373,10 +7352,6 @@
 -              return new JCEECPrivateKey(info);
 -        }
 +        // BEGIN android-removed
-+        // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-+        // {
-+        //       return new JCEECPrivateKey(info);
-+        // }
 +        // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
 +        // {
 +        //       return new JDKGOST3410PrivateKey(info);
@@ -10389,7 +7364,7 @@
          else
          {
              throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised");
-@@ -440,89 +461,92 @@
+@@ -444,89 +479,92 @@
          }
      }
  
@@ -10566,9 +7541,9 @@
 +    // }
 +    // END android-removed
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java	2011-09-08 21:28:49.000000000 +0000
 @@ -6,9 +6,11 @@
  import org.bouncycastle.crypto.generators.DHParametersGenerator;
  import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
@@ -10910,9 +7885,9 @@
 +   // }
 +   // END android-removed
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java	2011-09-08 21:28:49.000000000 +0000
 @@ -39,7 +39,12 @@
  import org.bouncycastle.crypto.CipherParameters;
  import org.bouncycastle.crypto.Digest;
@@ -11013,9 +7988,9 @@
 -    }
 +    }    
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java	2011-09-08 21:28:49.000000000 +0000
 @@ -57,36 +57,38 @@
          {
              super(new SHA1Digest());
@@ -11460,10 +8435,10 @@
 +    // }
 +    // END android-removed
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java	2011-09-01 17:21:06.000000000 +0000
-@@ -255,10 +255,13 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java	2011-09-08 21:28:49.000000000 +0000
+@@ -260,10 +260,13 @@
              }
          }
  
@@ -11481,7 +8456,7 @@
      }
  
      /**
-@@ -433,6 +436,14 @@
+@@ -438,6 +441,14 @@
      
      public Date engineGetCreationDate(String alias) 
      {
@@ -11496,7 +8471,7 @@
          return new Date();
      }
  
-@@ -491,6 +502,11 @@
+@@ -496,6 +507,11 @@
          Certificate[]   chain) 
          throws KeyStoreException
      {
@@ -11508,7 +8483,7 @@
          if ((key instanceof PrivateKey) && (chain == null))
          {
              throw new KeyStoreException("no certificate chain for private key");
-@@ -502,12 +518,18 @@
+@@ -507,12 +523,18 @@
          }
  
          keys.put(alias, key);
@@ -11527,7 +8502,7 @@
      }
  
      public int engineSize() 
-@@ -1434,7 +1456,9 @@
+@@ -1488,7 +1510,9 @@
          {
              byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data);
  
@@ -11538,7 +8513,7 @@
              DigestInfo              dInfo = new DigestInfo(algId, res);
  
              mData = new MacData(dInfo, mSalt, itCount);
-@@ -1484,32 +1508,34 @@
+@@ -1545,32 +1569,34 @@
          }
      }
  
@@ -11599,7 +8574,7 @@
  
      private static class IgnoresCaseHashtable
      {
-@@ -1518,7 +1544,7 @@
+@@ -1579,7 +1605,7 @@
  
          public void put(String key, Object value)
          {
@@ -11608,7 +8583,7 @@
              String k = (String)keys.get(lower);
              if (k != null)
              {
-@@ -1536,7 +1562,9 @@
+@@ -1597,7 +1623,9 @@
  
          public Object remove(String alias)
          {
@@ -11619,7 +8594,7 @@
              if (k == null)
              {
                  return null;
-@@ -1547,7 +1575,9 @@
+@@ -1608,7 +1636,9 @@
  
          public Object get(String alias)
          {
@@ -11630,9 +8605,9 @@
              if (k == null)
              {
                  return null;
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PBE.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java	2011-09-08 21:28:49.000000000 +0000
 @@ -7,12 +7,18 @@
  
  import org.bouncycastle.crypto.CipherParameters;
@@ -11705,152 +8680,9 @@
                  case SHA256:
                      generator = new PKCS12ParametersGenerator(new SHA256Digest());
                      break;
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java	2011-09-01 17:21:06.000000000 +0000
-@@ -1,6 +1,9 @@
- package org.bouncycastle.jce.provider;
- 
- import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-+// BEGIN android-added
-+import org.bouncycastle.asn1.OrderedTable;
-+// END android-added
- import org.bouncycastle.asn1.DERObjectIdentifier;
- import org.bouncycastle.asn1.DEREncodable;
- import org.bouncycastle.asn1.ASN1OutputStream;
-@@ -17,65 +20,73 @@
- class PKCS12BagAttributeCarrierImpl
-     implements PKCS12BagAttributeCarrier
- {
--    private Hashtable pkcs12Attributes;
--    private Vector pkcs12Ordering;
--
--    PKCS12BagAttributeCarrierImpl(Hashtable attributes, Vector ordering)
--    {
--        this.pkcs12Attributes = attributes;
--        this.pkcs12Ordering = ordering;
--    }
-+    // BEGIN android-changed
-+    private OrderedTable pkcs12 = new OrderedTable();
-+    // END android-changed
-+
-+    // BEGIN android-removed
-+    // PKCS12BagAttributeCarrierImpl(Hashtable attributes, Vector ordering)
-+    // {
-+    //     this.pkcs12Attributes = attributes;
-+    //     this.pkcs12Ordering = ordering;
-+    // }
-+    // END android-removed
- 
-     public PKCS12BagAttributeCarrierImpl()
-     {
--        this(new Hashtable(), new Vector());
-+        // BEGIN android-removed
-+        // this(new Hashtable(), new Vector());
-+        // END android-removed
-     }
- 
-     public void setBagAttribute(
-         DERObjectIdentifier oid,
-         DEREncodable        attribute)
-     {
--        if (pkcs12Attributes.containsKey(oid))
--        {                           // preserve original ordering
--            pkcs12Attributes.put(oid, attribute);
--        }
--        else
--        {
--            pkcs12Attributes.put(oid, attribute);
--            pkcs12Ordering.addElement(oid);
--        }
-+        // BEGIN android-changed
-+        // preserve original ordering
-+        pkcs12.put(oid, attribute);
-+        // END android-changed
-     }
- 
-     public DEREncodable getBagAttribute(
-         DERObjectIdentifier oid)
-     {
--        return (DEREncodable)pkcs12Attributes.get(oid);
-+        // BEGIN android-changed
-+        return (DEREncodable)pkcs12.get(oid);
-+        // END android-changed
-     }
- 
-     public Enumeration getBagAttributeKeys()
-     {
--        return pkcs12Ordering.elements();
-+        // BEGIN android-changed
-+        return pkcs12.getKeys();
-+        // END android-changed
-     }
- 
-     int size()
-     {
--        return pkcs12Ordering.size();
--    }
--
--    Hashtable getAttributes()
--    {
--        return pkcs12Attributes;
--    }
--
--    Vector getOrdering()
--    {
--        return pkcs12Ordering;
--    }
-+        // BEGIN android-changed
-+        return pkcs12.size();
-+        // END android-changed
-+    }
-+
-+    // BEGIN android-removed
-+    // Hashtable getAttributes()
-+    // {
-+    //     return pkcs12Attributes;
-+    // }
-+    //
-+    // Vector getOrdering()
-+    // {
-+    //     return pkcs12Ordering;
-+    // }
-+    // END android-removed
- 
-     public void writeObject(ObjectOutputStream out)
-         throws IOException
-     {
--        if (pkcs12Ordering.size() == 0)
-+        if (pkcs12.size() == 0)
-         {
-             out.writeObject(new Hashtable());
-             out.writeObject(new Vector());
-@@ -92,7 +103,7 @@
-                 DERObjectIdentifier    oid = (DERObjectIdentifier)e.nextElement();
- 
-                 aOut.writeObject(oid);
--                aOut.writeObject(pkcs12Attributes.get(oid));
-+                aOut.writeObject(pkcs12.get(oid));
-             }
- 
-             out.writeObject(bOut.toByteArray());
-@@ -106,8 +117,11 @@
- 
-         if (obj instanceof Hashtable)
-         {
--            this.pkcs12Attributes = (Hashtable)obj;
--            this.pkcs12Ordering = (Vector)in.readObject();
-+            // BEGIN android-changed
-+            // we only write out Hashtable/Vector in empty case
-+            in.readObject(); // consume empty Vector
-+            this.pkcs12 = new OrderedTable();
-+            // END android-changed
-         }
-         else
-         {
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPath.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java	2011-09-08 21:28:49.000000000 +0000
 @@ -33,7 +33,9 @@
  import org.bouncycastle.asn1.pkcs.ContentInfo;
  import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -11913,24 +8745,9 @@
          else
          {
              throw new CertificateEncodingException("unsupported encoding: " + encoding);
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java	2011-09-01 17:21:06.000000000 +0000
-@@ -172,8 +172,9 @@
-         try
-         {
-             // check whether the issuer of <tbvCert> is a TrustAnchor
--            if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(),
--                pkixParams.getSigProvider()) != null)
-+            // BEGIN android-changed
-+            if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams) != null)
-+                // END android-changed
-             {
-                 // exception message from possibly later tried certification
-                 // chains
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2011-09-08 21:28:49.000000000 +0000
 @@ -1,5 +1,8 @@
  package org.bouncycastle.jce.provider;
  
@@ -11948,14 +8765,7 @@
  import java.util.HashSet;
  import java.util.Iterator;
  import java.util.List;
-@@ -20,9 +24,17 @@
- 
- import javax.security.auth.x500.X500Principal;
- 
-+// BEGIN android-added
-+import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters;
-+
-+// END android-added
+@@ -23,6 +27,10 @@
  import org.bouncycastle.asn1.DEREncodable;
  import org.bouncycastle.asn1.DERObjectIdentifier;
  import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -11966,7 +8776,7 @@
  import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
  import org.bouncycastle.x509.ExtendedPKIXParameters;
  
-@@ -33,6 +45,55 @@
+@@ -33,6 +41,63 @@
  public class PKIXCertPathValidatorSpi
          extends CertPathValidatorSpi
  {
@@ -12001,6 +8811,14 @@
 +        // Issuer: CN=Entrust.net
 +        {(byte)0xe2, (byte)0x3b, (byte)0x8d, (byte)0x10, (byte)0x5f, (byte)0x87, (byte)0x71, (byte)0x0a, (byte)0x68, (byte)0xd9,
 +         (byte)0x24, (byte)0x80, (byte)0x50, (byte)0xeb, (byte)0xef, (byte)0xc6, (byte)0x27, (byte)0xbe, (byte)0x4c, (byte)0xa6},
++        // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
++        // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
++        {(byte)0x7b, (byte)0x2e, (byte)0x16, (byte)0xbc, (byte)0x39, (byte)0xbc, (byte)0xd7, (byte)0x2b, (byte)0x45, (byte)0x6e,
++         (byte)0x9f, (byte)0x05, (byte)0x5d, (byte)0x1d, (byte)0xe6, (byte)0x15, (byte)0xb7, (byte)0x49, (byte)0x45, (byte)0xdb},
++        // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
++        // Issuer: CN=Staat der Nederlanden Overheid CA
++        {(byte)0xe8, (byte)0xf9, (byte)0x12, (byte)0x00, (byte)0xc6, (byte)0x5c, (byte)0xee, (byte)0x16, (byte)0xe0, (byte)0x39,
++         (byte)0xb9, (byte)0xf8, (byte)0x83, (byte)0x84, (byte)0x16, (byte)0x61, (byte)0x63, (byte)0x5f, (byte)0x81, (byte)0xc5},
 +    };
 +
 +    private static boolean isPublicKeyBlackListed(PublicKey publicKey) {
@@ -12022,26 +8840,7 @@
  
      public CertPathValidatorResult engineValidate(
              CertPath certPath,
-@@ -46,6 +107,18 @@
-                     + " instance.");
-         }
- 
-+        // BEGIN android-added
-+        IndexedPKIXParameters indexedParams;
-+        if (params instanceof IndexedPKIXParameters)
-+        {
-+            indexedParams = (IndexedPKIXParameters)params;
-+        }
-+        else
-+        {
-+            indexedParams = null;
-+        }
-+
-+        // END android-added
-         ExtendedPKIXParameters paramsPKIX;
-         if (params instanceof ExtendedPKIXParameters)
-         {
-@@ -75,6 +148,22 @@
+@@ -75,6 +140,22 @@
          {
              throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
          }
@@ -12064,51 +8863,7 @@
  
          //
          // (b)
-@@ -90,10 +179,15 @@
-         // (d)
-         // 
-         TrustAnchor trust;
-+        // BEGIN android-added
-+        X509Certificate lastCert = (X509Certificate) certs.get(certs.size() - 1);
-+        // END android-added
-         try
-         {
--            trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1),
--                    paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider());
-+            // BEGIN android-changed
-+            trust = CertPathValidatorUtilities.findTrustAnchor(lastCert,
-+                    indexedParams != null ? indexedParams : paramsPKIX);
-+            // END android-changed
-         }
-         catch (AnnotatedException e)
-         {
-@@ -189,12 +283,25 @@
-         X500Principal workingIssuerName;
- 
-         X509Certificate sign = trust.getTrustedCert();
-+        // BEGIN android-added
-+        boolean trustAnchorInChain = false;
-+        // END android-added
-         try
-         {
-             if (sign != null)
-             {
-                 workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
-                 workingPublicKey = sign.getPublicKey();
-+                // BEGIN android-added
-+                // There is similar code in CertPathValidatorUtilities.
-+                try {
-+                    byte[] trustBytes = sign.getEncoded();
-+                    byte[] certBytes = lastCert.getEncoded();
-+                    trustAnchorInChain = Arrays.equals(trustBytes, certBytes);
-+                } catch(Exception e) {
-+                    // ignore, continue with trustAnchorInChain being false
-+                }
-+                // END android-added
-             }
-             else
-             {
-@@ -251,6 +358,15 @@
+@@ -251,6 +332,15 @@
  
          for (index = certs.size() - 1; index >= 0; index--)
          {
@@ -12124,51 +8879,9 @@
              // try
              // {
              //
-@@ -271,8 +387,10 @@
-             // 6.1.3
-             //
- 
-+            // BEGIN android-changed
-             RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey,
--                verificationAlreadyPerformed, workingIssuerName, sign);
-+                verificationAlreadyPerformed, workingIssuerName, sign, i, trustAnchorInChain);
-+            // END android-changed
- 
-             RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator);
- 
-@@ -289,11 +407,18 @@
- 
-             if (i != n)
-             {
-+                // BEGIN android-added
-+                if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-+                {
-+                // END android-added
-                 if (cert != null && cert.getVersion() == 1)
-                 {
-                     throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null,
-                             certPath, index);
-                 }
-+                // BEGIN android-added
-+                }
-+                // END android-added
- 
-                 RFC3280CertPathUtilities.prepareNextCertA(certPath, index);
- 
-@@ -317,7 +442,9 @@
-                 inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy);
- 
-                 // (k)
--                RFC3280CertPathUtilities.prepareNextCertK(certPath, index);
-+                // BEGIN android-changed
-+                RFC3280CertPathUtilities.prepareNextCertK(certPath, index, i, trustAnchorInChain);
-+                // END android-changed
- 
-                 // (l)
-                 maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength);
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java	2011-09-08 21:28:49.000000000 +0000
 @@ -1533,7 +1533,9 @@
          for (Enumeration e = permitted.getObjects(); e.hasMoreElements();)
          {
@@ -12180,232 +8893,10 @@
              if (subtreesMap.get(tagNo) == null)
              {
                  subtreesMap.put(tagNo, new HashSet());
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java	2011-09-01 17:21:06.000000000 +0000
-@@ -1,9 +1,13 @@
- package org.bouncycastle.jce.provider;
- 
- import org.bouncycastle.jce.ProviderConfigurationPermission;
--import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
-+// BEGIN android-removed
-+// import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
-+// END android-removed
- import org.bouncycastle.jce.interfaces.ConfigurableProvider;
--import org.bouncycastle.jce.spec.ECParameterSpec;
-+// BEGIN android-removed
-+// import org.bouncycastle.jce.spec.ECParameterSpec;
-+// END android-removed
- 
- import java.io.ByteArrayInputStream;
- import java.io.IOException;
-@@ -20,68 +24,74 @@
-                                                    "BC", ConfigurableProvider.EC_IMPLICITLY_CA);
- 
-     private static ThreadLocal threadSpec = new ThreadLocal();
--    private static volatile ECParameterSpec ecImplicitCaParams;
-+    // BEGIN android-removed
-+    // private static volatile ECParameterSpec ecImplicitCaParams;
-+    // END android-removed
- 
-     static void setParameter(String parameterName, Object parameter)
-     {
-         SecurityManager securityManager = System.getSecurityManager();
- 
--        if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA))
--        {
--            ECParameterSpec curveSpec;
--
--            if (securityManager != null)
--            {
--                securityManager.checkPermission(BC_EC_LOCAL_PERMISSION);
--            }
--
--            if (parameter instanceof ECParameterSpec || parameter == null)
--            {
--                curveSpec = (ECParameterSpec)parameter;
--            }
--            else  // assume java.security.spec
--            {
--                curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
--            }
--
--            if (curveSpec == null)
--            {
--                threadSpec.remove();
--            }
--            else
--            {
--                threadSpec.set(curveSpec);
--            }
--        }
--        else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA))
--        {
--            if (securityManager != null)
--            {
--                securityManager.checkPermission(BC_EC_PERMISSION);
--            }
--
--            if (parameter instanceof ECParameterSpec || parameter == null)
--            {
--                ecImplicitCaParams = (ECParameterSpec)parameter;
--            }
--            else  // assume java.security.spec
--            {
--                ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
--            }
--        }
-+        // BEGIN android-removed
-+        // if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA))
-+        // {
-+        //     ECParameterSpec curveSpec;
-+        //
-+        //     if (securityManager != null)
-+        //     {
-+        //         securityManager.checkPermission(BC_EC_LOCAL_PERMISSION);
-+        //     }
-+        //
-+        //     if (parameter instanceof ECParameterSpec || parameter == null)
-+        //     {
-+        //         curveSpec = (ECParameterSpec)parameter;
-+        //     }
-+        //     else  // assume java.security.spec
-+        //     {
-+        //         curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
-+        //     }
-+        //
-+        //     if (curveSpec == null)
-+        //     {
-+        //         threadSpec.remove();
-+        //     }
-+        //     else
-+        //     {
-+        //         threadSpec.set(curveSpec);
-+        //     }
-+        // }
-+        // else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA))
-+        // {
-+        //     if (securityManager != null)
-+        //     {
-+        //         securityManager.checkPermission(BC_EC_PERMISSION);
-+        //     }
-+        //
-+        //     if (parameter instanceof ECParameterSpec || parameter == null)
-+        //     {
-+        //         ecImplicitCaParams = (ECParameterSpec)parameter;
-+        //     }
-+        //     else  // assume java.security.spec
-+        //     {
-+        //         ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
-+        //     }
-+        // }
-+        // END android-removed
-     }
- 
--    public static ECParameterSpec getEcImplicitlyCa()
--    {
--        ECParameterSpec spec = (ECParameterSpec)threadSpec.get();
--
--        if (spec != null)
--        {
--            return spec;
--        }
--
--        return ecImplicitCaParams;
--    }
-+    // BEGIN android-removed
-+    // public static ECParameterSpec getEcImplicitlyCa()
-+    // {
-+    //     ECParameterSpec spec = (ECParameterSpec)threadSpec.get();
-+    //
-+    //     if (spec != null)
-+    //     {
-+    //         return spec;
-+    //     }
-+    //
-+    //     return ecImplicitCaParams;
-+    // }
-+    // END android-removed
- 
-     static int getReadLimit(InputStream in)
-         throws IOException
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java	2011-09-01 17:21:06.000000000 +0000
-@@ -1471,7 +1471,11 @@
-         PublicKey workingPublicKey,
-         boolean verificationAlreadyPerformed,
-         X500Principal workingIssuerName,
--        X509Certificate sign)
-+        X509Certificate sign,
-+        // BEGIN android-added
-+        int i, 
-+        boolean trustAnchorInChain)
-+        // END android-added
-         throws ExtCertPathValidatorException
-     {
-         List certs = certPath.getCertificates();
-@@ -1485,8 +1489,15 @@
-             {
-                 // (a) (1)
-                 //
-+                // BEGIN android-added
-+                if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-+                {
-+                // END android-added
-                 CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey,
-                     paramsPKIX.getSigProvider());
-+                // BEGIN android-added
-+                }
-+                // END android-added
-             }
-             catch (GeneralSecurityException e)
-             {
-@@ -2077,7 +2088,11 @@
- 
-     protected static void prepareNextCertK(
-         CertPath certPath,
--        int index)
-+        int index,
-+        // BEGIN android-added
-+        int i, 
-+        boolean trustAnchorInChain)
-+        // END android-added
-         throws CertPathValidatorException
-     {
-         List certs = certPath.getCertificates();
-@@ -2105,7 +2120,14 @@
-         }
-         else
-         {
-+            // BEGIN android-added
-+            if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-+            {
-+            // END android-added
-             throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
-+            // BEGIN android-added
-+            }
-+            // END android-added
-         }
-     }
- 
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java	2011-09-01 17:21:06.000000000 +0000
-@@ -12,8 +12,10 @@
- import org.bouncycastle.crypto.Wrapper;
- import org.bouncycastle.crypto.engines.DESedeEngine;
- import org.bouncycastle.crypto.engines.DESedeWrapEngine;
--import org.bouncycastle.crypto.engines.RC2WrapEngine;
--import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.RC2WrapEngine;
-+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-+// END android-removed
- import org.bouncycastle.crypto.params.KeyParameter;
- import org.bouncycastle.crypto.params.ParametersWithIV;
- 
-@@ -25,8 +27,10 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java	2011-09-08 21:28:49.000000000 +0000
+@@ -22,8 +22,10 @@
  import javax.crypto.ShortBufferException;
  import javax.crypto.spec.IvParameterSpec;
  import javax.crypto.spec.PBEParameterSpec;
@@ -12416,9 +8907,20 @@
 +// import javax.crypto.spec.RC5ParameterSpec;
 +// END android-removed
  import javax.crypto.spec.SecretKeySpec;
- import java.security.AlgorithmParameters;
- import java.security.InvalidAlgorithmParameterException;
-@@ -52,8 +56,10 @@
+ 
+ import org.bouncycastle.asn1.ASN1InputStream;
+@@ -36,7 +38,9 @@
+ import org.bouncycastle.crypto.CipherParameters;
+ import org.bouncycastle.crypto.InvalidCipherTextException;
+ import org.bouncycastle.crypto.Wrapper;
+-import org.bouncycastle.crypto.engines.RC2WrapEngine;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.engines.RC2WrapEngine;
++// END android-removed
+ import org.bouncycastle.crypto.params.KeyParameter;
+ import org.bouncycastle.crypto.params.ParametersWithIV;
+ 
+@@ -50,8 +54,10 @@
                                      {
                                          IvParameterSpec.class,
                                          PBEParameterSpec.class,
@@ -12431,7 +8933,7 @@
                                      };
  
      protected int                     pbeType = PKCS12;
-@@ -265,16 +271,19 @@
+@@ -263,16 +269,19 @@
          return null;
      }
  
@@ -12452,7 +8954,7 @@
  
      protected byte[] engineWrap(
          Key     key)
-@@ -307,7 +316,12 @@
+@@ -305,7 +314,12 @@
          byte[]  wrappedKey,
          String  wrappedKeyAlgorithm,
          int     wrappedKeyType)
@@ -12466,37 +8968,24 @@
      {
          byte[] encoded;
          try
-@@ -354,15 +368,20 @@
- 
-                 DERObjectIdentifier  oid = in.getAlgorithmId().getObjectId();
- 
--                if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey))
--                {
--                    privKey = new JCEECPrivateKey(in);
--                }
+@@ -356,10 +370,12 @@
+                 {
+                     privKey = new JCEECPrivateKey(in);
+                 }
 -                else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94))
 -                {
 -                    privKey = new JDKGOST3410PrivateKey(in);
 -                }
--                else if (oid.equals(X9ObjectIdentifiers.id_dsa))
 +                // BEGIN android-removed
-+                // if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-+                // {
-+                //     privKey = new JCEECPrivateKey(in);
-+                // }
 +                // else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94))
 +                // {
 +                //     privKey = new JDKGOST3410PrivateKey(in);
 +                // }
-+                // else if (oid.equals(X9ObjectIdentifiers.id_dsa))
 +                // END android-removed
-+                // BEGIN android-added
-+                if (oid.equals(X9ObjectIdentifiers.id_dsa))
-+                // END android-added
+                 else if (oid.equals(X9ObjectIdentifiers.id_dsa))
                  {
                      privKey = new JDKDSAPrivateKey(in);
-                 }
-@@ -405,10 +424,12 @@
+@@ -403,10 +419,12 @@
              {
                  throw new InvalidKeyException("Unknown key type " + e.getMessage());
              }
@@ -12513,9 +9002,9 @@
              catch (InvalidKeySpecException e2)
              {
                  throw new InvalidKeyException("Unknown key type " + e2.getMessage());
-@@ -433,21 +454,23 @@
-         }
-     }
+@@ -420,12 +438,14 @@
+     // classes that inherit directly from us
+     //
  
 -    public static class RC2Wrap
 -        extends WrapCipherSpi
@@ -12525,15 +9014,6 @@
 -            super(new RC2WrapEngine());
 -        }
 -    }
--
--    public static class RFC3211DESedeWrap
--        extends WrapCipherSpi
--    {
--        public RFC3211DESedeWrap()
--        {
--            super(new RFC3211WrapEngine(new DESedeEngine()), 8);
--        }
--    }
 +    // BEGIN android-removed
 +    // public static class RC2Wrap
 +    //     extends WrapCipherSpi
@@ -12543,21 +9023,12 @@
 +    //         super(new RC2WrapEngine());
 +    //     }
 +    // }
-+    //
-+    // public static class RFC3211DESedeWrap
-+    //     extends WrapCipherSpi
-+    // {
-+    //     public RFC3211DESedeWrap()
-+    //     {
-+    //         super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-+    //     }
-+    // }
 +    // END android-removed
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateObject.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java	2011-09-01 17:21:06.000000000 +0000
-@@ -518,12 +518,20 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateObject.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java	2011-09-08 21:28:49.000000000 +0000
+@@ -520,12 +520,20 @@
          return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
      }
  
@@ -12579,7 +9050,7 @@
          }
          catch (IOException e)
          {
-@@ -703,7 +711,7 @@
+@@ -711,7 +719,7 @@
      {
          Signature   signature;
          String      sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
@@ -12587,10 +9058,10 @@
 +
          try
          {
-             signature = Signature.getInstance(sigName, "BC");
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java	2011-09-01 17:21:06.000000000 +0000
+             signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME);
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java	2011-09-08 21:28:49.000000000 +0000
 @@ -25,7 +25,9 @@
  
  class X509SignatureUtil
@@ -12681,21 +9152,998 @@
          else
          {
              return digestAlgOID.getId();            
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.java bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java	2011-09-01 17:21:06.000000000 +0000
-@@ -5,7 +5,9 @@
- import org.bouncycastle.crypto.engines.AESEngine;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/EC.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/EC.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java	2011-09-08 21:28:49.000000000 +0000
+@@ -4,8 +4,10 @@
+ 
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+-import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
+-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
++// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
++// END android-removed
+ import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+ 
+ public class EC
+@@ -16,39 +18,49 @@
+         public Mappings()
+         {
+             put("KeyAgreement.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DH");
+-            put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHC");
+-            put("KeyAgreement.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQV");
+-            put("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHwithSHA1KDF");
+-            put("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQVwithSHA1KDF");
++            // BEGIN android-removed
++            // put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHC");
++            // put("KeyAgreement.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQV");
++            // put("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHwithSHA1KDF");
++            // put("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQVwithSHA1KDF");
++            // END android-removed
+ 
+             put("KeyFactory.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$EC");
+-            put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDSA");
+-            put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDH");
+-            put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDHC");
+-            put("KeyFactory.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECMQV");
++            // BEGIN android-removed
++            // put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDSA");
++            // put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDH");
++            // put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDHC");
++            // put("KeyFactory.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECMQV");
++            // END android-removed
+             put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.id_ecPublicKey, "EC");
+             // TODO Should this be an alias for ECDH?
+             put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+-            put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
+-
+-            put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECGOST3410");
+-            put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410");
+-            put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410");
+-            put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
++            // BEGIN android-removed
++            // put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
++            //
++            // put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECGOST3410");
++            // put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410");
++            // put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410");
++            // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
++            // END android-removed
+ 
+             put("KeyPairGenerator.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC");
+-            put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDSA");
+-            put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
+-            put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDHC");
+-            put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
+-            put("KeyPairGenerator.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECMQV");
++            // BEGIN android-removed
++            // put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDSA");
++            // put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
++            // put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDHC");
++            // put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
++            // put("KeyPairGenerator.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECMQV");
++            // END android-removed
+             // TODO Should this be an alias for ECDH?
+             put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+-            put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
+-
+-            put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECGOST3410");
+-            put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410");
+-            put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410");
++            // BEGIN android-removed
++            // put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
++            //
++            // put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECGOST3410");
++            // put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410");
++            // put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410");
++            // END android-removed
+ 
+             put("Signature.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA");
+             put("Signature.NONEwithECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSAnone");
+@@ -60,23 +72,27 @@
+             put("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA");
+             put("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA");
+             put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA");
+-            put("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
+-
+-            addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
++            // BEGIN android-removed
++            // put("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
++            //
++            // addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
++            // END android-removed
+             addSignatureAlgorithm("SHA256", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
+             addSignatureAlgorithm("SHA384", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
+             addSignatureAlgorithm("SHA512", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
+-            addSignatureAlgorithm("RIPEMD160", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
+-
+-            put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR");
+-            put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR224");
+-            put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR256");
+-            put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR384");
+-            put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR512");
+-
+-            addSignatureAlgorithm("SHA1", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+-            addSignatureAlgorithm("SHA224", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+-            addSignatureAlgorithm("SHA256", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
++            // BEGIN android-removed
++            // addSignatureAlgorithm("RIPEMD160", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
++            //
++            // put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR");
++            // put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR224");
++            // put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR256");
++            // put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR384");
++            // put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR512");
++            //
++            // addSignatureAlgorithm("SHA1", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
++            // addSignatureAlgorithm("SHA224", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
++            // addSignatureAlgorithm("SHA256", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
++            // END android-removed
+         }
+ 
+         private void addSignatureAlgorithm(
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java	2011-09-08 21:28:49.000000000 +0000
+@@ -1,10 +1,14 @@
+ package org.bouncycastle.jce.provider.asymmetric.ec;
+ 
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.nist.NISTNamedCurves;
+ import org.bouncycastle.asn1.sec.SECNamedCurves;
+-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.x9.X962NamedCurves;
+ import org.bouncycastle.asn1.x9.X9ECParameters;
+ import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+@@ -167,14 +171,16 @@
+             {
+                 oid = NISTNamedCurves.getOID(name);
+             }
+-            if (oid == null)
+-            {
+-                oid = TeleTrusTNamedCurves.getOID(name);
+-            }
+-            if (oid == null)
+-            {
+-                oid = ECGOST3410NamedCurves.getOID(name);
+-            }
++            // BEGIN android-removed
++            // if (oid == null)
++            // {
++            //     oid = TeleTrusTNamedCurves.getOID(name);
++            // }
++            // if (oid == null)
++            // {
++            //     oid = ECGOST3410NamedCurves.getOID(name);
++            // }
++            // END android-removed
+         }
+ 
+         return oid;
+@@ -192,10 +198,12 @@
+             {
+                 params = NISTNamedCurves.getByOID(oid);
+             }
+-            if (params == null)
+-            {
+-                params = TeleTrusTNamedCurves.getByOID(oid);
+-            }
++            // BEGIN android-removed
++            // if (params == null)
++            // {
++            //     params = TeleTrusTNamedCurves.getByOID(oid);
++            // }
++            // END android-removed
+         }
+ 
+         return params;
+@@ -213,14 +221,16 @@
+             {
+                 name = NISTNamedCurves.getName(oid);
+             }
+-            if (name == null)
+-            {
+-                name = TeleTrusTNamedCurves.getName(oid);
+-            }
+-            if (name == null)
+-            {
+-                name = ECGOST3410NamedCurves.getName(oid);
+-            }
++            // BEGIN android-removed
++            // if (name == null)
++            // {
++            //     name = TeleTrusTNamedCurves.getName(oid);
++            // }
++            // if (name == null)
++            // {
++            //     name = ECGOST3410NamedCurves.getName(oid);
++            // }
++            // END android-removed
+         }
+ 
+         return name;
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java	2011-09-08 21:28:49.000000000 +0000
+@@ -24,20 +24,26 @@
+ import org.bouncycastle.crypto.CipherParameters;
+ import org.bouncycastle.crypto.DerivationFunction;
+ import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
+-import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
+-import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
+-import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
+-import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
++// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
++// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
++// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
++// END android-removed
+ import org.bouncycastle.crypto.digests.SHA1Digest;
+ import org.bouncycastle.crypto.params.ECDomainParameters;
+ import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+-import org.bouncycastle.crypto.params.MQVPrivateParameters;
+-import org.bouncycastle.crypto.params.MQVPublicParameters;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.params.MQVPrivateParameters;
++// import org.bouncycastle.crypto.params.MQVPublicParameters;
++// END android-removed
+ import org.bouncycastle.jce.interfaces.ECPrivateKey;
+ import org.bouncycastle.jce.interfaces.ECPublicKey;
+-import org.bouncycastle.jce.interfaces.MQVPrivateKey;
+-import org.bouncycastle.jce.interfaces.MQVPublicKey;
++// BEGIN android-removed
++// import org.bouncycastle.jce.interfaces.MQVPrivateKey;
++// import org.bouncycastle.jce.interfaces.MQVPublicKey;
++// END android-removed
+ 
+ /**
+  * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363
+@@ -53,9 +59,11 @@
+ 
+     static
+     {
+-        Integer i128 = new Integer(128);
+-        Integer i192 = new Integer(192);
+-        Integer i256 = new Integer(256);
++        // BEGIN android-changed
++        Integer i128 = Integer.valueOf(128);
++        Integer i192 = Integer.valueOf(192);
++        Integer i256 = Integer.valueOf(256);
++        // END android-changed
+ 
+         algorithms.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), i128);
+         algorithms.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), i192);
+@@ -70,7 +78,9 @@
+     private BigInteger             result;
+     private ECDomainParameters     parameters;
+     private BasicAgreement         agreement;
+-    private DerivationFunction     kdf;
++    // BEGIN android-removed
++    // private DerivationFunction     kdf;
++    // END android-removed
+ 
+     private byte[] bigIntToBytes(
+         BigInteger    r)
+@@ -85,7 +95,9 @@
+     {
+         this.kaAlgorithm = kaAlgorithm;
+         this.agreement = agreement;
+-        this.kdf = kdf;
++        // BEGIN android-removed
++        // this.kdf = kdf;
++        // END android-removed
+     }
+ 
+     protected Key engineDoPhase(
+@@ -104,25 +116,27 @@
+         }
+ 
+         CipherParameters pubKey;        
+-        if (agreement instanceof ECMQVBasicAgreement)
+-        {
+-            if (!(key instanceof MQVPublicKey))
+-            {
+-                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+-                    + getSimpleName(MQVPublicKey.class) + " for doPhase");
+-            }
+-
+-            MQVPublicKey mqvPubKey = (MQVPublicKey)key;
+-            ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+-                ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
+-            ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+-                ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
+-
+-            pubKey = new MQVPublicParameters(staticKey, ephemKey);
+-
+-            // TODO Validate that all the keys are using the same parameters?
+-        }
+-        else
++        // BEGIN android-removed
++        // if (agreement instanceof ECMQVBasicAgreement)
++        // {
++        //     if (!(key instanceof MQVPublicKey))
++        //     {
++        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
++        //             + getSimpleName(MQVPublicKey.class) + " for doPhase");
++        //     }
++        //
++        //     MQVPublicKey mqvPubKey = (MQVPublicKey)key;
++        //     ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
++        //         ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
++        //     ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
++        //         ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
++        //
++        //     pubKey = new MQVPublicParameters(staticKey, ephemKey);
++        //
++        //     // TODO Validate that all the keys are using the same parameters?
++        // }
++        // else
++        // END android-removed
+         {
+             if (!(key instanceof ECPublicKey))
+             {
+@@ -143,11 +157,13 @@
+     protected byte[] engineGenerateSecret()
+         throws IllegalStateException
+     {
+-        if (kdf != null)
+-        {
+-            throw new UnsupportedOperationException(
+-                "KDF can only be used when algorithm is known");
+-        }
++        // BEGIN android-removed
++        // if (kdf != null)
++        // {
++        //     throw new UnsupportedOperationException(
++        //         "KDF can only be used when algorithm is known");
++        // }
++        // END android-removed
+ 
+         return bigIntToBytes(result);
+     }
+@@ -175,23 +191,25 @@
+     {
+         byte[] secret = bigIntToBytes(result);
+ 
+-        if (kdf != null)
+-        {
+-            if (!algorithms.containsKey(algorithm))
+-            {
+-                throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
+-            }
+-            
+-            int    keySize = ((Integer)algorithms.get(algorithm)).intValue();
+-
+-            DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
+-
+-            byte[] keyBytes = new byte[keySize / 8];
+-            kdf.init(params);
+-            kdf.generateBytes(keyBytes, 0, keyBytes.length);
+-            secret = keyBytes;
+-        }
+-        else
++        // BEGIN android-removed
++        // if (kdf != null)
++        // {
++        //     if (!algorithms.containsKey(algorithm))
++        //     {
++        //         throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
++        //     }
++        //  
++        //     int    keySize = ((Integer)algorithms.get(algorithm)).intValue();
++        //
++        //     DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
++        //
++        //     byte[] keyBytes = new byte[keySize / 8];
++        //     kdf.init(params);
++        //     kdf.generateBytes(keyBytes, 0, keyBytes.length);
++        //     secret = keyBytes;
++        // }
++        // else
++        // END android-removed
+         {
+             // TODO Should we be ensuring the key is the right length?
+         }
+@@ -219,35 +237,37 @@
+     private void initFromKey(Key key)
+         throws InvalidKeyException
+     {
+-        if (agreement instanceof ECMQVBasicAgreement)
+-        {
+-            if (!(key instanceof MQVPrivateKey))
+-            {
+-                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+-                    + getSimpleName(MQVPrivateKey.class) + " for initialisation");
+-            }
+-
+-            MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
+-            ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
+-                ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
+-            ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
+-                ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
+-
+-            ECPublicKeyParameters ephemPubKey = null;
+-            if (mqvPrivKey.getEphemeralPublicKey() != null)
+-            {
+-                ephemPubKey = (ECPublicKeyParameters)
+-                    ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
+-            }
+-
+-            MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
+-            this.parameters = staticPrivKey.getParameters();
+-
+-            // TODO Validate that all the keys are using the same parameters?
+-
+-            agreement.init(localParams);
+-        }
+-        else
++        // BEGIN android-removed
++        // if (agreement instanceof ECMQVBasicAgreement)
++        // {
++        //     if (!(key instanceof MQVPrivateKey))
++        //     {
++        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
++        //             + getSimpleName(MQVPrivateKey.class) + " for initialisation");
++        //     }
++        //
++        //     MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
++        //     ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
++        //         ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
++        //     ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
++        //         ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
++        //
++        //     ECPublicKeyParameters ephemPubKey = null;
++        //     if (mqvPrivKey.getEphemeralPublicKey() != null)
++        //     {
++        //         ephemPubKey = (ECPublicKeyParameters)
++        //             ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
++        //     }
++        //
++        //     MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
++        //     this.parameters = staticPrivKey.getParameters();
++        //
++        //     // TODO Validate that all the keys are using the same parameters?
++        //
++        //     agreement.init(localParams);
++        // }
++        // else
++        // END android-removed
+         {
+             if (!(key instanceof ECPrivateKey))
+             {
+@@ -278,39 +298,41 @@
+         }
+     }
+ 
+-    public static class DHC
+-        extends KeyAgreement
+-    {
+-        public DHC()
+-        {
+-            super("ECDHC", new ECDHCBasicAgreement(), null);
+-        }
+-    }
+-
+-    public static class MQV
+-        extends KeyAgreement
+-    {
+-        public MQV()
+-        {
+-            super("ECMQV", new ECMQVBasicAgreement(), null);
+-        }
+-    }
+-
+-    public static class DHwithSHA1KDF
+-        extends KeyAgreement
+-    {
+-        public DHwithSHA1KDF()
+-        {
+-            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+-        }
+-    }
+-
+-    public static class MQVwithSHA1KDF
+-        extends KeyAgreement
+-    {
+-        public MQVwithSHA1KDF()
+-        {
+-            super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+-        }
+-    }
++    // BEGIN android-removed
++    // public static class DHC
++    //     extends KeyAgreement
++    // {
++    //     public DHC()
++    //     {
++    //         super("ECDHC", new ECDHCBasicAgreement(), null);
++    //     }
++    // }
++    //
++    // public static class MQV
++    //     extends KeyAgreement
++    // {
++    //     public MQV()
++    //     {
++    //         super("ECMQV", new ECMQVBasicAgreement(), null);
++    //     }
++    // }
++    //
++    // public static class DHwithSHA1KDF
++    //     extends KeyAgreement
++    // {
++    //     public DHwithSHA1KDF()
++    //     {
++    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
++    //     }
++    // }
++    //
++    // public static class MQVwithSHA1KDF
++    //     extends KeyAgreement
++    // {
++    //     public MQVwithSHA1KDF()
++    //     {
++    //         super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
++    //     }
++    // }
++    // END android-removed
+ }
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java	2011-09-08 21:28:49.000000000 +0000
+@@ -10,10 +10,14 @@
+ import java.util.Hashtable;
+ 
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.nist.NISTNamedCurves;
+ import org.bouncycastle.asn1.sec.SECNamedCurves;
+-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// BEGIN android-removed
++// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
++// END android-removed
+ import org.bouncycastle.asn1.x9.X962NamedCurves;
+ import org.bouncycastle.asn1.x9.X9ECParameters;
+ import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+@@ -56,13 +60,15 @@
+         static {
+             ecParameters = new Hashtable();
+ 
+-            ecParameters.put(new Integer(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192
+-            ecParameters.put(new Integer(239), new ECGenParameterSpec("prime239v1"));
+-            ecParameters.put(new Integer(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256
+-
+-            ecParameters.put(new Integer(224), new ECGenParameterSpec("P-224"));
+-            ecParameters.put(new Integer(384), new ECGenParameterSpec("P-384"));
+-            ecParameters.put(new Integer(521), new ECGenParameterSpec("P-521"));
++            // BEGIN android-changed
++            ecParameters.put(Integer.valueOf(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192
++            ecParameters.put(Integer.valueOf(239), new ECGenParameterSpec("prime239v1"));
++            ecParameters.put(Integer.valueOf(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256
++
++            ecParameters.put(Integer.valueOf(224), new ECGenParameterSpec("P-224"));
++            ecParameters.put(Integer.valueOf(384), new ECGenParameterSpec("P-384"));
++            ecParameters.put(Integer.valueOf(521), new ECGenParameterSpec("P-521"));
++            // END android-changed
+         }
+ 
+         public EC()
+@@ -83,8 +89,16 @@
+             SecureRandom    random)
+         {
+             this.strength = strength;
++            // BEGIN android-added
++            if (random != null) {
++            // END android-added
+             this.random = random;
+-            this.ecParams = ecParameters.get(new Integer(strength));
++            // BEGIN android-added
++            }
++            // END android-added
++            // BEGIN android-changed
++            this.ecParams = ecParameters.get(Integer.valueOf(strength));
++            // END android-changed
+ 
+             if (ecParams != null)
+             {
+@@ -108,6 +122,11 @@
+             SecureRandom            random)
+             throws InvalidAlgorithmParameterException
+         {
++            // BEGIN android-added
++            if (random == null) {
++                random = this.random;
++            }
++            // END android-added
+             if (params instanceof ECParameterSpec)
+             {
+                 ECParameterSpec p = (ECParameterSpec)params;
+@@ -135,23 +154,25 @@
+             {
+                 final String curveName = ((ECGenParameterSpec)params).getName();
+ 
+-                if (this.algorithm.equals("ECGOST3410"))
+-                {
+-                    ECDomainParameters  ecP = ECGOST3410NamedCurves.getByName(curveName);
+-                    if (ecP == null)
+-                    {
+-                        throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
+-                    }
+-
+-                    this.ecParams = new ECNamedCurveSpec(
+-                                                    curveName,
+-                                                    ecP.getCurve(),
+-                                                    ecP.getG(),
+-                                                    ecP.getN(),
+-                                                    ecP.getH(),
+-                                                    ecP.getSeed());
+-                }
+-                else
++                // BEGIN android-removed
++                // if (this.algorithm.equals("ECGOST3410"))
++                // {
++                //     ECDomainParameters  ecP = ECGOST3410NamedCurves.getByName(curveName);
++                //     if (ecP == null)
++                //     {
++                //         throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
++                //     }
++                //
++                //     this.ecParams = new ECNamedCurveSpec(
++                //                                     curveName,
++                //                                     ecP.getCurve(),
++                //                                     ecP.getG(),
++                //                                     ecP.getN(),
++                //                                     ecP.getH(),
++                //                                     ecP.getSeed());
++                // }
++                // else
++                // END android-removed
+                 {
+                     X9ECParameters  ecP = X962NamedCurves.getByName(curveName);
+                     if (ecP == null)
+@@ -161,10 +182,12 @@
+                         {
+                             ecP = NISTNamedCurves.getByName(curveName);
+                         }
+-                        if (ecP == null)
+-                        {
+-                            ecP = TeleTrusTNamedCurves.getByName(curveName);
+-                        }
++                        // BEGIN android-removed
++                        // if (ecP == null)
++                        // {
++                        //     ecP = TeleTrusTNamedCurves.getByName(curveName);
++                        // }
++                        // END android-removed
+                         if (ecP == null)
+                         {
+                             // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug)
+@@ -180,10 +203,12 @@
+                                 {
+                                     ecP = NISTNamedCurves.getByOID(oid);
+                                 }
+-                                if (ecP == null)
+-                                {
+-                                    ecP = TeleTrusTNamedCurves.getByOID(oid);
+-                                }
++                                // BEGIN android-removed
++                                // if (ecP == null)
++                                // {
++                                //     ecP = TeleTrusTNamedCurves.getByOID(oid);
++                                // }
++                                // END android-removed
+                                 if (ecP == null)
+                                 {
+                                     throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName);
+@@ -239,7 +264,15 @@
+         {
+             if (!initialised)
+             {
+-                throw new IllegalStateException("EC Key Pair Generator not initialised");
++                // BEGIN android-removed
++                // throw new IllegalStateException("EC Key Pair Generator not initialised");
++                // END android-removed
++                // BEGIN android-added
++                /*
++                 * KeyPairGenerator documentation says that a default initialization must be provided
++                 */
++                initialize(192, random);
++                // END android-added
+             }
+ 
+             AsymmetricCipherKeyPair     pair = engine.generateKeyPair();
+@@ -279,14 +312,16 @@
+         }
+     }
+ 
+-    public static class ECGOST3410
+-        extends EC
+-    {
+-        public ECGOST3410()
+-        {
+-            super("ECGOST3410");
+-        }
+-    }
++    // BEGIN android-removed
++    // public static class ECGOST3410
++    //     extends EC
++    // {
++    //     public ECGOST3410()
++    //     {
++    //         super("ECGOST3410");
++    //     }
++    // }
++    // END android-removed
+ 
+     public static class ECDH
+         extends EC
+@@ -314,4 +349,4 @@
+             super("ECMQV");
+         }
+     }
+-}
+\ No newline at end of file
++}
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java	2011-09-08 21:28:49.000000000 +0000
+@@ -18,15 +18,21 @@
+ import org.bouncycastle.crypto.DSA;
+ import org.bouncycastle.crypto.Digest;
+ import org.bouncycastle.crypto.digests.NullDigest;
+-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
++// END android-removed
+ import org.bouncycastle.crypto.digests.SHA1Digest;
+-import org.bouncycastle.crypto.digests.SHA224Digest;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.digests.SHA224Digest;
++// END android-removed
+ import org.bouncycastle.crypto.digests.SHA256Digest;
+ import org.bouncycastle.crypto.digests.SHA384Digest;
+ import org.bouncycastle.crypto.digests.SHA512Digest;
+ import org.bouncycastle.crypto.params.ParametersWithRandom;
+ import org.bouncycastle.crypto.signers.ECDSASigner;
+-import org.bouncycastle.crypto.signers.ECNRSigner;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.signers.ECNRSigner;
++// END android-removed
+ import org.bouncycastle.jce.interfaces.ECKey;
+ import org.bouncycastle.jce.provider.DSABase;
+ import org.bouncycastle.jce.provider.DSAEncoder;
+@@ -122,14 +128,16 @@
+         }
+     }
+ 
+-    static public class ecDSA224
+-        extends Signature
+-    {
+-        public ecDSA224()
+-        {
+-            super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
+-        }
+-    }
++    // BEGIN android-removed
++    // static public class ecDSA224
++    //     extends Signature
++    // {
++    //     public ecDSA224()
++    //     {
++    //         super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
++    //     }
++    // }
++    // END android-removed
+ 
+     static public class ecDSA256
+         extends Signature
+@@ -158,86 +166,88 @@
+         }
+     }
+ 
+-    static public class ecDSARipeMD160
+-        extends Signature
+-    {
+-        public ecDSARipeMD160()
+-        {
+-            super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
+-        }
+-    }
+-
+-    static public class ecNR
+-        extends Signature
+-    {
+-        public ecNR()
+-        {
+-            super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
+-        }
+-    }
+-
+-    static public class ecNR224
+-        extends Signature
+-    {
+-        public ecNR224()
+-        {
+-            super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
+-        }
+-    }
+-
+-    static public class ecNR256
+-        extends Signature
+-    {
+-        public ecNR256()
+-        {
+-            super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
+-        }
+-    }
+-
+-    static public class ecNR384
+-        extends Signature
+-    {
+-        public ecNR384()
+-        {
+-            super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
+-        }
+-    }
+-
+-    static public class ecNR512
+-        extends Signature
+-    {
+-        public ecNR512()
+-        {
+-            super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
+-        }
+-    }
+-
+-    static public class ecCVCDSA
+-        extends Signature
+-    {
+-        public ecCVCDSA()
+-        {
+-            super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
+-        }
+-    }
+-
+-    static public class ecCVCDSA224
+-        extends Signature
+-    {
+-        public ecCVCDSA224()
+-        {
+-            super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
+-        }
+-    }
+-
+-    static public class ecCVCDSA256
+-        extends Signature
+-    {
+-        public ecCVCDSA256()
+-        {
+-            super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
+-        }
+-    }
++    // BEGIN android-removed
++    // static public class ecDSARipeMD160
++    //     extends Signature
++    // {
++    //     public ecDSARipeMD160()
++    //     {
++    //         super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
++    //     }
++    // }
++    //
++    // static public class ecNR
++    //     extends Signature
++    // {
++    //     public ecNR()
++    //     {
++    //         super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
++    //     }
++    // }
++    //
++    // static public class ecNR224
++    //     extends Signature
++    // {
++    //     public ecNR224()
++    //     {
++    //         super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
++    //     }
++    // }
++    //
++    // static public class ecNR256
++    //     extends Signature
++    // {
++    //     public ecNR256()
++    //     {
++    //         super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
++    //     }
++    // }
++    //
++    // static public class ecNR384
++    //     extends Signature
++    // {
++    //     public ecNR384()
++    //     {
++    //         super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
++    //     }
++    // }
++    //
++    // static public class ecNR512
++    //     extends Signature
++    // {
++    //     public ecNR512()
++    //     {
++    //         super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
++    //     }
++    // }
++    //
++    // static public class ecCVCDSA
++    //     extends Signature
++    // {
++    //     public ecCVCDSA()
++    //     {
++    //         super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
++    //     }
++    // }
++    //
++    // static public class ecCVCDSA224
++    //     extends Signature
++    // {
++    //     public ecCVCDSA224()
++    //     {
++    //         super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
++    //     }
++    // }
++    //
++    // static public class ecCVCDSA256
++    //     extends Signature
++    // {
++    //     public ecCVCDSA256()
++    //     {
++    //         super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
++    //     }
++    // }
++    // END android-removed
+ 
+     private static class StdDSAEncoder
+         implements DSAEncoder
+@@ -331,4 +341,4 @@
+             return sig;
+         }
+     }
+-}
+\ No newline at end of file
++}
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/AES.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/AES.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java	2011-09-08 21:28:49.000000000 +0000
+@@ -13,8 +13,10 @@
+ import org.bouncycastle.crypto.CipherKeyGenerator;
  import org.bouncycastle.crypto.engines.AESFastEngine;
  import org.bouncycastle.crypto.engines.AESWrapEngine;
 -import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+-import org.bouncycastle.crypto.macs.CMac;
 +// BEGIN android-removed
 +// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
++// import org.bouncycastle.crypto.macs.CMac;
 +// END android-removed
  import org.bouncycastle.crypto.modes.CBCBlockCipher;
  import org.bouncycastle.crypto.modes.CFBBlockCipher;
  import org.bouncycastle.crypto.modes.OFBBlockCipher;
-@@ -36,32 +38,34 @@
+@@ -41,41 +43,43 @@
          }
      }
  
@@ -12725,6 +10173,15 @@
 -            super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128);
 -        }
 -    }
+-
+-    public static class AESCMAC
+-        extends JCEMac
+-    {
+-        public AESCMAC()
+-        {
+-            super(new CMac(new AESFastEngine()));
+-        }
+-    }
 +    // BEGIN android-removed
 +    // public static class CBC
 +    //    extends JCEBlockCipher
@@ -12752,11 +10209,20 @@
 +    //         super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128);
 +    //     }
 +    // }
++    //
++    // public static class AESCMAC
++    //     extends JCEMac
++    // {
++    //     public AESCMAC()
++    //     {
++    //         super(new CMac(new AESFastEngine()));
++    //     }
++    // }
 +    // END android-removed
  
      static public class Wrap
          extends WrapCipherSpi
-@@ -72,14 +76,16 @@
+@@ -86,14 +90,16 @@
          }
      }
  
@@ -12765,7 +10231,7 @@
 -    {
 -        public RFC3211Wrap()
 -        {
--            super(new RFC3211WrapEngine(new AESEngine()), 16);
+-            super(new RFC3211WrapEngine(new AESFastEngine()), 16);
 -        }
 -    }
 +    // BEGIN android-removed
@@ -12774,14 +10240,14 @@
 +    // {
 +    //     public RFC3211Wrap()
 +    //     {
-+    //         super(new RFC3211WrapEngine(new AESEngine()), 16);
++    //         super(new RFC3211WrapEngine(new AESFastEngine()), 16);
 +    //     }
 +    // }
 +    // END android-removed
  
      public static class KeyGen
          extends JCEKeyGenerator
-@@ -95,70 +101,72 @@
+@@ -109,70 +115,72 @@
          }
      }
  
@@ -12838,7 +10304,7 @@
 -
 -            try
 -            {
--                params = AlgorithmParameters.getInstance("AES", "BC");
+-                params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
 -                params.init(new IvParameterSpec(iv));
 -            }
 -            catch (Exception e)
@@ -12903,7 +10369,7 @@
 +    //
 +    //         try
 +    //         {
-+    //             params = AlgorithmParameters.getInstance("AES", "BC");
++    //             params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
 +    //             params.init(new IvParameterSpec(iv));
 +    //         }
 +    //         catch (Exception e)
@@ -12918,116 +10384,332 @@
  
      public static class AlgParams
          extends JDKAlgorithmParameters.IVAlgorithmParameters
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMappings.java bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMappings.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java	2011-09-01 17:21:06.000000000 +0000
-@@ -26,55 +26,63 @@
-         put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-         put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+@@ -205,58 +213,66 @@
+             put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+             put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
  
--        put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
--        put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
--        put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
--        put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
--        put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
--        put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
--        put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-+        // BEGIN android-removed
-+        // put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
-+        // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
-+        // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
-+        // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
-+        // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-+        // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-+        // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-+        // END android-removed
+-            put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
+-            put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
+-            put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
+-            put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
+-            put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
+-            put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+-            put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
++            // BEGIN android-removed
++            // put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
++            // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
++            // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
++            // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
++            // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
++            // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
++            // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
++            // END android-removed
  
-         put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB");
-         put("Alg.Alias.Cipher." + wrongAES128, "AES");
-         put("Alg.Alias.Cipher." + wrongAES192, "AES");
-         put("Alg.Alias.Cipher." + wrongAES256, "AES");
--        put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
--        put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
--        put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
--        put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
--        put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
--        put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
--        put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
--        put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
--        put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
--        put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
--        put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
--        put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
-+        // BEGIN android-changed
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "AES");
-+        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "AES");
-+        // END android-changed
-         put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap");
-         put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
-         put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
-         put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
--        put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
-+        // BEGIN android-removed
-+        // put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
-+        // END android-removed
+             put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+             put("Alg.Alias.Cipher." + wrongAES128, "AES");
+             put("Alg.Alias.Cipher." + wrongAES192, "AES");
+             put("Alg.Alias.Cipher." + wrongAES256, "AES");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
+-            put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
++            // BEGIN android-removed
++            // put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
++            // put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
++            // END android-removed
+             put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap");
+             put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
+             put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
+             put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
+-            put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
++            // BEGIN android-removed
++            // put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
++            // END android-removed
  
-         put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
--        put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
--        put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
--        put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
--        put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
--        put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+        // BEGIN android-removed
-+        // put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+        // put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+        // put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+        // put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-+        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-+        // END android-removed
+             put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
+-            put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+-            put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+-            put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+-            put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+-            put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+-
+-            put("Mac.AESCMAC", "org.bouncycastle.jce.provider.symmetric.AES$AESCMAC");
++            // BEGIN android-removed
++            // put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++            // put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++            // put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++            // put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
++            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
++            //
++            // put("Mac.AESCMAC", "org.bouncycastle.jce.provider.symmetric.AES$AESCMAC");
++            // END android-removed
+         }
      }
  }
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java
---- bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java	2011-09-01 17:21:06.000000000 +0000
-@@ -43,8 +43,10 @@
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/ARC4.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/ARC4.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java	2011-09-08 21:28:49.000000000 +0000
+@@ -27,7 +27,9 @@
+     {
+         public KeyGen()
+         {
+-            super("RC4", 128, new CipherKeyGenerator());
++            // BEGIN android-changed
++            super("ARC4", 128, new CipherKeyGenerator());
++            // END android-changed
+         }
+     }
+ 
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/Blowfish.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/Blowfish.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java	2011-09-08 21:28:49.000000000 +0000
+@@ -57,7 +57,9 @@
+         public Mappings()
+         {
+             put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$ECB");
+-            put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.symmetric.Blowfish$CBC");
++            // BEGIN android-removed
++            // put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.symmetric.Blowfish$CBC");
++            // END android-removed
+             put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$KeyGen");
+             put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
+             put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$AlgParams");
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/DESede.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/DESede.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java	2011-09-08 21:28:49.000000000 +0000
+@@ -14,11 +14,15 @@
+ import org.bouncycastle.crypto.KeyGenerationParameters;
+ import org.bouncycastle.crypto.engines.DESedeEngine;
+ import org.bouncycastle.crypto.engines.DESedeWrapEngine;
+-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
++// END android-removed
+ import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
+ import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
+-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+-import org.bouncycastle.crypto.macs.CMac;
++// BEGIN android-removed
++// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
++// import org.bouncycastle.crypto.macs.CMac;
++// END android-removed
+ import org.bouncycastle.crypto.modes.CBCBlockCipher;
+ import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
+ import org.bouncycastle.jce.provider.JCEBlockCipher;
+@@ -51,17 +55,19 @@
+         }
+     }
+ 
+-    /**
+-     * DESede   CFB8
+-     */
+-    public static class DESedeCFB8
+-        extends JCEMac
+-    {
+-        public DESedeCFB8()
+-        {
+-            super(new CFBBlockCipherMac(new DESedeEngine()));
+-        }
+-    }
++    // BEGIN android-removed
++    // /**
++    //  * DESede   CFB8
++    //  */
++    // public static class DESedeCFB8
++    //     extends JCEMac
++    // {
++    //     public DESedeCFB8()
++    //     {
++    //         super(new CFBBlockCipherMac(new DESedeEngine()));
++    //     }
++    // }
++    // END android-removed
+ 
+     /**
+      * DESede64
+@@ -96,14 +102,16 @@
+         }
+     }
+ 
+-    static public class CMAC
+-        extends JCEMac
+-    {
+-        public CMAC()
+-        {
+-            super(new CMac(new DESedeEngine()));
+-        }
+-    }
++    // BEGIN android-removed
++    // static public class CMAC
++    //     extends JCEMac
++    // {
++    //     public CMAC()
++    //     {
++    //         super(new CMac(new DESedeEngine()));
++    //     }
++    // }
++    // END android-removed
+ 
+     public static class Wrap
+         extends WrapCipherSpi
+@@ -114,14 +122,16 @@
+         }
+     }
+ 
+-    public static class RFC3211
+-        extends WrapCipherSpi
+-    {
+-        public RFC3211()
+-        {
+-            super(new RFC3211WrapEngine(new DESedeEngine()), 8);
+-        }
+-    }
++    // BEGIN android-removed
++    // public static class RFC3211
++    //     extends WrapCipherSpi
++    // {
++    //     public RFC3211()
++    //     {
++    //         super(new RFC3211WrapEngine(new DESedeEngine()), 8);
++    //     }
++    // }
++    // END android-removed
+ 
+   /**
+      * DESede - the default for this is to generate a key in
+@@ -262,32 +272,42 @@
+         public Mappings()
+         {
+             put("Cipher.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$ECB");
+-            put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
+-            put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
++            // BEGIN android-removed
++            // put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
++            // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
++            // END android-removed
+             put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$Wrap");
+-            put("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "org.bouncycastle.jce.provider.symmetric.DESede$Wrap");
+-            put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.DESede$RFC3211");
++            // BEGIN android-changed
++            put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
++            // END android-changed
++            // BEGIN android-removed
++            // put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.DESede$RFC3211");
++            // END android-removed
+ 
+             put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
+-            put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator3");
+-            put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
++            // BEGIN android-removed
++            // put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator3");
++            // put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
++            // END android-removed
+ 
+             put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyFactory");
+ 
+-            put("Mac.DESEDECMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CMAC");
+-            put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CBCMAC");
+-            put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
+-
+-            put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.DESede$DESedeCFB8");
+-            put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
+-
+-            put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64");
+-            put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
+-
+-            put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64with7816d4");
+-            put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+-            put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+-            put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
++            // BEGIN android-removed
++            // put("Mac.DESEDECMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CMAC");
++            // put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CBCMAC");
++            // put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
++            //
++            // put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.DESede$DESedeCFB8");
++            // put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
++            //
++            // put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64");
++            // put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
++            //
++            // put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64with7816d4");
++            // put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
++            // put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
++            // put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
++            // END android-removed
+         }
+     }
+ }
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/openssl/PEMUtilities.java bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/openssl/PEMUtilities.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java	2011-09-08 21:28:50.000000000 +0000
+@@ -45,10 +45,12 @@
+         PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes192_CBC);
+         PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes256_CBC);
+ 
+-        KEYSIZES.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), new Integer(192));
+-        KEYSIZES.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), new Integer(128));
+-        KEYSIZES.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), new Integer(192));
+-        KEYSIZES.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), new Integer(256));
++        // BEGIN android-changed
++        KEYSIZES.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integer.valueOf(192));
++        KEYSIZES.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), Integer.valueOf(128));
++        KEYSIZES.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), Integer.valueOf(192));
++        KEYSIZES.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), Integer.valueOf(256));
++        // END android-changed
+     }
+ 
+     static int getKeySize(String algorithm)
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java	2011-09-08 21:28:50.000000000 +0000
+@@ -44,14 +44,18 @@
      
      static
      {   
@@ -13040,7 +10722,103 @@
          algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
          algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
          algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-@@ -106,19 +108,29 @@
+         algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
+-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++        // BEGIN android-removed
++        // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++        // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
++        // END android-removed
+         algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+         algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
+         algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
+@@ -59,45 +63,59 @@
+         algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+         algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
+         algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
++        // BEGIN android-removed
++        // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
++        // END android-removed
+         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++        // BEGIN android-removed
++        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
++        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
++        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
++        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
++        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
++        // END android-removed
+         algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
+         algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
+-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
++        // BEGIN android-removed
++        // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
++        // END android-removed
+         algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
+         algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
+         algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
+         algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
+         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
+-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
++        // BEGIN android-removed
++        // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
++        // END android-removed
+         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
+         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
+         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
+-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+-        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // BEGIN android-removed
++        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++        // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // END android-removed
+ 
+         //
+         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
+         // The parameters field SHALL be NULL for RSA based signature algorithms.
+         //
+         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
+-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
++        // BEGIN android-removed
++        // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
++        // END android-removed
+         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
+         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
+         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
+         noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
+-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
++        // BEGIN android-removed
++        // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
++        // END android-removed
+         noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
+         noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
+         noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
+@@ -105,25 +123,39 @@
+         //
+         // RFC 4491
+         //
+-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // BEGIN android-removed
++        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
++        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
++        // END android-removed
+ 
          //
          // explicit params
          //
@@ -13051,12 +10829,16 @@
          params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
  
 -        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull());
-+        // BEGIN android-changed
-+        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
-+        // END android-changed
-         params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
- 
+-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+-
 -        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull());
++        // BEGIN android-removed
++        // // BEGIN android-changed
++        // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
++        // // END android-changed
++        // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
++        // END android-removed
++
 +        // BEGIN android-changed
 +        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
 +        // END android-changed
@@ -13075,7 +10857,7 @@
          params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64));
      }
  
-@@ -161,7 +173,9 @@
+@@ -166,7 +198,9 @@
          }
          else
          {
@@ -13086,9 +10868,9 @@
          }
      }
      
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java
---- bcprov-jdk16-145.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java	2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java	2011-09-01 17:21:06.000000000 +0000
+diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java
+--- bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java	2011-02-23 20:08:56.000000000 +0000
++++ bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java	2011-09-08 21:28:50.000000000 +0000
 @@ -62,7 +62,9 @@
              {
                  GeneralName genName = GeneralName.getInstance(it.nextElement());
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java b/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java
index 83bc39d..f87064f 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecificParser.java
@@ -3,7 +3,7 @@
 import java.io.IOException;
 
 public interface ASN1ApplicationSpecificParser
-    extends DEREncodable
+    extends DEREncodable, InMemoryRepresentable
 {
     DEREncodable readObject()
         throws IOException;
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Collection.java b/src/main/java/org/bouncycastle/asn1/ASN1Collection.java
deleted file mode 100644
index aa17d3c..0000000
--- a/src/main/java/org/bouncycastle/asn1/ASN1Collection.java
+++ /dev/null
@@ -1,298 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Enumeration;
-import java.util.ConcurrentModificationException;
-
-// BEGIN android-note
-/*
- * This is a new class that was synthesized from ASN1Sequence and
- * ASN1Set, but with extra smarts about efficiently storing its
- * elements.
- */
-// END android-note
-
-/**
- * Base class for collection-like <code>DERObject</code>s. Instances
- * of this class will keep up to four elements directly, resorting to
- * an external collection only if more elements than that need to be
- * stored.
- */
-public abstract class ASN1Collection
-    extends ASN1Object
-{
-    /** &gt;= 0; size of the collection */
-    private int size;
-
-    /** null-ok; element #0 */
-    private DEREncodable obj0;
-
-    /** null-ok; element #1 */
-    private DEREncodable obj1;
-
-    /** null-ok; element #2 */
-    private DEREncodable obj2;
-
-    /** null-ok; element #3 */
-    private DEREncodable obj3;
-
-    /** null-ok; elements #4 and higher */
-    private DEREncodable[] rest;
-
-    /**
-     * Returns the object at the postion indicated by index.
-     *
-     * @param index the index (starting at zero) of the object
-     * @return the object at the postion indicated by index
-     */
-    public DEREncodable getObjectAt(int index) {
-        if ((index < 0) || (index >= size)) {
-            throw new IndexOutOfBoundsException(Integer.toString(index));
-        }
-                    
-        switch (index) {
-            case 0: return obj0;
-            case 1: return obj1;
-            case 2: return obj2;
-            case 3: return obj3;
-            default: return rest[index - 4];
-        }
-    }
-
-    /**
-     * Returns the number of objects in this instance.
-     *
-     * @return the number of objects in this instance
-     */
-    public int size() {
-        return size;
-    }
-
-    /** {@inheritDoc} */
-    public final int hashCode() {
-        Enumeration e = this.getObjects();
-        int hashCode = 0;
-
-        while (e.hasMoreElements()) {
-            Object o = e.nextElement();
-            
-            if (o != null) {
-                hashCode ^= o.hashCode();
-            }
-        }
-
-        return hashCode;
-    }
-
-    /**
-     * Adds a new element to this instance.
-     * 
-     * @param obj non-null; the instance to add
-     */
-    protected void addObject(DEREncodable obj) {
-        if (obj == null) {
-            throw new NullPointerException("obj == null");
-        }
-
-        int sz = size;
-        
-        switch (sz) {
-            case 0: obj0 = obj; break;
-            case 1: obj1 = obj; break;
-            case 2: obj2 = obj; break;
-            case 3: obj3 = obj; break;
-            case 4: {
-                // Initial allocation of rest.
-                rest = new DEREncodable[5];
-                rest[0] = obj;
-                break;
-            }
-            default: {
-                int index = sz - 4;
-                if (index >= rest.length) {
-                    // Grow rest.
-                    DEREncodable[] newRest = new DEREncodable[index * 2 + 10];
-                    System.arraycopy(rest, 0, newRest, 0, rest.length);
-                    rest = newRest;
-                }
-                rest[index] = obj;
-                break;
-            }
-        }
-
-        size++;
-    }
-
-    /**
-     * Sets the element at a given index (used by {@link #sort}).
-     * 
-     * @param obj non-null; the object to set
-     * @param index &gt;= 0; the index
-     */
-    private void setObjectAt(DEREncodable obj, int index) {
-        switch (index) {
-            case 0: obj0 = obj; break;
-            case 1: obj1 = obj; break;
-            case 2: obj2 = obj; break;
-            case 3: obj3 = obj; break;
-            default: {
-                rest[index - 4] = obj;
-                break;
-            }
-        }
-    }
-
-    /**
-     * Encodes this instance to the given stream.
-     * 
-     * @param out non-null; stream to encode to
-     */
-    /*package*/ abstract void encode(DEROutputStream out) throws IOException;
-
-    /**
-     * Gets an enumeration of all the objects in this collection.
-     * 
-     * @return non-null; the enumeration
-     */
-    public Enumeration getObjects() {
-        return new ASN1CollectionEnumeration();
-    }
-
-    /**
-     * Associated enumeration class.
-     */
-    private class ASN1CollectionEnumeration implements Enumeration {
-        /** original size; used for modification detection */
-        private final int origSize = size;
-
-        /** &gt;= 0; current cursor */
-        private int at = 0;
-
-        /** {@inheritDoc} */
-        public boolean hasMoreElements() {
-            if (size != origSize) {
-                throw new ConcurrentModificationException();
-            }
-
-            return at < origSize;
-        }
-
-        /** {@inheritDoc} */
-        public Object nextElement() {
-            if (size != origSize) {
-                throw new ConcurrentModificationException();
-            }
-
-            switch (at++) {
-                case 0: return obj0;
-                case 1: return obj1;
-                case 2: return obj2;
-                case 3: return obj3;
-                default: return rest[at - 5];
-            }
-        }
-    }
-
-    /**
-     * Sorts the elements in this instance.
-     */
-    protected void sort() {
-        if (size <= 1) {
-            return;
-        }
-
-        boolean swapped = true;
-
-        // TODO: This is bubble sort. Probably not the best choice.
-        while (swapped) {
-            int index = 0;
-            byte[] a = getEncoded(getObjectAt(0));
-                
-            swapped = false;
-                
-            while (index != size - 1) {
-                int nextIndex = index + 1;
-                byte[] b = getEncoded(getObjectAt(nextIndex));
-
-                if (lessThanOrEqual(a, b)) {
-                    a = b;
-                } else {
-                    DEREncodable o = getObjectAt(index);
-                    
-                    setObjectAt(getObjectAt(nextIndex), index);
-                    setObjectAt(o, nextIndex);
-
-                    swapped = true;
-                }
-
-                index++;
-            }
-        }
-    }
-    
-    /**
-     * Returns true if a <= b (arrays are assumed padded with zeros).
-     */
-    private static boolean lessThanOrEqual(byte[] a, byte[] b) {
-        if (a.length <= b.length) {
-            for (int i = 0; i != a.length; i++) {
-                int l = a[i] & 0xff;
-                int r = b[i] & 0xff;
-                 
-                if (r > l) {
-                    return true;
-                } else if (l > r) {
-                    return false;
-                }
-            }
-
-            return true;
-        } else {
-            for (int i = 0; i != b.length; i++) {
-                 int l = a[i] & 0xff;
-                 int r = b[i] & 0xff;
-                 
-                 if (r > l) {
-                     return true;
-                 } else if (l > r) {
-                     return false;
-                 }
-             }
-
-             return false;
-         }
-    }
-
-    /**
-     * Gets the encoded form of an object.
-     * 
-     * @param obj non-null; object to encode
-     * @return non-null; the encoded form
-     */
-    private static byte[] getEncoded(DEREncodable obj) {
-        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-        ASN1OutputStream aOut = new ASN1OutputStream(bOut);
-
-        try {
-            aOut.writeObject(obj);
-        } catch (IOException e) {
-            throw new IllegalArgumentException(
-                    "cannot encode object added to collection");
-        }
-
-        return bOut.toByteArray();
-    }
-
-    /** {@inheritDoc} */
-    public final String toString() {
-        StringBuilder sb = new StringBuilder();
-        sb.append('[');
-        for (int i = 0; i < size; i++) {
-            if (i != 0) sb.append(", ");
-            sb.append(getObjectAt(i));
-        }
-        sb.append(']');
-        return sb.toString();
-    }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java b/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java
index 1f50ddf..3f736e4 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java
@@ -1,14 +1,32 @@
 package org.bouncycastle.asn1;
 
+import java.util.Vector;
+
 /**
  * the parent class for this will eventually disappear. Use this one!
  */
 public class ASN1EncodableVector
     extends DEREncodableVector
 {
-    // migrating from DEREncodeableVector
+    Vector v = new Vector();
+
     public ASN1EncodableVector()
     {
-        
+
+    }
+
+    public void add(DEREncodable obj)
+    {
+        v.addElement(obj);
+    }
+
+    public DEREncodable get(int i)
+    {
+        return (DEREncodable)v.elementAt(i);
+    }
+
+    public int size()
+    {
+        return v.size();
     }
 }
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java b/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java
new file mode 100644
index 0000000..d93fd91
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.asn1;
+
+import java.math.BigInteger;
+
+public class ASN1Enumerated
+    extends DEREnumerated
+{
+    ASN1Enumerated(byte[] bytes)
+    {
+        super(bytes);
+    }
+
+    public ASN1Enumerated(BigInteger value)
+    {
+        super(value);
+    }
+
+    public ASN1Enumerated(int value)
+    {
+        super(value);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Exception.java b/src/main/java/org/bouncycastle/asn1/ASN1Exception.java
new file mode 100644
index 0000000..dc0ee20
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Exception.java
@@ -0,0 +1,25 @@
+package org.bouncycastle.asn1;
+
+import java.io.IOException;
+
+public class ASN1Exception
+    extends IOException
+{
+    private Throwable cause;
+
+    ASN1Exception(String message)
+    {
+        super(message);
+    }
+
+    ASN1Exception(String message, Throwable cause)
+    {
+        super(message);
+        this.cause = cause;
+    }
+
+    public Throwable getCause()
+    {
+        return cause;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java b/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
new file mode 100644
index 0000000..0088a53
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.asn1;
+
+import java.util.Date;
+
+public class ASN1GeneralizedTime
+    extends DERGeneralizedTime
+{
+    ASN1GeneralizedTime(byte[] bytes)
+    {
+        super(bytes);
+    }
+
+    public ASN1GeneralizedTime(Date time)
+    {
+        super(time);
+    }
+
+    public ASN1GeneralizedTime(String time)
+    {
+        super(time);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java b/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
index 05f0664..fb27edd 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
@@ -21,10 +21,24 @@
     private final int limit;
     private final boolean lazyEvaluate;
 
+    static int findLimit(InputStream in)
+    {
+        if (in instanceof LimitedInputStream)
+        {
+            return ((LimitedInputStream)in).getRemaining();
+        }
+        else if (in instanceof ByteArrayInputStream)
+        {
+            return ((ByteArrayInputStream)in).available();
+        }
+
+        return Integer.MAX_VALUE;
+    }
+
     public ASN1InputStream(
         InputStream is)
     {
-        this(is, Integer.MAX_VALUE);
+        this(is, findLimit(is));
     }
 
     /**
@@ -120,7 +134,7 @@
 
         if ((tag & TAGGED) != 0)
         {
-            return new BERTaggedObjectParser(tag, tagNo, defIn).getDERObject();
+            return new ASN1StreamParser(defIn).readTaggedObject(isConstructed, tagNo);
         }
 
         if (isConstructed)
@@ -207,39 +221,44 @@
                 throw new IOException("indefinite length primitive encoding encountered");
             }
 
-            IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(this);
+            IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(this, limit);
+            ASN1StreamParser sp = new ASN1StreamParser(indIn, limit);
 
             if ((tag & APPLICATION) != 0)
             {
-                ASN1StreamParser sp = new ASN1StreamParser(indIn, limit);
-
-                return new BERApplicationSpecificParser(tagNo, sp).getDERObject();
+                return new BERApplicationSpecificParser(tagNo, sp).getLoadedObject();
             }
+
             if ((tag & TAGGED) != 0)
             {
-                return new BERTaggedObjectParser(tag, tagNo, indIn).getDERObject();
+                return new BERTaggedObjectParser(true, tagNo, sp).getLoadedObject();
             }
 
-            ASN1StreamParser sp = new ASN1StreamParser(indIn, limit);
-
             // TODO There are other tags that may be constructed (e.g. BIT_STRING)
             switch (tagNo)
             {
                 case OCTET_STRING:
-                    return new BEROctetStringParser(sp).getDERObject();
+                    return new BEROctetStringParser(sp).getLoadedObject();
                 case SEQUENCE:
-                    return new BERSequenceParser(sp).getDERObject();
+                    return new BERSequenceParser(sp).getLoadedObject();
                 case SET:
-                    return new BERSetParser(sp).getDERObject();
+                    return new BERSetParser(sp).getLoadedObject();
                 case EXTERNAL:
-                    return new DERExternalParser(sp).getDERObject();
+                    return new DERExternalParser(sp).getLoadedObject();
                 default:
                     throw new IOException("unknown BER object encountered");
             }
         }
         else
         {
-            return buildObject(tag, tagNo, length);
+            try
+            {
+                return buildObject(tag, tagNo, length);
+            }
+            catch (IllegalArgumentException e)
+            {
+                throw new ASN1Exception("corrupted stream detected", e);
+            }
         }
     }
 
@@ -300,6 +319,7 @@
         {
             int size = length & 0x7f;
 
+            // Note: The invalid long form "0xff" (see X.690 8.1.3.5c) will be caught here
             if (size > 4)
             {
                 throw new IOException("DER length more than 4 bytes: " + size);
@@ -339,12 +359,7 @@
         switch (tagNo)
         {
             case BIT_STRING:
-            {
-                int padBits = bytes[0];
-                byte[] data = new byte[bytes.length - 1];
-                System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
-                return new DERBitString(data, padBits);
-            }
+                return DERBitString.fromOctetString(bytes);
             case BMP_STRING:
                 return new DERBMPString(bytes);
             case BOOLEAN:
@@ -352,21 +367,21 @@
                 return DERBoolean.getInstance(bytes);
                 // END android-changed
             case ENUMERATED:
-                return new DEREnumerated(bytes);
+                return new ASN1Enumerated(bytes);
             case GENERALIZED_TIME:
-                return new DERGeneralizedTime(bytes);
+                return new ASN1GeneralizedTime(bytes);
             case GENERAL_STRING:
                 return new DERGeneralString(bytes);
             case IA5_STRING:
                 return new DERIA5String(bytes);
             case INTEGER:
-                return new DERInteger(bytes);
+                return new ASN1Integer(bytes);
             case NULL:
                 return DERNull.INSTANCE;   // actual content is ignored (enforce 0 length?)
             case NUMERIC_STRING:
                 return new DERNumericString(bytes);
             case OBJECT_IDENTIFIER:
-                return new DERObjectIdentifier(bytes);
+                return new ASN1ObjectIdentifier(bytes);
             case OCTET_STRING:
                 return new DEROctetString(bytes);
             case PRINTABLE_STRING:
@@ -376,7 +391,7 @@
             case UNIVERSAL_STRING:
                 return new DERUniversalString(bytes);
             case UTC_TIME:
-                return new DERUTCTime(bytes);
+                return new ASN1UTCTime(bytes);
             case UTF8_STRING:
                 return new DERUTF8String(bytes);
             case VISIBLE_STRING:
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Integer.java b/src/main/java/org/bouncycastle/asn1/ASN1Integer.java
new file mode 100644
index 0000000..71009a0
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Integer.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.asn1;
+
+import java.math.BigInteger;
+
+public class ASN1Integer
+    extends DERInteger
+{
+    ASN1Integer(byte[] bytes)
+    {
+        super(bytes);
+    }
+
+    public ASN1Integer(BigInteger value)
+    {
+        super(value);
+    }
+
+    public ASN1Integer(int value)
+    {
+        super(value);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Object.java b/src/main/java/org/bouncycastle/asn1/ASN1Object.java
index 7a0b113..7e9860a 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1Object.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Object.java
@@ -17,7 +17,14 @@
     {
         ASN1InputStream aIn = new ASN1InputStream(data);
 
-        return (ASN1Object)aIn.readObject();
+        try
+        {
+            return (ASN1Object)aIn.readObject();
+        }
+        catch (ClassCastException e)
+        {
+            throw new IOException("cannot recognise object in stream");    
+        }
     }
 
     public final boolean equals(Object o)
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
new file mode 100644
index 0000000..83b7c86
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
@@ -0,0 +1,26 @@
+package org.bouncycastle.asn1;
+
+public class ASN1ObjectIdentifier
+    extends DERObjectIdentifier
+{
+    public ASN1ObjectIdentifier(String identifier)
+    {
+        super(identifier);
+    }
+
+    ASN1ObjectIdentifier(byte[] bytes)
+    {
+        super(bytes);
+    }
+
+    /**
+     * Return an OID that creates a branch under the current one.
+     *
+     * @param branchID node numbers for the new branch.
+     * @return
+     */
+    public ASN1ObjectIdentifier branch(String branchID)
+    {
+        return new ASN1ObjectIdentifier(getId() + "." + branchID);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1ObjectParser.java b/src/main/java/org/bouncycastle/asn1/ASN1ObjectParser.java
deleted file mode 100644
index ff09a45..0000000
--- a/src/main/java/org/bouncycastle/asn1/ASN1ObjectParser.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.InputStream;
-
-/**
- * @deprecated will be removed
- */
-public class ASN1ObjectParser
-{
-    ASN1StreamParser _aIn;
-
-    protected ASN1ObjectParser(
-        int         baseTag,
-        int         tagNumber,
-        InputStream contentStream)
-    {
-        _aIn = new ASN1StreamParser(contentStream);
-    }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java b/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java
index b1d72a2..7d334d7 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java
@@ -1,13 +1,11 @@
 package org.bouncycastle.asn1;
 
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.Arrays;
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.Enumeration;
-import java.util.Vector;
+
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
 
 public abstract class ASN1OctetString
     extends ASN1Object
@@ -28,7 +26,16 @@
         ASN1TaggedObject    obj,
         boolean             explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof ASN1OctetString)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return BERConstructedOctetString.fromSequence(ASN1Sequence.getInstance(o)); 
+        }
     }
     
     /**
@@ -45,24 +52,12 @@
             return (ASN1OctetString)obj;
         }
 
+        // TODO: this needs to be deleted in V2
         if (obj instanceof ASN1TaggedObject)
         {
             return getInstance(((ASN1TaggedObject)obj).getObject());
         }
 
-        if (obj instanceof ASN1Sequence)
-        {
-            Vector      v = new Vector();
-            Enumeration e = ((ASN1Sequence)obj).getObjects();
-
-            while (e.hasMoreElements())
-            {
-                v.addElement(e.nextElement());
-            }
-
-            return new BERConstructedOctetString(v);
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -125,6 +120,11 @@
         return Arrays.areEqual(string, other.string);
     }
 
+    public DERObject getLoadedObject()
+    {
+        return this.getDERObject();
+    }
+
     abstract void encode(DEROutputStream out)
         throws IOException;
 
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java b/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java
index 641020c..21a3941 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1OctetStringParser.java
@@ -3,7 +3,7 @@
 import java.io.InputStream;
 
 public interface ASN1OctetStringParser
-    extends DEREncodable
+    extends DEREncodable, InMemoryRepresentable
 {
     public InputStream getOctetStream();
 }
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java b/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java
index e31e673..b4a8072 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java
@@ -2,20 +2,12 @@
 
 import java.io.IOException;
 import java.util.Enumeration;
-// BEGIN android-removed
-// import java.util.Vector;
-// END android-removed
-
-// BEGIN android-note
-// Changed inheritence of class.
-// END android-note
+import java.util.Vector;
 
 public abstract class ASN1Sequence
-    extends ASN1Collection
+    extends ASN1Object
 {
-    // BEGIN android-removed
-    // private Vector seq = new Vector();
-    // END android-removed
+    private Vector seq = new Vector();
 
     /**
      * return an ASN1Sequence from the given object.
@@ -30,6 +22,17 @@
         {
             return (ASN1Sequence)obj;
         }
+        else if (obj instanceof byte[])
+        {
+            try
+            {
+                return ASN1Sequence.getInstance(ASN1Object.fromByteArray((byte[])obj));
+            }
+            catch (IOException e)
+            {
+                throw new IllegalArgumentException("failed to construct sequence from byte[]: " + e.getMessage());
+            }
+        }
 
         throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName());
     }
@@ -93,12 +96,10 @@
         throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName());
     }
 
-    // BEGIN android-removed
-    // public Enumeration getObjects()
-    // {
-    //     return seq.elements();
-    // }
-    // END android-removed
+    public Enumeration getObjects()
+    {
+        return seq.elements();
+    }
 
     public ASN1SequenceParser parser()
     {
@@ -130,6 +131,11 @@
                 return obj;
             }
 
+            public DERObject getLoadedObject()
+            {
+                return outer;
+            }
+            
             public DERObject getDERObject()
             {
                 return outer;
@@ -137,47 +143,43 @@
         };
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * return the object at the sequence position indicated by index.
-    //  *
-    //  * @param index the sequence number (starting at zero) of the object
-    //  * @return the object at the sequence position indicated by index.
-    //  */
-    // public DEREncodable getObjectAt(
-    //     int index)
-    // {
-    //     return (DEREncodable)seq.elementAt(index);
-    // }
-    //
-    // /**
-    //  * return the number of objects in this sequence.
-    //  *
-    //  * @return the number of objects in this sequence.
-    //  */
-    // public int size()
-    // {
-    //     return seq.size();
-    // }
-    //
-    // public int hashCode()
-    // {
-    //     Enumeration             e = this.getObjects();
-    //     int                     hashCode = size();
-    //
-    //     while (e.hasMoreElements())
-    //     {
-    //         Object o = e.nextElement();
-    //         hashCode *= 17;
-    //         if (o != null)
-    //         {
-    //             hashCode ^= o.hashCode();
-    //         }
-    //     }
-    //
-    //     return hashCode;
-    // }
-    // END android-removed
+    /**
+     * return the object at the sequence position indicated by index.
+     *
+     * @param index the sequence number (starting at zero) of the object
+     * @return the object at the sequence position indicated by index.
+     */
+    public DEREncodable getObjectAt(
+        int index)
+    {
+        return (DEREncodable)seq.elementAt(index);
+    }
+
+    /**
+     * return the number of objects in this sequence.
+     *
+     * @return the number of objects in this sequence.
+     */
+    public int size()
+    {
+        return seq.size();
+    }
+
+    public int hashCode()
+    {
+        Enumeration             e = this.getObjects();
+        int                     hashCode = size();
+
+        while (e.hasMoreElements())
+        {
+            Object o = getNext(e);
+            hashCode *= 17;
+
+            hashCode ^= o.hashCode();
+        }
+
+        return hashCode;
+    }
 
     boolean asn1Equals(
         DERObject  o)
@@ -199,10 +201,13 @@
 
         while (s1.hasMoreElements())
         {
-            DERObject  o1 = ((DEREncodable)s1.nextElement()).getDERObject();
-            DERObject  o2 = ((DEREncodable)s2.nextElement()).getDERObject();
+            DEREncodable  obj1 = getNext(s1);
+            DEREncodable  obj2 = getNext(s2);
 
-            if (o1 == o2 || (o1 != null && o1.equals(o2)))
+            DERObject  o1 = obj1.getDERObject();
+            DERObject  o2 = obj2.getDERObject();
+
+            if (o1 == o2 || o1.equals(o2))
             {
                 continue;
             }
@@ -213,19 +218,30 @@
         return true;
     }
 
-    // BEGIN android-removed
-    //protected void addObject(
-    //    DEREncodable obj)
-    //{
-    //    seq.addElement(obj);
-    //}
+    private DEREncodable getNext(Enumeration e)
+    {
+        DEREncodable encObj = (DEREncodable)e.nextElement();
 
-    //abstract void encode(DEROutputStream out)
-    //    throws IOException;
+        // unfortunately null was allowed as a substitute for DER null
+        if (encObj == null)
+        {
+            return DERNull.INSTANCE;
+        }
 
-    //public String toString() 
-    //{
-    //  return seq.toString();
-    //}
-    // END android-removed
+        return encObj;
+    }
+
+    protected void addObject(
+        DEREncodable obj)
+    {
+        seq.addElement(obj);
+    }
+
+    abstract void encode(DEROutputStream out)
+        throws IOException;
+
+    public String toString() 
+    {
+      return seq.toString();
+    }
 }
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java b/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java
index ceda6bd..49dde79 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1SequenceParser.java
@@ -3,7 +3,7 @@
 import java.io.IOException;
 
 public interface ASN1SequenceParser
-    extends DEREncodable
+    extends DEREncodable, InMemoryRepresentable
 {
     DEREncodable readObject()
         throws IOException;
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1Set.java b/src/main/java/org/bouncycastle/asn1/ASN1Set.java
index 88a20ee..c395b8b 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1Set.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1Set.java
@@ -3,20 +3,12 @@
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.util.Enumeration;
-// BEGIN android-removed
-// import java.util.Vector;
-// END android-removed
-
-// BEGIN android-note
-// Changed inheritence of class.
-// END android-note
+import java.util.Vector;
 
 abstract public class ASN1Set
-    extends ASN1Collection
+    extends ASN1Object
 {
-    // BEGIN android-removed
-    // protected Vector set = new Vector();
-    // END android-removed
+    protected Vector set = new Vector();
 
     /**
      * return an ASN1Set from the given object.
@@ -112,34 +104,44 @@
     {
     }
 
-    // BEGIN android-removed
-    // public Enumeration getObjects()
-    // {
-    //     return set.elements();
-    // }
-    //
-    // /**
-    //  * return the object at the set position indicated by index.
-    //  *
-    //  * @param index the set number (starting at zero) of the object
-    //  * @return the object at the set position indicated by index.
-    //  */
-    // public DEREncodable getObjectAt(
-    //     int index)
-    // {
-    //     return (DEREncodable)set.elementAt(index);
-    // }
-    //
-    // /**
-    //  * return the number of objects in this set.
-    //  *
-    //  * @return the number of objects in this set.
-    //  */
-    // public int size()
-    // {
-    //     return set.size();
-    // }
-    // END android-removed
+    public Enumeration getObjects()
+    {
+        return set.elements();
+    }
+
+    /**
+     * return the object at the set position indicated by index.
+     *
+     * @param index the set number (starting at zero) of the object
+     * @return the object at the set position indicated by index.
+     */
+    public DEREncodable getObjectAt(
+        int index)
+    {
+        return (DEREncodable)set.elementAt(index);
+    }
+
+    /**
+     * return the number of objects in this set.
+     *
+     * @return the number of objects in this set.
+     */
+    public int size()
+    {
+        return set.size();
+    }
+
+    public ASN1Encodable[] toArray()
+    {
+        ASN1Encodable[] values = new ASN1Encodable[this.size()];
+
+        for (int i = 0; i != this.size(); i++)
+        {
+            values[i] = (ASN1Encodable)this.getObjectAt(i);
+        }
+
+        return values;
+    }
 
     public ASN1SetParser parser()
     {
@@ -171,6 +173,11 @@
                 return obj;
             }
 
+            public DERObject getLoadedObject()
+            {
+                return outer;
+            }
+
             public DERObject getDERObject()
             {
                 return outer;
@@ -178,25 +185,21 @@
         };
     }
 
-    // BEGIN android-removed
-    // public int hashCode()
-    // {
-    //     Enumeration             e = this.getObjects();
-    //     int                     hashCode = size();
-    //
-    //     while (e.hasMoreElements())
-    //     {
-    //         Object o = e.nextElement();
-    //         hashCode *= 17;
-    //         if (o != null)
-    //         {
-    //             hashCode ^= o.hashCode();
-    //         }
-    //     }
-    //
-    //     return hashCode;
-    // }
-    // END android-removed
+    public int hashCode()
+    {
+        Enumeration             e = this.getObjects();
+        int                     hashCode = size();
+
+        while (e.hasMoreElements())
+        {
+            Object o = getNext(e);
+            hashCode *= 17;
+
+            hashCode ^= o.hashCode();
+        }
+
+        return hashCode;
+    }
 
     boolean asn1Equals(
         DERObject  o)
@@ -218,10 +221,13 @@
 
         while (s1.hasMoreElements())
         {
-            DERObject  o1 = ((DEREncodable)s1.nextElement()).getDERObject();
-            DERObject  o2 = ((DEREncodable)s2.nextElement()).getDERObject();
+            DEREncodable  obj1 = getNext(s1);
+            DEREncodable  obj2 = getNext(s2);
 
-            if (o1 == o2 || (o1 != null && o1.equals(o2)))
+            DERObject  o1 = obj1.getDERObject();
+            DERObject  o2 = obj2.getDERObject();
+
+            if (o1 == o2 || o1.equals(o2))
             {
                 continue;
             }
@@ -232,54 +238,36 @@
         return true;
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * return true if a <= b (arrays are assumed padded with zeros).
-    //  */
-    // private boolean lessThanOrEqual(
-    //      byte[] a,
-    //      byte[] b)
-    // {
-    //      if (a.length <= b.length)
-    //      {
-    //          for (int i = 0; i != a.length; i++)
-    //          {
-    //              int    l = a[i] & 0xff;
-    //              int    r = b[i] & 0xff;
-    //
-    //              if (r > l)
-    //              {
-    //                  return true;
-    //              }
-    //              else if (l > r)
-    //              {
-    //                  return false;
-    //              }
-    //          }
-    //
-    //          return true;
-    //      }
-    //      else
-    //      {
-    //          for (int i = 0; i != b.length; i++)
-    //          {
-    //              int    l = a[i] & 0xff;
-    //              int    r = b[i] & 0xff;
-    //
-    //              if (r > l)
-    //              {
-    //                  return true;
-    //              }
-    //              else if (l > r)
-    //              {
-    //                  return false;
-    //              }
-    //          }
-    //
-    //          return false;
-    //      }
-    // }
-    // END android-removed
+    private DEREncodable getNext(Enumeration e)
+    {
+        DEREncodable encObj = (DEREncodable)e.nextElement();
+
+        // unfortunately null was allowed as a substitute for DER null
+        if (encObj == null)
+        {
+            return DERNull.INSTANCE;
+        }
+
+        return encObj;
+    }
+
+    /**
+     * return true if a <= b (arrays are assumed padded with zeros).
+     */
+    private boolean lessThanOrEqual(
+         byte[] a,
+         byte[] b)
+    {
+        int len = Math.min(a.length, b.length);
+        for (int i = 0; i != len; ++i)
+        {
+            if (a[i] != b[i])
+            {
+                return (a[i] & 0xff) < (b[i] & 0xff);
+            }
+        }
+        return len == a.length;
+    }
 
     private byte[] getEncoded(
         DEREncodable obj)
@@ -299,61 +287,59 @@
         return bOut.toByteArray();
     }
 
-    // BEGIN android-removed
-    // protected void sort()
-    // {
-    //     if (set.size() > 1)
-    //     {
-    //         boolean    swapped = true;
-    //         int        lastSwap = set.size() - 1;
-    //
-    //         while (swapped)
-    //         {
-    //             int    index = 0;
-    //             int    swapIndex = 0;
-    //             byte[] a = getEncoded((DEREncodable)set.elementAt(0));
-    //
-    //             swapped = false;
-    //
-    //             while (index != lastSwap)
-    //             {
-    //                 byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1));
-    //
-    //                 if (lessThanOrEqual(a, b))
-    //                 {
-    //                     a = b;
-    //                 }
-    //                 else
-    //                 {
-    //                     Object  o = set.elementAt(index);
-    //
-    //                     set.setElementAt(set.elementAt(index + 1), index);
-    //                     set.setElementAt(o, index + 1);
-    //
-    //                     swapped = true;
-    //                     swapIndex = index;
-    //                 }
-    //
-    //                 index++;
-    //             }
-    //
-    //             lastSwap = swapIndex;
-    //         }
-    //     }
-    // }
-    //
-    // protected void addObject(
-    //     DEREncodable obj)
-    // {
-    //     set.addElement(obj);
-    // }
-    //
-    // abstract void encode(DEROutputStream out)
-    //         throws IOException;
-    //
-    // public String toString() 
-    // {
-    //   return set.toString();
-    // }
-    // END android-removed
+    protected void sort()
+    {
+        if (set.size() > 1)
+        {
+            boolean    swapped = true;
+            int        lastSwap = set.size() - 1;
+
+            while (swapped)
+            {
+                int    index = 0;
+                int    swapIndex = 0;
+                byte[] a = getEncoded((DEREncodable)set.elementAt(0));
+                
+                swapped = false;
+
+                while (index != lastSwap)
+                {
+                    byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1));
+
+                    if (lessThanOrEqual(a, b))
+                    {
+                        a = b;
+                    }
+                    else
+                    {
+                        Object  o = set.elementAt(index);
+
+                        set.setElementAt(set.elementAt(index + 1), index);
+                        set.setElementAt(o, index + 1);
+
+                        swapped = true;
+                        swapIndex = index;
+                    }
+
+                    index++;
+                }
+
+                lastSwap = swapIndex;
+            }
+        }
+    }
+
+    protected void addObject(
+        DEREncodable obj)
+    {
+        set.addElement(obj);
+    }
+
+    abstract void encode(DEROutputStream out)
+            throws IOException;
+
+    public String toString() 
+    {
+      return set.toString();
+    }
 }
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java b/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java
index b09a170..9dc99b5 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1SetParser.java
@@ -3,7 +3,7 @@
 import java.io.IOException;
 
 public interface ASN1SetParser
-    extends DEREncodable
+    extends DEREncodable, InMemoryRepresentable
 {
     public DEREncodable readObject()
         throws IOException;
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java b/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
index 43fcad7..fbcb787 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
@@ -9,20 +9,10 @@
     private final InputStream _in;
     private final int         _limit;
 
-    private static int findLimit(InputStream in)
-    {
-        if (in instanceof DefiniteLengthInputStream)
-        {
-            return ((DefiniteLengthInputStream)in).getRemaining();
-        }
-
-        return Integer.MAX_VALUE;
-    }
-
     public ASN1StreamParser(
         InputStream in)
     {
-        this(in, findLimit(in));
+        this(in, ASN1InputStream.findLimit(in));
     }
 
     public ASN1StreamParser(
@@ -39,6 +29,90 @@
         this(new ByteArrayInputStream(encoding), encoding.length);
     }
 
+    DEREncodable readIndef(int tagValue) throws IOException
+    {
+        // Note: INDEF => CONSTRUCTED
+
+        // TODO There are other tags that may be constructed (e.g. BIT_STRING)
+        switch (tagValue)
+        {
+            case DERTags.EXTERNAL:
+                return new DERExternalParser(this);
+            case DERTags.OCTET_STRING:
+                return new BEROctetStringParser(this);
+            case DERTags.SEQUENCE:
+                return new BERSequenceParser(this);
+            case DERTags.SET:
+                return new BERSetParser(this);
+            default:
+                throw new ASN1Exception("unknown BER object encountered: 0x" + Integer.toHexString(tagValue));
+        }
+    }
+
+    DEREncodable readImplicit(boolean constructed, int tag) throws IOException
+    {
+        if (_in instanceof IndefiniteLengthInputStream)
+        {
+            if (!constructed)
+            {
+                throw new IOException("indefinite length primitive encoding encountered");
+            }
+            
+            return readIndef(tag);
+        }
+
+        if (constructed)
+        {
+            switch (tag)
+            {
+                case DERTags.SET:
+                    return new DERSetParser(this);
+                case DERTags.SEQUENCE:
+                    return new DERSequenceParser(this);
+                case DERTags.OCTET_STRING:
+                    return new BEROctetStringParser(this);
+            }
+        }
+        else
+        {
+            switch (tag)
+            {
+                case DERTags.SET:
+                    throw new ASN1Exception("sequences must use constructed encoding (see X.690 8.9.1/8.10.1)");
+                case DERTags.SEQUENCE:
+                    throw new ASN1Exception("sets must use constructed encoding (see X.690 8.11.1/8.12.1)");
+                case DERTags.OCTET_STRING:
+                    return new DEROctetStringParser((DefiniteLengthInputStream)_in);
+            }
+        }
+
+        // TODO ASN1Exception
+        throw new RuntimeException("implicit tagging not implemented");
+    }
+
+    DERObject readTaggedObject(boolean constructed, int tag) throws IOException
+    {
+        if (!constructed)
+        {
+            // Note: !CONSTRUCTED => IMPLICIT
+            DefiniteLengthInputStream defIn = (DefiniteLengthInputStream)_in;
+            return new DERTaggedObject(false, tag, new DEROctetString(defIn.toByteArray()));
+        }
+
+        ASN1EncodableVector v = readVector();
+
+        if (_in instanceof IndefiniteLengthInputStream)
+        {
+            return v.size() == 1
+                ?   new BERTaggedObject(true, tag, v.get(0))
+                :   new BERTaggedObject(false, tag, BERFactory.createSequence(v));
+        }
+
+        return v.size() == 1
+            ?   new DERTaggedObject(true, tag, v.get(0))
+            :   new DERTaggedObject(false, tag, DERFactory.createSequence(v));
+    }
+
     public DEREncodable readObject()
         throws IOException
     {
@@ -72,37 +146,20 @@
                 throw new IOException("indefinite length primitive encoding encountered");
             }
 
-            IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(_in);
+            IndefiniteLengthInputStream indIn = new IndefiniteLengthInputStream(_in, _limit);
+            ASN1StreamParser sp = new ASN1StreamParser(indIn, _limit);
 
             if ((tag & DERTags.APPLICATION) != 0)
             {
-                ASN1StreamParser sp = new ASN1StreamParser(indIn, _limit);
-
                 return new BERApplicationSpecificParser(tagNo, sp);
             }
 
             if ((tag & DERTags.TAGGED) != 0)
             {
-                return new BERTaggedObjectParser(tag, tagNo, indIn);
+                return new BERTaggedObjectParser(true, tagNo, sp);
             }
 
-            ASN1StreamParser sp = new ASN1StreamParser(indIn, _limit);
-
-            // TODO There are other tags that may be constructed (e.g. BIT_STRING)
-            switch (tagNo)
-            {
-                case DERTags.OCTET_STRING:
-                    return new BEROctetStringParser(sp);
-                case DERTags.SEQUENCE:
-                    return new BERSequenceParser(sp);
-                case DERTags.SET:
-                    return new BERSetParser(sp);
-                case DERTags.EXTERNAL:{
-                    return new DERExternalParser(sp);
-                }
-                default:
-                    throw new IOException("unknown BER object encountered: 0x" + Integer.toHexString(tagNo));
-            }
+            return sp.readIndef(tagNo);
         }
         else
         {
@@ -115,7 +172,7 @@
 
             if ((tag & DERTags.TAGGED) != 0)
             {
-                return new BERTaggedObjectParser(tag, tagNo, defIn);
+                return new BERTaggedObjectParser(isConstructed, tagNo, new ASN1StreamParser(defIn));
             }
 
             if (isConstructed)
@@ -147,7 +204,14 @@
                     return new DEROctetStringParser(defIn);
             }
 
-            return ASN1InputStream.createPrimitiveDERObject(tagNo, defIn.toByteArray());
+            try
+            {
+                return ASN1InputStream.createPrimitiveDERObject(tagNo, defIn.toByteArray());
+            }
+            catch (IllegalArgumentException e)
+            {
+                throw new ASN1Exception("corrupted stream detected", e);
+            }
         }
     }
 
@@ -166,7 +230,14 @@
         DEREncodable obj;
         while ((obj = readObject()) != null)
         {
-            v.add(obj.getDERObject());
+            if (obj instanceof InMemoryRepresentable)
+            {
+                v.add(((InMemoryRepresentable)obj).getLoadedObject());
+            }
+            else
+            {
+                v.add(obj.getDERObject());
+            }
         }
 
         return v;
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1String.java b/src/main/java/org/bouncycastle/asn1/ASN1String.java
new file mode 100644
index 0000000..fde4e23
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1String.java
@@ -0,0 +1,6 @@
+package org.bouncycastle.asn1;
+
+public interface ASN1String
+{
+    public String getString();
+}
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java
index 1e5d4e8..8ee7960 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java
@@ -200,6 +200,11 @@
         throw new RuntimeException("implicit tagging not implemented for tag: " + tag);
     }
 
+    public DERObject getLoadedObject()
+    {
+        return this.getDERObject();
+    }
+    
     abstract void encode(DEROutputStream  out)
         throws IOException;
 
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java
index 5574bf8..52f6087 100644
--- a/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java
+++ b/src/main/java/org/bouncycastle/asn1/ASN1TaggedObjectParser.java
@@ -3,7 +3,7 @@
 import java.io.IOException;
 
 public interface ASN1TaggedObjectParser
-    extends DEREncodable
+    extends DEREncodable, InMemoryRepresentable
 {
     public int getTagNo();
     
diff --git a/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java b/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
new file mode 100644
index 0000000..d3816f2
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.asn1;
+
+import java.util.Date;
+
+public class ASN1UTCTime
+    extends DERUTCTime
+{
+    ASN1UTCTime(byte[] bytes)
+    {
+        super(bytes);
+    }
+
+    public ASN1UTCTime(Date time)
+    {
+        super(time);
+    }
+
+    public ASN1UTCTime(String time)
+    {
+        super(time);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java b/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java
index 0c46ba3..7b6aaaf 100644
--- a/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java
+++ b/src/main/java/org/bouncycastle/asn1/BERApplicationSpecificParser.java
@@ -20,15 +20,22 @@
         return parser.readObject();
     }
 
+    public DERObject getLoadedObject()
+        throws IOException
+    {
+         return new BERApplicationSpecific(tag, parser.readVector());
+    }
+
     public DERObject getDERObject()
     {
         try
         {
-            return new BERApplicationSpecific(tag, parser.readVector());
+            return getLoadedObject();
         }
         catch (IOException e)
         {
             throw new ASN1ParsingException(e.getMessage(), e);
         }
     }
+
 }
diff --git a/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java b/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java
index 7e712c3..cceb241 100644
--- a/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java
+++ b/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java
@@ -141,4 +141,17 @@
             super.encode(out);
         }
     }
+
+    public static BERConstructedOctetString fromSequence(ASN1Sequence seq)
+    {
+        Vector      v = new Vector();
+        Enumeration e = seq.getObjects();
+
+        while (e.hasMoreElements())
+        {
+            v.addElement(e.nextElement());
+        }
+
+        return new BERConstructedOctetString(v);
+    }
 }
diff --git a/src/main/java/org/bouncycastle/asn1/BERConstructedSequence.java b/src/main/java/org/bouncycastle/asn1/BERConstructedSequence.java
deleted file mode 100644
index 998eaeb..0000000
--- a/src/main/java/org/bouncycastle/asn1/BERConstructedSequence.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.IOException;
-import java.util.Enumeration;
-
-/**
- * @deprecated use BERSequence
- */
-public class BERConstructedSequence
-    extends DERConstructedSequence
-{
-    /*
-     */
-    void encode(
-        DEROutputStream out)
-        throws IOException
-    {
-        if (out instanceof ASN1OutputStream || out instanceof BEROutputStream)
-        {
-            out.write(SEQUENCE | CONSTRUCTED);
-            out.write(0x80);
-            
-            Enumeration e = getObjects();
-            while (e.hasMoreElements())
-            {
-                out.writeObject(e.nextElement());
-            }
-        
-            out.write(0x00);
-            out.write(0x00);
-        }
-        else
-        {
-            super.encode(out);
-        }
-    }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/BERInputStream.java b/src/main/java/org/bouncycastle/asn1/BERInputStream.java
deleted file mode 100644
index 397fc06..0000000
--- a/src/main/java/org/bouncycastle/asn1/BERInputStream.java
+++ /dev/null
@@ -1,209 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.ByteArrayOutputStream;
-import java.io.EOFException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Vector;
-
-/**
- * @deprecated use ASN1InputStream
- */
-public class BERInputStream
-    extends DERInputStream
-{
-    private static final DERObject END_OF_STREAM = new DERObject()
-    {
-                                        void encode(
-                                            DEROutputStream out)
-                                        throws IOException
-                                        {
-                                            throw new IOException("Eeek!");
-                                        }
-                                        public int hashCode()
-                                        {
-                                            return 0;
-                                        }
-                                        public boolean equals(
-                                            Object o) 
-                                        {
-                                            return o == this;
-                                        }
-                                    };
-    public BERInputStream(
-        InputStream is)
-    {
-        super(is);
-    }
-
-    /**
-     * read a string of bytes representing an indefinite length object.
-     */
-    private byte[] readIndefiniteLengthFully()
-        throws IOException
-    {
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        int                     b, b1;
-
-        b1 = read();
-
-        while ((b = read()) >= 0)
-        {
-            if (b1 == 0 && b == 0)
-            {
-                break;
-            }
-
-            bOut.write(b1);
-            b1 = b;
-        }
-
-        return bOut.toByteArray();
-    }
-
-    private BERConstructedOctetString buildConstructedOctetString()
-        throws IOException
-    {
-        Vector               octs = new Vector();
-
-        for (;;)
-        {
-            DERObject        o = readObject();
-
-            if (o == END_OF_STREAM)
-            {
-                break;
-            }
-
-            octs.addElement(o);
-        }
-
-        return new BERConstructedOctetString(octs);
-    }
-
-    public DERObject readObject()
-        throws IOException
-    {
-        int tag = read();
-        if (tag == -1)
-        {
-            throw new EOFException();
-        }
-    
-        int     length = readLength();
-
-        if (length < 0)    // indefinite length method
-        {
-            switch (tag)
-            {
-            case NULL:
-                return null;
-            case SEQUENCE | CONSTRUCTED:
-                BERConstructedSequence  seq = new BERConstructedSequence();
-    
-                for (;;)
-                {
-                    DERObject   obj = readObject();
-
-                    if (obj == END_OF_STREAM)
-                    {
-                        break;
-                    }
-
-                    seq.addObject(obj);
-                }
-                return seq;
-            case OCTET_STRING | CONSTRUCTED:
-                return buildConstructedOctetString();
-            case SET | CONSTRUCTED:
-                ASN1EncodableVector  v = new ASN1EncodableVector();
-    
-                for (;;)
-                {
-                    DERObject   obj = readObject();
-
-                    if (obj == END_OF_STREAM)
-                    {
-                        break;
-                    }
-
-                    v.add(obj);
-                }
-                return new BERSet(v);
-            default:
-                //
-                // with tagged object tag number is bottom 5 bits
-                //
-                if ((tag & TAGGED) != 0)  
-                {
-                    if ((tag & 0x1f) == 0x1f)
-                    {
-                        throw new IOException("unsupported high tag encountered");
-                    }
-
-                    //
-                    // simple type - implicit... return an octet string
-                    //
-                    if ((tag & CONSTRUCTED) == 0)
-                    {
-                        byte[]  bytes = readIndefiniteLengthFully();
-
-                        return new BERTaggedObject(false, tag & 0x1f, new DEROctetString(bytes));
-                    }
-
-                    //
-                    // either constructed or explicitly tagged
-                    //
-                    DERObject        dObj = readObject();
-
-                    if (dObj == END_OF_STREAM)     // empty tag!
-                    {
-                        return new DERTaggedObject(tag & 0x1f);
-                    }
-
-                    DERObject       next = readObject();
-
-                    //
-                    // explicitly tagged (probably!) - if it isn't we'd have to
-                    // tell from the context
-                    //
-                    if (next == END_OF_STREAM)
-                    {
-                        return new BERTaggedObject(tag & 0x1f, dObj);
-                    }
-
-                    //
-                    // another implicit object, we'll create a sequence...
-                    //
-                    seq = new BERConstructedSequence();
-
-                    seq.addObject(dObj);
-
-                    do
-                    {
-                        seq.addObject(next);
-                        next = readObject();
-                    }
-                    while (next != END_OF_STREAM);
-
-                    return new BERTaggedObject(false, tag & 0x1f, seq);
-                }
-
-                throw new IOException("unknown BER object encountered");
-            }
-        }
-        else
-        {
-            if (tag == 0 && length == 0)    // end of contents marker.
-            {
-                return END_OF_STREAM;
-            }
-
-            byte[]  bytes = new byte[length];
-    
-            readFully(bytes);
-    
-            return buildObject(tag, bytes);
-        }
-    }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java b/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java
index bc937ad..1118a56 100644
--- a/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java
+++ b/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java
@@ -1,9 +1,9 @@
 package org.bouncycastle.asn1;
 
-import org.bouncycastle.util.io.Streams;
-
-import java.io.InputStream;
 import java.io.IOException;
+import java.io.InputStream;
+
+import org.bouncycastle.util.io.Streams;
 
 public class BEROctetStringParser
     implements ASN1OctetStringParser
@@ -16,25 +16,22 @@
         _parser = parser;
     }
 
-    /**
-     * @deprecated will be removed
-     */
-    protected BEROctetStringParser(
-        ASN1ObjectParser parser)
-    {
-        _parser = parser._aIn;
-    }
-
     public InputStream getOctetStream()
     {
         return new ConstructedOctetStream(_parser);
     }
 
+    public DERObject getLoadedObject()
+        throws IOException
+    {
+        return new BERConstructedOctetString(Streams.readAll(getOctetStream()));
+    }
+
     public DERObject getDERObject()
     {
         try
         {
-            return new BERConstructedOctetString(Streams.readAll(getOctetStream()));
+            return getLoadedObject();
         }
         catch (IOException e)
         {
diff --git a/src/main/java/org/bouncycastle/asn1/BERSequence.java b/src/main/java/org/bouncycastle/asn1/BERSequence.java
index c389fa8..aec6fd6 100644
--- a/src/main/java/org/bouncycastle/asn1/BERSequence.java
+++ b/src/main/java/org/bouncycastle/asn1/BERSequence.java
@@ -26,7 +26,7 @@
      * create a sequence containing a vector of objects.
      */
     public BERSequence(
-        DEREncodableVector   v)
+        ASN1EncodableVector   v)
     {
         super(v);
     }
diff --git a/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java b/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java
index cd0ca27..4f3b7ec 100644
--- a/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java
+++ b/src/main/java/org/bouncycastle/asn1/BERSequenceParser.java
@@ -18,11 +18,17 @@
         return _parser.readObject();
     }
 
+    public DERObject getLoadedObject()
+        throws IOException
+    {
+        return new BERSequence(_parser.readVector());
+    }
+    
     public DERObject getDERObject()
     {
         try
         {
-            return new BERSequence(_parser.readVector());
+            return getLoadedObject();
         }
         catch (IOException e)
         {
diff --git a/src/main/java/org/bouncycastle/asn1/BERSet.java b/src/main/java/org/bouncycastle/asn1/BERSet.java
index 1ccf0fd..a5a2633 100644
--- a/src/main/java/org/bouncycastle/asn1/BERSet.java
+++ b/src/main/java/org/bouncycastle/asn1/BERSet.java
@@ -26,7 +26,7 @@
      * @param v - a vector of objects making up the set.
      */
     public BERSet(
-        DEREncodableVector   v)
+        ASN1EncodableVector   v)
     {
         super(v, false);
     }
@@ -35,7 +35,7 @@
      * @param v - a vector of objects making up the set.
      */
     BERSet(
-        DEREncodableVector   v,
+        ASN1EncodableVector  v,
         boolean              needsSorting)
     {
         super(v, needsSorting);
diff --git a/src/main/java/org/bouncycastle/asn1/BERSetParser.java b/src/main/java/org/bouncycastle/asn1/BERSetParser.java
index ac280d3..e345f3f 100644
--- a/src/main/java/org/bouncycastle/asn1/BERSetParser.java
+++ b/src/main/java/org/bouncycastle/asn1/BERSetParser.java
@@ -18,11 +18,17 @@
         return _parser.readObject();
     }
 
+    public DERObject getLoadedObject()
+        throws IOException
+    {
+        return new BERSet(_parser.readVector(), false);
+    }
+
     public DERObject getDERObject()
     {
         try
         {
-            return new BERSet(_parser.readVector(), false);
+            return getLoadedObject();
         }
         catch (IOException e)
         {
diff --git a/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java b/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java
index ce7318d..40333fb 100644
--- a/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java
+++ b/src/main/java/org/bouncycastle/asn1/BERTaggedObjectParser.java
@@ -6,33 +6,41 @@
 public class BERTaggedObjectParser
     implements ASN1TaggedObjectParser
 {
-    private int _baseTag;
+    private boolean _constructed;
     private int _tagNumber;
-    private InputStream _contentStream;
+    private ASN1StreamParser _parser;
 
-    private boolean _indefiniteLength;
-
+    /**
+     * @deprecated
+     */
     protected BERTaggedObjectParser(
         int         baseTag,
         int         tagNumber,
         InputStream contentStream)
     {
-        _baseTag = baseTag;
+        this((baseTag & DERTags.CONSTRUCTED) != 0, tagNumber, new ASN1StreamParser(contentStream));
+    }
+
+    BERTaggedObjectParser(
+        boolean             constructed,
+        int                 tagNumber,
+        ASN1StreamParser    parser)
+    {
+        _constructed = constructed;
         _tagNumber = tagNumber;
-        _contentStream = contentStream;
-        _indefiniteLength = contentStream instanceof IndefiniteLengthInputStream;
+        _parser = parser;
     }
 
     public boolean isConstructed()
     {
-        return (_baseTag & DERTags.CONSTRUCTED) != 0;
+        return _constructed;
     }
 
     public int getTagNo()
     {
         return _tagNumber;
     }
-    
+
     public DEREncodable getObjectParser(
         int     tag,
         boolean isExplicit)
@@ -40,84 +48,31 @@
     {
         if (isExplicit)
         {
-            return new ASN1StreamParser(_contentStream).readObject();
+            if (!_constructed)
+            {
+                throw new IOException("Explicit tags must be constructed (see X.690 8.14.2)");
+            }
+            return _parser.readObject();
         }
 
-        switch (tag)
-        {
-            case DERTags.SET:
-                if (_indefiniteLength)
-                {
-                    return new BERSetParser(new ASN1StreamParser(_contentStream));
-                }
-                else
-                {
-                    return new DERSetParser(new ASN1StreamParser(_contentStream));
-                }
-            case DERTags.SEQUENCE:
-                if (_indefiniteLength)
-                {
-                    return new BERSequenceParser(new ASN1StreamParser(_contentStream));
-                }
-                else
-                {
-                    return new DERSequenceParser(new ASN1StreamParser(_contentStream));
-                }
-            case DERTags.OCTET_STRING:
-                // TODO Is the handling of definite length constructed encodings correct?
-                if (_indefiniteLength || this.isConstructed())
-                {
-                    return new BEROctetStringParser(new ASN1StreamParser(_contentStream));
-                }
-                else
-                {
-                    return new DEROctetStringParser((DefiniteLengthInputStream)_contentStream);
-                }
-        }
-
-        throw new RuntimeException("implicit tagging not implemented");
+        return _parser.readImplicit(_constructed, tag);
     }
 
-    private ASN1EncodableVector rLoadVector(InputStream in)
+    public DERObject getLoadedObject()
+        throws IOException
     {
-        try
-        {
-            return new ASN1StreamParser(in).readVector();
-        }
-        catch (IOException e)
-        {
-            throw new ASN1ParsingException(e.getMessage(), e);
-        }
+        return _parser.readTaggedObject(_constructed, _tagNumber);
     }
 
     public DERObject getDERObject()
     {
-        if (_indefiniteLength)
-        {
-            ASN1EncodableVector v = rLoadVector(_contentStream);
-
-            return v.size() == 1
-                ?   new BERTaggedObject(true, _tagNumber, v.get(0))
-                :   new BERTaggedObject(false, _tagNumber, BERFactory.createSequence(v));
-        }
-
-        if (this.isConstructed())
-        {
-            ASN1EncodableVector v = rLoadVector(_contentStream);
-
-            return v.size() == 1
-                ?   new DERTaggedObject(true, _tagNumber, v.get(0))
-                :   new DERTaggedObject(false, _tagNumber, DERFactory.createSequence(v));
-        }
-
         try
         {
-            DefiniteLengthInputStream defIn = (DefiniteLengthInputStream)_contentStream;
-            return new DERTaggedObject(false, _tagNumber, new DEROctetString(defIn.toByteArray()));
+            return this.getLoadedObject();
         }
         catch (IOException e)
         {
-            throw new IllegalStateException(e.getMessage());
+            throw new ASN1ParsingException(e.getMessage());
         }
     }
 }
diff --git a/src/main/java/org/bouncycastle/asn1/DERBMPString.java b/src/main/java/org/bouncycastle/asn1/DERBMPString.java
index 1472325..1ff72de 100644
--- a/src/main/java/org/bouncycastle/asn1/DERBMPString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERBMPString.java
@@ -25,16 +25,6 @@
             return (DERBMPString)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERBMPString(((ASN1OctetString)obj).getOctets());
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -51,7 +41,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERBMPString)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DERBMPString(ASN1OctetString.getInstance(o).getOctets());
+        }
     }
     
 
diff --git a/src/main/java/org/bouncycastle/asn1/DERBitString.java b/src/main/java/org/bouncycastle/asn1/DERBitString.java
index efcdaca..efca7d3 100644
--- a/src/main/java/org/bouncycastle/asn1/DERBitString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERBitString.java
@@ -1,10 +1,10 @@
 package org.bouncycastle.asn1;
 
-import org.bouncycastle.util.Arrays;
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 
+import org.bouncycastle.util.Arrays;
+
 public class DERBitString
     extends ASN1Object
     implements DERString
@@ -100,22 +100,6 @@
             return (DERBitString)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            byte[]  bytes = ((ASN1OctetString)obj).getOctets();
-            int     padBits = bytes[0];
-            byte[]  data = new byte[bytes.length - 1];
-
-            System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
-
-            return new DERBitString(data, padBits);
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -132,7 +116,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERBitString)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return fromOctetString(((ASN1OctetString)o).getOctets());
+        }
     }
     
     protected DERBitString(
@@ -263,4 +256,22 @@
     {
         return getString();
     }
+
+    static DERBitString fromOctetString(byte[] bytes)
+    {
+        if (bytes.length < 1)
+        {
+            throw new IllegalArgumentException("truncated BIT STRING detected");
+        }
+
+        int padBits = bytes[0];
+        byte[] data = new byte[bytes.length - 1];
+
+        if (data.length != 0)
+        {
+            System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
+        }
+
+        return new DERBitString(data, padBits);
+    }
 }
diff --git a/src/main/java/org/bouncycastle/asn1/DERBoolean.java b/src/main/java/org/bouncycastle/asn1/DERBoolean.java
index 5667715..5cba346 100644
--- a/src/main/java/org/bouncycastle/asn1/DERBoolean.java
+++ b/src/main/java/org/bouncycastle/asn1/DERBoolean.java
@@ -25,18 +25,6 @@
             return (DERBoolean)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            // BEGIN android-changed
-            return getInstance(((ASN1OctetString)obj).getOctets());
-            // END android-changed
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -73,24 +61,40 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
-    }
+        DERObject o = obj.getObject();
 
+        if (explicit || o instanceof DERBoolean)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            // BEGIN android-changed
+            return getInstance(((ASN1OctetString)o).getOctets());
+            // END android-changed
+        }
+    }
+    
     // BEGIN android-removed
-    //private DERBoolean(
-    //    byte[]       value)
-    //{
-    //    this.value = value[0];
-    //}
+    // public DERBoolean(
+    //     byte[]       value)
+    // {
+    //     if (value.length != 1)
+    //     {
+    //         throw new IllegalArgumentException("byte value should have 1 byte in it");
+    //     }
+    //
+    //     this.value = value[0];
+    // }
     // END android-removed
 
     // BEGIN android-changed
-    private DERBoolean(
+    protected DERBoolean(
         boolean     value)
+    // END android-changed
     {
         this.value = (value) ? (byte)0xff : (byte)0;
     }
-    // END android-changed
 
     public boolean isTrue()
     {
diff --git a/src/main/java/org/bouncycastle/asn1/DERConstructedSequence.java b/src/main/java/org/bouncycastle/asn1/DERConstructedSequence.java
deleted file mode 100644
index 99a493e..0000000
--- a/src/main/java/org/bouncycastle/asn1/DERConstructedSequence.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Enumeration;
-
-/**
- * @deprecated use DERSequence.
- */
-public class DERConstructedSequence
-    extends ASN1Sequence
-{
-    public void addObject(
-        DEREncodable obj)
-    {
-        super.addObject(obj);
-    }
-
-    public int getSize()
-    {
-        return size();
-    }
-
-    /*
-     * A note on the implementation:
-     * <p>
-     * As DER requires the constructed, definite-length model to
-     * be used for structured types, this varies slightly from the
-     * ASN.1 descriptions given. Rather than just outputing SEQUENCE,
-     * we also have to specify CONSTRUCTED, and the objects length.
-     */
-    void encode(
-        DEROutputStream out)
-        throws IOException
-    {
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        DEROutputStream         dOut = new DEROutputStream(bOut);
-        Enumeration             e = this.getObjects();
-
-        while (e.hasMoreElements())
-        {
-            Object    obj = e.nextElement();
-
-            dOut.writeObject(obj);
-        }
-
-        dOut.close();
-
-        byte[]  bytes = bOut.toByteArray();
-
-        out.writeEncoded(SEQUENCE | CONSTRUCTED, bytes);
-    }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/DERConstructedSet.java b/src/main/java/org/bouncycastle/asn1/DERConstructedSet.java
deleted file mode 100644
index 695cef3..0000000
--- a/src/main/java/org/bouncycastle/asn1/DERConstructedSet.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Enumeration;
-
-/**
- * 
- * @deprecated use DERSet
- */
-public class DERConstructedSet
-    extends ASN1Set
-{
-    public DERConstructedSet()
-    {
-    }
-
-    /**
-     * @param obj - a single object that makes up the set.
-     */
-    public DERConstructedSet(
-        DEREncodable   obj)
-    {
-        this.addObject(obj);
-    }
-
-    /**
-     * @param v - a vector of objects making up the set.
-     */
-    public DERConstructedSet(
-        DEREncodableVector   v)
-    {
-        for (int i = 0; i != v.size(); i++)
-        {
-            this.addObject(v.get(i));
-        }
-    }
-
-    public void addObject(
-        DEREncodable    obj)
-    {
-        super.addObject(obj);
-    }
-
-    public int getSize()
-    {
-        return size();
-    }
-
-    /*
-     * A note on the implementation:
-     * <p>
-     * As DER requires the constructed, definite-length model to
-     * be used for structured types, this varies slightly from the
-     * ASN.1 descriptions given. Rather than just outputing SET,
-     * we also have to specify CONSTRUCTED, and the objects length.
-     */
-    void encode(
-        DEROutputStream out)
-        throws IOException
-    {
-        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        DEROutputStream         dOut = new DEROutputStream(bOut);
-        Enumeration             e = this.getObjects();
-
-        while (e.hasMoreElements())
-        {
-            Object    obj = e.nextElement();
-
-            dOut.writeObject(obj);
-        }
-
-        dOut.close();
-
-        byte[]  bytes = bOut.toByteArray();
-
-        out.writeEncoded(SET | CONSTRUCTED, bytes);
-    }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/DEREnumerated.java b/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
index 5a9da4c..440744e 100644
--- a/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
+++ b/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
@@ -1,10 +1,10 @@
 package org.bouncycastle.asn1;
 
-import org.bouncycastle.util.Arrays;
-
 import java.io.IOException;
 import java.math.BigInteger;
 
+import org.bouncycastle.util.Arrays;
+
 public class DEREnumerated
     extends ASN1Object
 {
@@ -23,16 +23,6 @@
             return (DEREnumerated)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DEREnumerated(((ASN1OctetString)obj).getOctets());
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -49,7 +39,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DEREnumerated)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DEREnumerated(((ASN1OctetString)o).getOctets());
+        }
     }
 
     public DEREnumerated(
diff --git a/src/main/java/org/bouncycastle/asn1/DERExternal.java b/src/main/java/org/bouncycastle/asn1/DERExternal.java
index ad062c8..769c945 100644
--- a/src/main/java/org/bouncycastle/asn1/DERExternal.java
+++ b/src/main/java/org/bouncycastle/asn1/DERExternal.java
@@ -18,25 +18,32 @@
     public DERExternal(ASN1EncodableVector vector)
     {
         int offset = 0;
-        DERObject enc = vector.get(offset).getDERObject();
+
+        DERObject enc = getObjFromVector(vector, offset);
         if (enc instanceof DERObjectIdentifier)
         {
             directReference = (DERObjectIdentifier)enc;
             offset++;
-            enc = vector.get(offset).getDERObject();
+            enc = getObjFromVector(vector, offset);
         }
         if (enc instanceof DERInteger)
         {
             indirectReference = (DERInteger) enc;
             offset++;
-            enc = vector.get(offset).getDERObject();
+            enc = getObjFromVector(vector, offset);
         }
         if (!(enc instanceof DERTaggedObject))
         {
             dataValueDescriptor = (ASN1Object) enc;
             offset++;
-            enc = vector.get(offset).getDERObject();
+            enc = getObjFromVector(vector, offset);
         }
+
+        if (vector.size() != offset + 1)
+        {
+            throw new IllegalArgumentException("input vector too large");
+        }
+
         if (!(enc instanceof DERTaggedObject))
         {
             throw new IllegalArgumentException("No tagged object found in vector. Structure doesn't seem to be of type External");
@@ -46,6 +53,15 @@
         externalContent = obj.getObject();
     }
 
+    private DERObject getObjFromVector(ASN1EncodableVector v, int index)
+    {
+        if (v.size() <= index)
+        {
+            throw new IllegalArgumentException("too few objects in input vector");
+        }
+
+        return v.get(index).getDERObject();
+    }
     /**
      * Creates a new instance of DERExternal
      * See X.690 for more informations about the meaning of these parameters
diff --git a/src/main/java/org/bouncycastle/asn1/DERExternalParser.java b/src/main/java/org/bouncycastle/asn1/DERExternalParser.java
index 0fbfb68..059908f 100644
--- a/src/main/java/org/bouncycastle/asn1/DERExternalParser.java
+++ b/src/main/java/org/bouncycastle/asn1/DERExternalParser.java
@@ -3,7 +3,7 @@
 import java.io.IOException;
 
 public class DERExternalParser
-    implements DEREncodable
+    implements DEREncodable, InMemoryRepresentable
 {
     private ASN1StreamParser _parser;
 
@@ -20,12 +20,25 @@
     {
         return _parser.readObject();
     }
+
+    public DERObject getLoadedObject()
+        throws IOException
+    {
+        try
+        {
+            return new DERExternal(_parser.readVector());
+        }
+        catch (IllegalArgumentException e)
+        {
+            throw new ASN1Exception(e.getMessage(), e);
+        }
+    }
     
     public DERObject getDERObject()
     {
         try 
         {
-            return new DERExternal(_parser.readVector());
+            return getLoadedObject();
         }
         catch (IOException ioe) 
         {
diff --git a/src/main/java/org/bouncycastle/asn1/DERGeneralString.java b/src/main/java/org/bouncycastle/asn1/DERGeneralString.java
index 1992cf3..51d4658 100644
--- a/src/main/java/org/bouncycastle/asn1/DERGeneralString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERGeneralString.java
@@ -14,14 +14,7 @@
         {
             return (DERGeneralString) obj;
         }
-        if (obj instanceof ASN1OctetString) 
-        {
-            return new DERGeneralString(((ASN1OctetString) obj).getOctets());
-        }
-        if (obj instanceof ASN1TaggedObject) 
-        {
-            return getInstance(((ASN1TaggedObject) obj).getObject());
-        }
+
         throw new IllegalArgumentException("illegal object in getInstance: "
                 + obj.getClass().getName());
     }
@@ -30,7 +23,16 @@
         ASN1TaggedObject obj, 
         boolean explicit) 
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERGeneralString)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DERGeneralString(((ASN1OctetString)o).getOctets());
+        }
     }
 
     public DERGeneralString(byte[] string) 
diff --git a/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java b/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java
index 5366347..728cb22 100644
--- a/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java
+++ b/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java
@@ -28,11 +28,6 @@
             return (DERGeneralizedTime)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERGeneralizedTime(((ASN1OctetString)obj).getOctets());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -49,7 +44,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERGeneralizedTime)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DERGeneralizedTime(((ASN1OctetString)o).getOctets());
+        }
     }
     
     /**
@@ -223,7 +227,7 @@
         {
             d = this.getTime();
             if (hasFractionalSeconds())
-            {
+            { 
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz");
             }
             else
@@ -260,11 +264,22 @@
                     break;        
                 }
             }
+
             if (index - 1 > 3)
             {
                 frac = frac.substring(0, 4) + frac.substring(index);
                 d = d.substring(0, 14) + frac;
             }
+            else if (index - 1 == 1)
+            {
+                frac = frac.substring(0, index) + "00" + frac.substring(index);
+                d = d.substring(0, 14) + frac;
+            }
+            else if (index - 1 == 2)
+            {
+                frac = frac.substring(0, index) + "0" + frac.substring(index);
+                d = d.substring(0, 14) + frac;
+            }
         }
 
         return dateF.parse(d);
diff --git a/src/main/java/org/bouncycastle/asn1/DERIA5String.java b/src/main/java/org/bouncycastle/asn1/DERIA5String.java
index a90830c..e94c62b 100644
--- a/src/main/java/org/bouncycastle/asn1/DERIA5String.java
+++ b/src/main/java/org/bouncycastle/asn1/DERIA5String.java
@@ -24,16 +24,6 @@
             return (DERIA5String)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERIA5String(((ASN1OctetString)obj).getOctets());
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -50,7 +40,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERIA5String)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DERIA5String(((ASN1OctetString)o).getOctets());
+        }
     }
 
     /**
diff --git a/src/main/java/org/bouncycastle/asn1/DERInputStream.java b/src/main/java/org/bouncycastle/asn1/DERInputStream.java
deleted file mode 100644
index 6edc699..0000000
--- a/src/main/java/org/bouncycastle/asn1/DERInputStream.java
+++ /dev/null
@@ -1,276 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.io.ByteArrayInputStream;
-import java.io.EOFException;
-import java.io.FilterInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-/**
- * Don't use this class. It will eventually disappear, use ASN1InputStream.
- * <br>
- * This class is scheduled for removal.
- * @deprecated use ASN1InputStream
- */
-public class DERInputStream
-    extends FilterInputStream implements DERTags
-{
-    /**
-     * @deprecated use ASN1InputStream
-     */
-    public DERInputStream(
-        InputStream is)
-    {
-        super(is);
-    }
-
-    protected int readLength()
-        throws IOException
-    {
-        int length = read();
-        if (length < 0)
-        {
-            throw new IOException("EOF found when length expected");
-        }
-
-        if (length == 0x80)
-        {
-            return -1;      // indefinite-length encoding
-        }
-
-        if (length > 127)
-        {
-            int size = length & 0x7f;
-
-            if (size > 4)
-            {
-                throw new IOException("DER length more than 4 bytes");
-            }
-            
-            length = 0;
-            for (int i = 0; i < size; i++)
-            {
-                int next = read();
-
-                if (next < 0)
-                {
-                    throw new IOException("EOF found reading length");
-                }
-
-                length = (length << 8) + next;
-            }
-            
-            if (length < 0)
-            {
-                throw new IOException("corrupted stream - negative length found");
-            }
-        }
-
-        return length;
-    }
-
-    protected void readFully(
-        byte[]  bytes)
-        throws IOException
-    {
-        int     left = bytes.length;
-
-        if (left == 0)
-        {
-            return;
-        }
-
-        while (left > 0)
-        {
-            int    l = read(bytes, bytes.length - left, left);
-            
-            if (l < 0)
-            {
-                throw new EOFException("unexpected end of stream");
-            }
-            
-            left -= l;
-        }
-    }
-
-    /**
-     * build an object given its tag and a byte stream to construct it
-     * from.
-     */
-    protected DERObject buildObject(
-        int       tag,
-        byte[]    bytes)
-        throws IOException
-    {
-        switch (tag)
-        {
-        case NULL:
-            return null;   
-        case SEQUENCE | CONSTRUCTED:
-            ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
-            BERInputStream          dIn = new BERInputStream(bIn);
-            DERConstructedSequence  seq = new DERConstructedSequence();
-
-            try
-            {
-                for (;;)
-                {
-                    DERObject   obj = dIn.readObject();
-
-                    seq.addObject(obj);
-                }
-            }
-            catch (EOFException ex)
-            {
-                return seq;
-            }
-        case SET | CONSTRUCTED:
-            bIn = new ByteArrayInputStream(bytes);
-            dIn = new BERInputStream(bIn);
-
-            ASN1EncodableVector    v = new ASN1EncodableVector();
-
-            try
-            {
-                for (;;)
-                {
-                    DERObject   obj = dIn.readObject();
-
-                    v.add(obj);
-                }
-            }
-            catch (EOFException ex)
-            {
-                return new DERConstructedSet(v);
-            }
-        case BOOLEAN:
-            // BEGIN android-changed
-            return DERBoolean.getInstance(bytes);
-            // BEGIN android-changed
-        case INTEGER:
-            return new DERInteger(bytes);
-        case ENUMERATED:
-            return new DEREnumerated(bytes);
-        case OBJECT_IDENTIFIER:
-            return new DERObjectIdentifier(bytes);
-        case BIT_STRING:
-            int     padBits = bytes[0];
-            byte[]  data = new byte[bytes.length - 1];
-
-            System.arraycopy(bytes, 1, data, 0, bytes.length - 1);
-
-            return new DERBitString(data, padBits);
-        case UTF8_STRING:
-            return new DERUTF8String(bytes);
-        case PRINTABLE_STRING:
-            return new DERPrintableString(bytes);
-        case IA5_STRING:
-            return new DERIA5String(bytes);
-        case T61_STRING:
-            return new DERT61String(bytes);
-        case VISIBLE_STRING:
-            return new DERVisibleString(bytes);
-        case UNIVERSAL_STRING:
-            return new DERUniversalString(bytes);
-        case GENERAL_STRING:
-            return new DERGeneralString(bytes);
-        case BMP_STRING:
-            return new DERBMPString(bytes);
-        case OCTET_STRING:
-            return new DEROctetString(bytes);
-        case UTC_TIME:
-            return new DERUTCTime(bytes);
-        case GENERALIZED_TIME:
-            return new DERGeneralizedTime(bytes);
-        default:
-            //
-            // with tagged object tag number is bottom 5 bits
-            //
-            if ((tag & TAGGED) != 0)  
-            {
-                if ((tag & 0x1f) == 0x1f)
-                {
-                    throw new IOException("unsupported high tag encountered");
-                }
-
-                if (bytes.length == 0)        // empty tag!
-                {
-                    if ((tag & CONSTRUCTED) == 0)
-                    {
-                        // BEGIN android-changed
-                        return new DERTaggedObject(false, tag & 0x1f, DERNull.INSTANCE);
-                        // END android-changed
-                    }
-                    else
-                    {
-                        return new DERTaggedObject(false, tag & 0x1f, new DERConstructedSequence());
-                    }
-                }
-
-                //
-                // simple type - implicit... return an octet string
-                //
-                if ((tag & CONSTRUCTED) == 0)
-                {
-                    return new DERTaggedObject(false, tag & 0x1f, new DEROctetString(bytes));
-                }
-
-                bIn = new ByteArrayInputStream(bytes);
-                dIn = new BERInputStream(bIn);
-
-                DEREncodable dObj = dIn.readObject();
-
-                //
-                // explicitly tagged (probably!) - if it isn't we'd have to
-                // tell from the context
-                //
-                if (dIn.available() == 0)
-                {
-                    return new DERTaggedObject(tag & 0x1f, dObj);
-                }
-
-                //
-                // another implicit object, we'll create a sequence...
-                //
-                seq = new DERConstructedSequence();
-
-                seq.addObject(dObj);
-
-                try
-                {
-                    for (;;)
-                    {
-                        dObj = dIn.readObject();
-
-                        seq.addObject(dObj);
-                    }
-                }
-                catch (EOFException ex)
-                {
-                    // ignore --
-                }
-
-                return new DERTaggedObject(false, tag & 0x1f, seq);
-            }
-
-            return new DERUnknownTag(tag, bytes);
-        }
-    }
-
-    public DERObject readObject()
-        throws IOException
-    {
-        int tag = read();
-        if (tag == -1)
-        {
-            throw new EOFException();
-        }
-
-        int     length = readLength();
-        byte[]  bytes = new byte[length];
-
-        readFully(bytes);
-
-        return buildObject(tag, bytes);
-    }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/DERInteger.java b/src/main/java/org/bouncycastle/asn1/DERInteger.java
index 8f97428..c72a6cb 100644
--- a/src/main/java/org/bouncycastle/asn1/DERInteger.java
+++ b/src/main/java/org/bouncycastle/asn1/DERInteger.java
@@ -23,16 +23,6 @@
             return (DERInteger)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERInteger(((ASN1OctetString)obj).getOctets());
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -49,7 +39,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERInteger)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new ASN1Integer(ASN1OctetString.getInstance(obj.getObject()).getOctets());
+        }
     }
 
     public DERInteger(
diff --git a/src/main/java/org/bouncycastle/asn1/DERNumericString.java b/src/main/java/org/bouncycastle/asn1/DERNumericString.java
index 3c72193..23314a6 100644
--- a/src/main/java/org/bouncycastle/asn1/DERNumericString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERNumericString.java
@@ -24,16 +24,6 @@
             return (DERNumericString)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERNumericString(((ASN1OctetString)obj).getOctets());
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -50,7 +40,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERNumericString)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DERNumericString(ASN1OctetString.getInstance(o).getOctets());
+        }
     }
 
     /**
diff --git a/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java b/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
index bad9473..8e579f7 100644
--- a/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
+++ b/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
@@ -23,16 +23,6 @@
             return (DERObjectIdentifier)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERObjectIdentifier(((ASN1OctetString)obj).getOctets());
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -49,7 +39,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERObjectIdentifier)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new ASN1ObjectIdentifier(ASN1OctetString.getInstance(obj.getObject()).getOctets());
+        }
     }
     
 
@@ -147,39 +146,15 @@
         long            fieldValue)
         throws IOException
     {
-        if (fieldValue >= (1L << 7))
+        byte[] result = new byte[9];
+        int pos = 8;
+        result[pos] = (byte)((int)fieldValue & 0x7f);
+        while (fieldValue >= (1L << 7))
         {
-            if (fieldValue >= (1L << 14))
-            {
-                if (fieldValue >= (1L << 21))
-                {
-                    if (fieldValue >= (1L << 28))
-                    {
-                        if (fieldValue >= (1L << 35))
-                        {
-                            if (fieldValue >= (1L << 42))
-                            {
-                                if (fieldValue >= (1L << 49))
-                                {
-                                    if (fieldValue >= (1L << 56))
-                                    {
-                                        out.write((int)(fieldValue >> 56) | 0x80);
-                                    }
-                                    out.write((int)(fieldValue >> 49) | 0x80);
-                                }
-                                out.write((int)(fieldValue >> 42) | 0x80);
-                            }
-                            out.write((int)(fieldValue >> 35) | 0x80);
-                        }
-                        out.write((int)(fieldValue >> 28) | 0x80);
-                    }
-                    out.write((int)(fieldValue >> 21) | 0x80);
-                }
-                out.write((int)(fieldValue >> 14) | 0x80);
-            }
-            out.write((int)(fieldValue >> 7) | 0x80);
+            fieldValue >>= 7;
+            result[--pos] = (byte)((int)fieldValue & 0x7f | 0x80);
         }
-        out.write((int)fieldValue & 0x7f);
+        out.write(result, pos, 9 - pos);
     }
 
     private void writeField(
diff --git a/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java b/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java
index f6138d9..2318f5c 100644
--- a/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java
+++ b/src/main/java/org/bouncycastle/asn1/DEROctetStringParser.java
@@ -1,7 +1,7 @@
 package org.bouncycastle.asn1;
 
-import java.io.InputStream;
 import java.io.IOException;
+import java.io.InputStream;
 
 public class DEROctetStringParser
     implements ASN1OctetStringParser
@@ -19,11 +19,17 @@
         return stream;
     }
 
+    public DERObject getLoadedObject()
+        throws IOException
+    {
+        return new DEROctetString(stream.toByteArray());
+    }
+    
     public DERObject getDERObject()
     {
         try
         {
-            return new DEROctetString(stream.toByteArray());
+            return getLoadedObject();
         }
         catch (IOException e)
         {
diff --git a/src/main/java/org/bouncycastle/asn1/DERPrintableString.java b/src/main/java/org/bouncycastle/asn1/DERPrintableString.java
index c7a6f44..2f84c1c 100644
--- a/src/main/java/org/bouncycastle/asn1/DERPrintableString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERPrintableString.java
@@ -26,16 +26,6 @@
             return (DERPrintableString)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERPrintableString(((ASN1OctetString)obj).getOctets());
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -52,7 +42,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERPrintableString)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DERPrintableString(ASN1OctetString.getInstance(o).getOctets());
+        }
     }
 
     /**
diff --git a/src/main/java/org/bouncycastle/asn1/DERSequence.java b/src/main/java/org/bouncycastle/asn1/DERSequence.java
index a2e6ab5..bb7f7fb 100644
--- a/src/main/java/org/bouncycastle/asn1/DERSequence.java
+++ b/src/main/java/org/bouncycastle/asn1/DERSequence.java
@@ -27,7 +27,7 @@
      * create a sequence containing a vector of objects.
      */
     public DERSequence(
-        DEREncodableVector   v)
+        ASN1EncodableVector   v)
     {
         for (int i = 0; i != v.size(); i++)
         {
diff --git a/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java b/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java
index 59ba7f7..b91dfa0 100644
--- a/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java
+++ b/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java
@@ -18,11 +18,17 @@
         return _parser.readObject();
     }
 
+    public DERObject getLoadedObject()
+        throws IOException
+    {
+         return new DERSequence(_parser.readVector());
+    }
+
     public DERObject getDERObject()
     {
         try
         {
-            return new DERSequence(_parser.readVector());
+            return getLoadedObject();
         }
         catch (IOException e)
         {
diff --git a/src/main/java/org/bouncycastle/asn1/DERSet.java b/src/main/java/org/bouncycastle/asn1/DERSet.java
index b116e0c..c4acc82 100644
--- a/src/main/java/org/bouncycastle/asn1/DERSet.java
+++ b/src/main/java/org/bouncycastle/asn1/DERSet.java
@@ -30,7 +30,7 @@
      * @param v - a vector of objects making up the set.
      */
     public DERSet(
-        DEREncodableVector   v)
+        ASN1EncodableVector   v)
     {
         this(v, true);
     }
@@ -53,7 +53,7 @@
      * @param v - a vector of objects making up the set.
      */
     DERSet(
-        DEREncodableVector   v,
+        ASN1EncodableVector  v,
         boolean              needsSorting)
     {
         for (int i = 0; i != v.size(); i++)
diff --git a/src/main/java/org/bouncycastle/asn1/DERSetParser.java b/src/main/java/org/bouncycastle/asn1/DERSetParser.java
index 2793e51..44ddb80 100644
--- a/src/main/java/org/bouncycastle/asn1/DERSetParser.java
+++ b/src/main/java/org/bouncycastle/asn1/DERSetParser.java
@@ -18,11 +18,17 @@
         return _parser.readObject();
     }
 
+    public DERObject getLoadedObject()
+        throws IOException
+    {
+        return new DERSet(_parser.readVector(), false);
+    }
+
     public DERObject getDERObject()
     {
         try
         {
-            return new DERSet(_parser.readVector(), false);
+            return getLoadedObject();
         }
         catch (IOException e)
         {
diff --git a/src/main/java/org/bouncycastle/asn1/DERString.java b/src/main/java/org/bouncycastle/asn1/DERString.java
index 3143be9..37dc905 100644
--- a/src/main/java/org/bouncycastle/asn1/DERString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERString.java
@@ -4,6 +4,7 @@
  * basic interface for DER string objects.
  */
 public interface DERString
+    extends ASN1String
 {
-    public String getString();
+
 }
diff --git a/src/main/java/org/bouncycastle/asn1/DERT61String.java b/src/main/java/org/bouncycastle/asn1/DERT61String.java
index 09039fc..519a950 100644
--- a/src/main/java/org/bouncycastle/asn1/DERT61String.java
+++ b/src/main/java/org/bouncycastle/asn1/DERT61String.java
@@ -24,16 +24,6 @@
             return (DERT61String)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERT61String(((ASN1OctetString)obj).getOctets());
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -50,7 +40,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DERT61String(ASN1OctetString.getInstance(o).getOctets());
+        }
     }
 
     /**
diff --git a/src/main/java/org/bouncycastle/asn1/DERUTCTime.java b/src/main/java/org/bouncycastle/asn1/DERUTCTime.java
index 7a05664..f183d72 100644
--- a/src/main/java/org/bouncycastle/asn1/DERUTCTime.java
+++ b/src/main/java/org/bouncycastle/asn1/DERUTCTime.java
@@ -27,11 +27,6 @@
             return (DERUTCTime)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERUTCTime(((ASN1OctetString)obj).getOctets());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -48,7 +43,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERUTCTime)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DERUTCTime(((ASN1OctetString)o).getOctets());
+        }
     }
     
     /**
diff --git a/src/main/java/org/bouncycastle/asn1/DERUTF8String.java b/src/main/java/org/bouncycastle/asn1/DERUTF8String.java
index 082aa63..06d6fe9 100644
--- a/src/main/java/org/bouncycastle/asn1/DERUTF8String.java
+++ b/src/main/java/org/bouncycastle/asn1/DERUTF8String.java
@@ -1,9 +1,9 @@
 package org.bouncycastle.asn1;
 
-import org.bouncycastle.util.Strings;
-
 import java.io.IOException;
 
+import org.bouncycastle.util.Strings;
+
 /**
  * DER UTF8String object.
  */
@@ -26,16 +26,6 @@
             return (DERUTF8String)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERUTF8String(((ASN1OctetString)obj).getOctets());
-        }
-
-        if (obj instanceof ASN1TaggedObject)
-        {
-            return getInstance(((ASN1TaggedObject)obj).getObject());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: "
                 + obj.getClass().getName());
     }
@@ -55,15 +45,31 @@
         ASN1TaggedObject obj,
         boolean explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERUTF8String)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DERUTF8String(ASN1OctetString.getInstance(o).getOctets());
+        }
     }
 
     /**
      * basic constructor - byte encoded string.
      */
-    DERUTF8String(byte[] string)
+    public DERUTF8String(byte[] string)
     {
-        this.string = Strings.fromUTF8ByteArray(string);
+        try
+        {
+            this.string = Strings.fromUTF8ByteArray(string);
+        }
+        catch (ArrayIndexOutOfBoundsException e)
+        {
+            throw new IllegalArgumentException("UTF8 encoding invalid");
+        }
     }
 
     /**
diff --git a/src/main/java/org/bouncycastle/asn1/DERUniversalString.java b/src/main/java/org/bouncycastle/asn1/DERUniversalString.java
index 68be9a0..6e54934 100644
--- a/src/main/java/org/bouncycastle/asn1/DERUniversalString.java
+++ b/src/main/java/org/bouncycastle/asn1/DERUniversalString.java
@@ -26,11 +26,6 @@
             return (DERUniversalString)obj;
         }
 
-        if (obj instanceof ASN1OctetString)
-        {
-            return new DERUniversalString(((ASN1OctetString)obj).getOctets());
-        }
-
         throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
@@ -47,7 +42,16 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject());
+        DERObject o = obj.getObject();
+
+        if (explicit || o instanceof DERUniversalString)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new DERUniversalString(((ASN1OctetString)o).getOctets());
+        }
     }
 
     /**
diff --git a/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java b/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java
index 2a7f2e7..3785174 100644
--- a/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java
+++ b/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java
@@ -18,7 +18,7 @@
         InputStream in,
         int         length)
     {
-        super(in);
+        super(in, length);
 
         if (length < 0)
         {
diff --git a/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java b/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java
new file mode 100644
index 0000000..981ee1b
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/InMemoryRepresentable.java
@@ -0,0 +1,9 @@
+package org.bouncycastle.asn1;
+
+import java.io.IOException;
+
+public interface InMemoryRepresentable
+{
+    DERObject getLoadedObject()
+        throws IOException;
+}
diff --git a/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java b/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java
index d9eac06..353da3b 100644
--- a/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java
+++ b/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java
@@ -13,10 +13,11 @@
     private boolean _eofOn00 = true;
 
     IndefiniteLengthInputStream(
-        InputStream in)
+        InputStream in,
+        int         limit)
         throws IOException
     {
-        super(in);
+        super(in, limit);
 
         _b1 = in.read();
         _b2 = in.read();
diff --git a/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java b/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java
index da9e1b8..91074a6 100644
--- a/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java
+++ b/src/main/java/org/bouncycastle/asn1/LazyDERSequence.java
@@ -29,7 +29,7 @@
         parsed = true;
     }
 
-    public DEREncodable getObjectAt(int index)
+    public synchronized DEREncodable getObjectAt(int index)
     {
         if (!parsed)
         {
@@ -39,7 +39,7 @@
         return super.getObjectAt(index);
     }
 
-    public Enumeration getObjects()
+    public synchronized Enumeration getObjects()
     {
         if (parsed)
         {
diff --git a/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java b/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java
index 5a93335..d94b0bd 100644
--- a/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java
+++ b/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java
@@ -6,13 +6,22 @@
         extends InputStream
 {
     protected final InputStream _in;
+    private int _limit;
 
     LimitedInputStream(
-        InputStream in)
+        InputStream in,
+        int         limit)
     {
         this._in = in;
+        this._limit = limit;
     }
 
+    int getRemaining()
+    {
+        // TODO: maybe one day this can become more accurate
+        return _limit;
+    }
+    
     protected void setParentEofDetect(boolean on)
     {
         if (_in instanceof IndefiniteLengthInputStream)
diff --git a/src/main/java/org/bouncycastle/asn1/OrderedTable.java b/src/main/java/org/bouncycastle/asn1/OrderedTable.java
deleted file mode 100644
index 8db8ab8..0000000
--- a/src/main/java/org/bouncycastle/asn1/OrderedTable.java
+++ /dev/null
@@ -1,281 +0,0 @@
-package org.bouncycastle.asn1;
-
-import java.util.Enumeration;
-import java.util.ConcurrentModificationException;
-
-// BEGIN android-note
-/*
- * This is a new class that was synthesized from the observed
- * requirement for a lookup table that preserves order. Since in
- * practice the element count is typically very low, we just use a
- * flat list rather than doing any hashing / bucketing.
- */
-// END android-note
-
-/**
- * Ordered lookup table. Instances of this class will keep up to four
- * key-value pairs directly, resorting to an external collection only
- * if more elements than that need to be stored.
- */
-public final class OrderedTable {
-    /** null-ok; key #0 */
-    private DERObjectIdentifier key0;
-    
-    /** null-ok; key #1 */
-    private DERObjectIdentifier key1;
-
-    /** null-ok; key #2 */
-    private DERObjectIdentifier key2;
-
-    /** null-ok; key #3 */
-    private DERObjectIdentifier key3;
-    
-    /** null-ok; value #0 */
-    private Object value0;
-    
-    /** null-ok; value #1 */
-    private Object value1;
-
-    /** null-ok; value #2 */
-    private Object value2;
-
-    /** null-ok; value #3 */
-    private Object value3;
-    
-    /**
-     * null-ok; array of additional keys and values, alternating
-     * key then value, etc. 
-     */
-    private Object[] rest;
-
-    /** &gt;= 0; number of elements in the list */
-    private int size;
-
-    // Note: Default public constructor.
-
-    /**
-     * Adds an element assuming no duplicate key.
-     * 
-     * @see #put
-     * 
-     * @param key non-null; the key
-     * @param value non-null; the value
-     */
-    public void add(DERObjectIdentifier key, Object value) {
-        if (key == null) {
-            throw new NullPointerException("key == null");
-        }
-
-        if (value == null) {
-            throw new NullPointerException("value == null");
-        }
-
-        int sz = size;
-
-        switch (sz) {
-            case 0: {
-                key0 = key;
-                value0 = value;
-                break;
-            }
-            case 1: {
-                key1 = key;
-                value1 = value;
-                break;
-            }
-            case 2: {
-                key2 = key;
-                value2 = value;
-                break;
-            }
-            case 3: {
-                key3 = key;
-                value3 = value;
-                break;
-            }
-            case 4: {
-                // Do initial allocation of rest.
-                rest = new Object[10];
-                rest[0] = key;
-                rest[1] = value;
-                break;
-            }
-            default: {
-                int index = (sz - 4) * 2;
-                int index1 = index + 1;
-                if (index1 >= rest.length) {
-                    // Grow rest.
-                    Object[] newRest = new Object[index1 * 2 + 10];
-                    System.arraycopy(rest, 0, newRest, 0, rest.length);
-                    rest = newRest;
-                }
-                rest[index] = key;
-                rest[index1] = value;
-                break;
-            }
-        }
-        
-        size = sz + 1;
-    }
-
-    /**
-     * Gets the number of elements in this instance.
-     */
-    public int size() {
-        return size;
-    }
-
-    /**
-     * Look up the given key, returning the associated value if found.
-     * 
-     * @param key non-null; the key to look up
-     * @return null-ok; the associated value
-     */
-    public Object get(DERObjectIdentifier key) {
-        int keyHash = key.hashCode();
-        int sz = size;
-
-        for (int i = 0; i < size; i++) {
-            DERObjectIdentifier probe = getKey(i);
-            if ((probe.hashCode() == keyHash) &&
-                    probe.equals(key)) {
-                return getValue(i);
-            }
-        }
-
-        return null;
-    }
-    
-    /**
-     * Replace a key if present, otherwise add
-     * 
-     * @see #add
-     * 
-     * @param key non-null; the key
-     * @param value non-null; the value
-     */
-    public void put(DERObjectIdentifier key, Object value) {
-        if (key == null) {
-            throw new NullPointerException("key == null");
-        }
-
-        if (value == null) {
-            throw new NullPointerException("value == null");
-        }
-
-        int keyHash = key.hashCode();
-        int sz = size;
-
-        for (int i = 0; i < size; i++) {
-            DERObjectIdentifier probe = getKey(i);
-            if ((probe.hashCode() == keyHash) &&
-                    probe.equals(key)) {
-                setValue(i, value);
-                return;
-            }
-        }
-
-        add(key, value);
-    }
-    
-    /**
-     * Gets the nth key.
-     * 
-     * @param n index
-     * @return non-null; the nth key
-     */
-    public DERObjectIdentifier getKey(int n) {
-        if ((n < 0) || (n >= size)) {
-            throw new IndexOutOfBoundsException(Integer.toString(n));
-        }
-
-        switch (n) {
-            case 0: return key0;
-            case 1: return key1;
-            case 2: return key2;
-            case 3: return key3;
-            default: return (DERObjectIdentifier) rest[(n - 4) * 2];
-        }
-    }
-
-    /**
-     * Gets the nth value.
-     * 
-     * @param n index
-     * @return non-null; the nth value
-     */
-    public Object getValue(int n) {
-        if ((n < 0) || (n >= size)) {
-            throw new IndexOutOfBoundsException(Integer.toString(n));
-        }
-
-        switch (n) {
-            case 0: return value0;
-            case 1: return value1;
-            case 2: return value2;
-            case 3: return value3;
-            default: return rest[((n - 4) * 2) + 1];
-        }
-    }
-
-    /**
-     * Sets the nth value.
-     * 
-     * @param n index
-     * @param value non-null object
-     */
-    public void setValue(int n, Object value) {
-        if ((n < 0) || (n >= size)) {
-            throw new IndexOutOfBoundsException(Integer.toString(n));
-        }
-        if (value == null) {
-            throw new NullPointerException("value == null");
-        }
-
-        switch (n) {
-            case 0: value0 = value; return;
-            case 1: value1 = value; return;
-            case 2: value2 = value; return;
-            case 3: value3 = value; return;
-            default: rest[((n - 4) * 2) + 1] = value; return;
-        }
-    }
-
-    /**
-     * Gets an enumeration of the keys, in order.
-     * 
-     * @return non-null; an enumeration of the keys
-     */
-    public Enumeration getKeys() {
-        return new KeyEnumeration();
-    }
-
-    /**
-     * Associated enumeration class.
-     */
-    private class KeyEnumeration implements Enumeration {
-        /** original size; used for modification detection */
-        private final int origSize = size;
-
-        /** &gt;= 0; current cursor */
-        private int at = 0;
-
-        /** {@inheritDoc} */
-        public boolean hasMoreElements() {
-            if (size != origSize) {
-                throw new ConcurrentModificationException();
-            }
-
-            return at < origSize;
-        }
-
-        /** {@inheritDoc} */
-        public Object nextElement() {
-            if (size != origSize) {
-                throw new ConcurrentModificationException();
-            }
-
-            return getKey(at++);
-        }
-    }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java
deleted file mode 100644
index 88e7c18..0000000
--- a/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.bouncycastle.asn1.cms;
-
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-
-public interface CMSObjectIdentifiers
-{
-    static final DERObjectIdentifier    data = PKCSObjectIdentifiers.data;
-    static final DERObjectIdentifier    signedData = PKCSObjectIdentifiers.signedData;
-    static final DERObjectIdentifier    envelopedData = PKCSObjectIdentifiers.envelopedData;
-    static final DERObjectIdentifier    signedAndEnvelopedData = PKCSObjectIdentifiers.signedAndEnvelopedData;
-    static final DERObjectIdentifier    digestedData = PKCSObjectIdentifiers.digestedData;
-    static final DERObjectIdentifier    encryptedData = PKCSObjectIdentifiers.encryptedData;
-    static final DERObjectIdentifier    authenticatedData = PKCSObjectIdentifiers.id_ct_authData;
-    static final DERObjectIdentifier    compressedData = PKCSObjectIdentifiers.id_ct_compressedData;
-    static final DERObjectIdentifier    authEnvelopedData = PKCSObjectIdentifiers.id_ct_authEnvelopedData;
-}
diff --git a/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java b/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
index 8ab346d..f222d9e 100644
--- a/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
+++ b/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
@@ -1,22 +1,22 @@
 package org.bouncycastle.asn1.cms;
 
-import java.util.Enumeration;
-
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.BERSequence;
 import org.bouncycastle.asn1.BERTaggedObject;
 import org.bouncycastle.asn1.DEREncodable;
 import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 
 public class ContentInfo
     extends ASN1Encodable
-    implements CMSObjectIdentifiers
+    // BEGIN android-removed
+    // implements CMSObjectIdentifiers
+    // END android-removed
 {
-    private DERObjectIdentifier contentType;
+    private ASN1ObjectIdentifier contentType;
     private DEREncodable        content;
 
     public static ContentInfo getInstance(
@@ -37,25 +37,34 @@
     public ContentInfo(
         ASN1Sequence  seq)
     {
-        Enumeration   e = seq.getObjects();
-
-        contentType = (DERObjectIdentifier)e.nextElement();
-
-        if (e.hasMoreElements())
+        if (seq.size() < 1 || seq.size() > 2)
         {
-            content = ((ASN1TaggedObject)e.nextElement()).getObject();
+            throw new IllegalArgumentException("Bad sequence size: " + seq.size());
+        }
+
+        contentType = (ASN1ObjectIdentifier)seq.getObjectAt(0);
+
+        if (seq.size() > 1)
+        {
+            ASN1TaggedObject tagged = (ASN1TaggedObject)seq.getObjectAt(1);
+            if (!tagged.isExplicit() || tagged.getTagNo() != 0)
+            {
+                throw new IllegalArgumentException("Bad tag for 'content'");
+            }
+
+            content = tagged.getObject();
         }
     }
 
     public ContentInfo(
-        DERObjectIdentifier contentType,
+        ASN1ObjectIdentifier contentType,
         DEREncodable        content)
     {
         this.contentType = contentType;
         this.content = content;
     }
 
-    public DERObjectIdentifier getContentType()
+    public ASN1ObjectIdentifier getContentType()
     {
         return contentType;
     }
diff --git a/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java
index 6faa597..e9ab8d6 100644
--- a/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java
@@ -1,6 +1,6 @@
 package org.bouncycastle.asn1.iana;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 public interface IANAObjectIdentifiers
 {
@@ -8,13 +8,13 @@
     // {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1)}
     //
 
-    static final DERObjectIdentifier    isakmpOakley  = new DERObjectIdentifier("1.3.6.1.5.5.8.1");
+    static final ASN1ObjectIdentifier    isakmpOakley  = new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1");
 
-    static final DERObjectIdentifier    hmacMD5       = new DERObjectIdentifier(isakmpOakley + ".1");
-    static final DERObjectIdentifier    hmacSHA1     = new DERObjectIdentifier(isakmpOakley + ".2");
+    static final ASN1ObjectIdentifier    hmacMD5       = new ASN1ObjectIdentifier(isakmpOakley + ".1");
+    static final ASN1ObjectIdentifier    hmacSHA1     = new ASN1ObjectIdentifier(isakmpOakley + ".2");
     
-    static final DERObjectIdentifier    hmacTIGER     = new DERObjectIdentifier(isakmpOakley + ".3");
+    static final ASN1ObjectIdentifier    hmacTIGER     = new ASN1ObjectIdentifier(isakmpOakley + ".3");
     
-    static final DERObjectIdentifier    hmacRIPEMD160 = new DERObjectIdentifier(isakmpOakley + ".4");
+    static final ASN1ObjectIdentifier    hmacRIPEMD160 = new ASN1ObjectIdentifier(isakmpOakley + ".4");
 
 }
diff --git a/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java
index c1b2356..bc2ac8d 100644
--- a/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.java
@@ -1,13 +1,13 @@
 package org.bouncycastle.asn1.isismtt;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 public interface ISISMTTObjectIdentifiers
 {
 
-    public static final DERObjectIdentifier id_isismtt = new DERObjectIdentifier("1.3.36.8");
+    static final ASN1ObjectIdentifier id_isismtt = new ASN1ObjectIdentifier("1.3.36.8");
 
-    public static final DERObjectIdentifier id_isismtt_cp = new DERObjectIdentifier(id_isismtt + ".1");
+    static final ASN1ObjectIdentifier id_isismtt_cp = id_isismtt.branch("1");
 
     /**
      * The id-isismtt-cp-accredited OID indicates that the certificate is a
@@ -16,9 +16,9 @@
      * Framework for Electronic Signatures, which additionally conforms the
      * special requirements of the SigG and has been issued by an accredited CA.
      */
-    public static final DERObjectIdentifier id_isismtt_cp_accredited = new DERObjectIdentifier(id_isismtt_cp + ".1");
+    static final ASN1ObjectIdentifier id_isismtt_cp_accredited = id_isismtt_cp.branch("1");
 
-    public static final DERObjectIdentifier id_isismtt_at = new DERObjectIdentifier(id_isismtt + ".3");
+    static final ASN1ObjectIdentifier id_isismtt_at = id_isismtt.branch("3");
 
     /**
      * Certificate extensionDate of certificate generation
@@ -27,19 +27,19 @@
      *                DateOfCertGenSyntax ::= GeneralizedTime
      * </pre>
      */
-    public static final DERObjectIdentifier id_isismtt_at_dateOfCertGen = new DERObjectIdentifier(id_isismtt_at + ".1");
+    static final ASN1ObjectIdentifier id_isismtt_at_dateOfCertGen = id_isismtt_at.branch("1");
 
     /**
      * Attribute to indicate that the certificate holder may sign in the name of
      * a third person. May also be used as extension in a certificate.
      */
-    public static final DERObjectIdentifier id_isismtt_at_procuration = new DERObjectIdentifier(id_isismtt_at + ".2");
+    static final ASN1ObjectIdentifier id_isismtt_at_procuration = id_isismtt_at.branch("2");
 
     /**
      * Attribute to indicate admissions to certain professions. May be used as
      * attribute in attribute certificate or as extension in a certificate
      */
-    public static final DERObjectIdentifier id_isismtt_at_admission = new DERObjectIdentifier(id_isismtt_at + ".3");
+    static final ASN1ObjectIdentifier id_isismtt_at_admission = id_isismtt_at.branch("3");
 
     /**
      * Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST
@@ -48,13 +48,13 @@
      * compatibility with certificates already in use, SigG conforming
      * components MUST support MonetaryLimit (as well as QcEuLimitValue).
      */
-    public static final DERObjectIdentifier id_isismtt_at_monetaryLimit = new DERObjectIdentifier(id_isismtt_at + ".4");
+    static final ASN1ObjectIdentifier id_isismtt_at_monetaryLimit = id_isismtt_at.branch("4");
 
     /**
      * A declaration of majority. May be used as attribute in attribute
      * certificate or as extension in a certificate
      */
-    public static final DERObjectIdentifier id_isismtt_at_declarationOfMajority = new DERObjectIdentifier(id_isismtt_at + ".5");
+    static final ASN1ObjectIdentifier id_isismtt_at_declarationOfMajority = id_isismtt_at.branch("5");
 
     /**
      * 
@@ -64,7 +64,7 @@
      *                 ICCSNSyntax ::= OCTET STRING (SIZE(8..20))
      * </pre>
      */
-    public static final DERObjectIdentifier id_isismtt_at_iCCSN = new DERObjectIdentifier(id_isismtt_at + ".6");
+    static final ASN1ObjectIdentifier id_isismtt_at_iCCSN = id_isismtt_at.branch("6");
 
     /**
      * 
@@ -75,7 +75,7 @@
      *      PKReferenceSyntax ::= OCTET STRING (SIZE(20))
      * </pre>
      */
-    public static final DERObjectIdentifier id_isismtt_at_PKReference = new DERObjectIdentifier(id_isismtt_at + ".7");
+    static final ASN1ObjectIdentifier id_isismtt_at_PKReference = id_isismtt_at.branch("7");
 
     /**
      * Some other restriction regarding the usage of this certificate. May be
@@ -88,7 +88,7 @@
      * 
      * @see org.bouncycastle.asn1.isismtt.x509.Restriction
      */
-    public static final DERObjectIdentifier id_isismtt_at_restriction = new DERObjectIdentifier(id_isismtt_at + ".8");
+    static final ASN1ObjectIdentifier id_isismtt_at_restriction = id_isismtt_at.branch("8");
 
     /**
      * 
@@ -104,7 +104,7 @@
      *       
      * </pre>
      */
-    public static final DERObjectIdentifier id_isismtt_at_retrieveIfAllowed = new DERObjectIdentifier(id_isismtt_at + ".9");
+    static final ASN1ObjectIdentifier id_isismtt_at_retrieveIfAllowed = id_isismtt_at.branch("9");
 
     /**
      * SingleOCSPResponse extension: The certificate requested by the client by
@@ -113,12 +113,12 @@
      * 
      * @see org.bouncycastle.asn1.isismtt.ocsp.RequestedCertificate
      */
-    public static final DERObjectIdentifier id_isismtt_at_requestedCertificate = new DERObjectIdentifier(id_isismtt_at + ".10");
+    static final ASN1ObjectIdentifier id_isismtt_at_requestedCertificate = id_isismtt_at.branch("10");
 
     /**
      * Base ObjectIdentifier for naming authorities
      */
-    public static final DERObjectIdentifier id_isismtt_at_namingAuthorities = new DERObjectIdentifier(id_isismtt_at + ".11");
+    static final ASN1ObjectIdentifier id_isismtt_at_namingAuthorities = id_isismtt_at.branch("11");
 
     /**
      * SingleOCSPResponse extension: Date, when certificate has been published
@@ -130,14 +130,14 @@
      *      CertInDirSince ::= GeneralizedTime
      * </pre>
      */
-    public static final DERObjectIdentifier id_isismtt_at_certInDirSince = new DERObjectIdentifier(id_isismtt_at + ".12");
+    static final ASN1ObjectIdentifier id_isismtt_at_certInDirSince = id_isismtt_at.branch("12");
 
     /**
      * Hash of a certificate in OCSP.
      * 
      * @see org.bouncycastle.asn1.isismtt.ocsp.CertHash
      */
-    public static final DERObjectIdentifier id_isismtt_at_certHash = new DERObjectIdentifier(id_isismtt_at + ".13");
+    static final ASN1ObjectIdentifier id_isismtt_at_certHash = id_isismtt_at.branch("13");
 
     /**
      * <pre>
@@ -147,7 +147,7 @@
      * Used in
      * {@link org.bouncycastle.asn1.x509.SubjectDirectoryAttributes SubjectDirectoryAttributes}
      */
-    public static final DERObjectIdentifier id_isismtt_at_nameAtBirth = new DERObjectIdentifier(id_isismtt_at + ".14");
+    static final ASN1ObjectIdentifier id_isismtt_at_nameAtBirth = id_isismtt_at.branch("14");
 
     /**
      * Some other information of non-restrictive nature regarding the usage of
@@ -160,7 +160,7 @@
      * 
      * @see org.bouncycastle.asn1.isismtt.x509.AdditionalInformationSyntax
      */
-    public static final DERObjectIdentifier id_isismtt_at_additionalInformation = new DERObjectIdentifier(id_isismtt_at + ".15");
+    static final ASN1ObjectIdentifier id_isismtt_at_additionalInformation = id_isismtt_at.branch("15");
 
     /**
      * Indicates that an attribute certificate exists, which limits the
@@ -176,5 +176,5 @@
      *                   LiabilityLimitationFlagSyntax ::= BOOLEAN
      * </pre>
      */
-    public static final DERObjectIdentifier id_isismtt_at_liabilityLimitationFlag = new DERObjectIdentifier("0.2.262.1.10.12.0");
+    static final ASN1ObjectIdentifier id_isismtt_at_liabilityLimitationFlag = new ASN1ObjectIdentifier("0.2.262.1.10.12.0");
 }
diff --git a/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
index 11a03d5..debf268 100644
--- a/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
@@ -1,6 +1,6 @@
 package org.bouncycastle.asn1.misc;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 public interface MiscObjectIdentifiers
 {
@@ -8,39 +8,40 @@
     // Netscape
     //       iso/itu(2) joint-assign(16) us(840) uscompany(1) netscape(113730) cert-extensions(1) }
     //
-    static final String                 netscape                = "2.16.840.1.113730.1";
-    static final DERObjectIdentifier    netscapeCertType        = new DERObjectIdentifier(netscape + ".1");
-    static final DERObjectIdentifier    netscapeBaseURL         = new DERObjectIdentifier(netscape + ".2");
-    static final DERObjectIdentifier    netscapeRevocationURL   = new DERObjectIdentifier(netscape + ".3");
-    static final DERObjectIdentifier    netscapeCARevocationURL = new DERObjectIdentifier(netscape + ".4");
-    static final DERObjectIdentifier    netscapeRenewalURL      = new DERObjectIdentifier(netscape + ".7");
-    static final DERObjectIdentifier    netscapeCApolicyURL     = new DERObjectIdentifier(netscape + ".8");
-    static final DERObjectIdentifier    netscapeSSLServerName   = new DERObjectIdentifier(netscape + ".12");
-    static final DERObjectIdentifier    netscapeCertComment     = new DERObjectIdentifier(netscape + ".13");
+    static final ASN1ObjectIdentifier    netscape                = new ASN1ObjectIdentifier("2.16.840.1.113730.1");
+    static final ASN1ObjectIdentifier    netscapeCertType        = netscape.branch("1");
+    static final ASN1ObjectIdentifier    netscapeBaseURL         = netscape.branch("2");
+    static final ASN1ObjectIdentifier    netscapeRevocationURL   = netscape.branch("3");
+    static final ASN1ObjectIdentifier    netscapeCARevocationURL = netscape.branch("4");
+    static final ASN1ObjectIdentifier    netscapeRenewalURL      = netscape.branch("7");
+    static final ASN1ObjectIdentifier    netscapeCApolicyURL     = netscape.branch("8");
+    static final ASN1ObjectIdentifier    netscapeSSLServerName   = netscape.branch("12");
+    static final ASN1ObjectIdentifier    netscapeCertComment     = netscape.branch("13");
+    
     //
     // Verisign
     //       iso/itu(2) joint-assign(16) us(840) uscompany(1) verisign(113733) cert-extensions(1) }
     //
-    static final String                 verisign                = "2.16.840.1.113733.1";
+    static final ASN1ObjectIdentifier   verisign                = new ASN1ObjectIdentifier("2.16.840.1.113733.1");
 
     //
     // CZAG - country, zip, age, and gender
     //
-    static final DERObjectIdentifier    verisignCzagExtension   = new DERObjectIdentifier(verisign + ".6.3");
+    static final ASN1ObjectIdentifier    verisignCzagExtension   = verisign.branch("6.3");
     // D&B D-U-N-S number
-    static final DERObjectIdentifier    verisignDnbDunsNumber   = new DERObjectIdentifier(verisign + ".6.15");
+    static final ASN1ObjectIdentifier    verisignDnbDunsNumber   = verisign.branch("6.15");
 
     //
     // Novell
     //       iso/itu(2) country(16) us(840) organization(1) novell(113719)
     //
-    static final String                 novell                  = "2.16.840.1.113719";
-    static final DERObjectIdentifier    novellSecurityAttribs   = new DERObjectIdentifier(novell + ".1.9.4.1");
+    static final ASN1ObjectIdentifier    novell                  = new ASN1ObjectIdentifier("2.16.840.1.113719");
+    static final ASN1ObjectIdentifier    novellSecurityAttribs   = novell.branch("1.9.4.1");
 
     //
     // Entrust
     //       iso(1) member-body(16) us(840) nortelnetworks(113533) entrust(7)
     //
-    static final String                 entrust                 = "1.2.840.113533.7";
-    static final DERObjectIdentifier    entrustVersionExtension = new DERObjectIdentifier(entrust + ".65.0");
+    static final ASN1ObjectIdentifier    entrust                 = new ASN1ObjectIdentifier("1.2.840.113533.7");
+    static final ASN1ObjectIdentifier    entrustVersionExtension = entrust.branch("65.0");
 }
diff --git a/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java b/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java
new file mode 100644
index 0000000..821e0d1
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java
@@ -0,0 +1,96 @@
+package org.bouncycastle.asn1.nist;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.util.Strings;
+
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+/**
+ * Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-2
+ */
+public class NISTNamedCurves
+{
+    static final Hashtable objIds = new Hashtable();
+    static final Hashtable names = new Hashtable();
+
+    static void defineCurve(String name, DERObjectIdentifier oid)
+    {
+        objIds.put(name, oid);
+        names.put(oid, name);
+    }
+
+    static
+    {
+        // TODO Missing the "K-" curves
+
+        defineCurve("B-571", SECObjectIdentifiers.sect571r1);
+        defineCurve("B-409", SECObjectIdentifiers.sect409r1);
+        defineCurve("B-283", SECObjectIdentifiers.sect283r1);
+        defineCurve("B-233", SECObjectIdentifiers.sect233r1);
+        defineCurve("B-163", SECObjectIdentifiers.sect163r2);
+        defineCurve("P-521", SECObjectIdentifiers.secp521r1);
+        defineCurve("P-384", SECObjectIdentifiers.secp384r1);
+        defineCurve("P-256", SECObjectIdentifiers.secp256r1);
+        defineCurve("P-224", SECObjectIdentifiers.secp224r1);
+        defineCurve("P-192", SECObjectIdentifiers.secp192r1);
+    }
+
+    public static X9ECParameters getByName(
+        String  name)
+    {
+        DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toUpperCase(name));
+
+        if (oid != null)
+        {
+            return getByOID(oid);
+        }
+
+        return null;
+    }
+
+    /**
+     * return the X9ECParameters object for the named curve represented by
+     * the passed in object identifier. Null if the curve isn't present.
+     *
+     * @param oid an object identifier representing a named curve, if present.
+     */
+    public static X9ECParameters getByOID(
+        DERObjectIdentifier  oid)
+    {
+        return SECNamedCurves.getByOID(oid);
+    }
+
+    /**
+     * return the object identifier signified by the passed in name. Null
+     * if there is no object identifier associated with name.
+     *
+     * @return the object identifier associated with name, if present.
+     */
+    public static DERObjectIdentifier getOID(
+        String  name)
+    {
+        return (DERObjectIdentifier)objIds.get(Strings.toUpperCase(name));
+    }
+
+    /**
+     * return the named curve name represented by the given object identifier.
+     */
+    public static String getName(
+        DERObjectIdentifier  oid)
+    {
+        return (String)names.get(oid);
+    }
+
+    /**
+     * returns an enumeration containing the name strings for curves
+     * contained in this structure.
+     */
+    public static Enumeration getNames()
+    {
+        return objIds.keys();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java
index a89d96d..258f269 100644
--- a/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java
@@ -1,6 +1,6 @@
 package org.bouncycastle.asn1.nist;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 public interface NISTObjectIdentifiers
 {
@@ -11,46 +11,46 @@
     //
     // nistalgorithms(4)
     //
-    static final String                 nistAlgorithm          = "2.16.840.1.101.3.4";
+    static final ASN1ObjectIdentifier    nistAlgorithm          = new ASN1ObjectIdentifier("2.16.840.1.101.3.4");
 
-    static final DERObjectIdentifier    id_sha256               = new DERObjectIdentifier(nistAlgorithm + ".2.1");
-    static final DERObjectIdentifier    id_sha384               = new DERObjectIdentifier(nistAlgorithm + ".2.2");
-    static final DERObjectIdentifier    id_sha512               = new DERObjectIdentifier(nistAlgorithm + ".2.3");
-    static final DERObjectIdentifier    id_sha224               = new DERObjectIdentifier(nistAlgorithm + ".2.4");
+    static final ASN1ObjectIdentifier    id_sha256               = nistAlgorithm.branch("2.1");
+    static final ASN1ObjectIdentifier    id_sha384               = nistAlgorithm.branch("2.2");
+    static final ASN1ObjectIdentifier    id_sha512               = nistAlgorithm.branch("2.3");
+    static final ASN1ObjectIdentifier    id_sha224               = nistAlgorithm.branch("2.4");
     
-    static final String                 aes                     = nistAlgorithm + ".1";
+    static final ASN1ObjectIdentifier    aes                     =  nistAlgorithm.branch("1");
     
-    static final DERObjectIdentifier    id_aes128_ECB           = new DERObjectIdentifier(aes + ".1"); 
-    static final DERObjectIdentifier    id_aes128_CBC           = new DERObjectIdentifier(aes + ".2");
-    static final DERObjectIdentifier    id_aes128_OFB           = new DERObjectIdentifier(aes + ".3"); 
-    static final DERObjectIdentifier    id_aes128_CFB           = new DERObjectIdentifier(aes + ".4"); 
-    static final DERObjectIdentifier    id_aes128_wrap          = new DERObjectIdentifier(aes + ".5");
-    static final DERObjectIdentifier    id_aes128_GCM           = new DERObjectIdentifier(aes + ".6");
-    static final DERObjectIdentifier    id_aes128_CCM           = new DERObjectIdentifier(aes + ".7");
+    static final ASN1ObjectIdentifier    id_aes128_ECB           = aes.branch("1"); 
+    static final ASN1ObjectIdentifier    id_aes128_CBC           = aes.branch("2");
+    static final ASN1ObjectIdentifier    id_aes128_OFB           = aes.branch("3"); 
+    static final ASN1ObjectIdentifier    id_aes128_CFB           = aes.branch("4"); 
+    static final ASN1ObjectIdentifier    id_aes128_wrap          = aes.branch("5");
+    static final ASN1ObjectIdentifier    id_aes128_GCM           = aes.branch("6");
+    static final ASN1ObjectIdentifier    id_aes128_CCM           = aes.branch("7");
     
-    static final DERObjectIdentifier    id_aes192_ECB           = new DERObjectIdentifier(aes + ".21"); 
-    static final DERObjectIdentifier    id_aes192_CBC           = new DERObjectIdentifier(aes + ".22"); 
-    static final DERObjectIdentifier    id_aes192_OFB           = new DERObjectIdentifier(aes + ".23"); 
-    static final DERObjectIdentifier    id_aes192_CFB           = new DERObjectIdentifier(aes + ".24"); 
-    static final DERObjectIdentifier    id_aes192_wrap          = new DERObjectIdentifier(aes + ".25");
-    static final DERObjectIdentifier    id_aes192_GCM           = new DERObjectIdentifier(aes + ".26");
-    static final DERObjectIdentifier    id_aes192_CCM           = new DERObjectIdentifier(aes + ".27");
+    static final ASN1ObjectIdentifier    id_aes192_ECB           = aes.branch("21"); 
+    static final ASN1ObjectIdentifier    id_aes192_CBC           = aes.branch("22"); 
+    static final ASN1ObjectIdentifier    id_aes192_OFB           = aes.branch("23"); 
+    static final ASN1ObjectIdentifier    id_aes192_CFB           = aes.branch("24"); 
+    static final ASN1ObjectIdentifier    id_aes192_wrap          = aes.branch("25");
+    static final ASN1ObjectIdentifier    id_aes192_GCM           = aes.branch("26");
+    static final ASN1ObjectIdentifier    id_aes192_CCM           = aes.branch("27");
     
-    static final DERObjectIdentifier    id_aes256_ECB           = new DERObjectIdentifier(aes + ".41"); 
-    static final DERObjectIdentifier    id_aes256_CBC           = new DERObjectIdentifier(aes + ".42");
-    static final DERObjectIdentifier    id_aes256_OFB           = new DERObjectIdentifier(aes + ".43"); 
-    static final DERObjectIdentifier    id_aes256_CFB           = new DERObjectIdentifier(aes + ".44"); 
-    static final DERObjectIdentifier    id_aes256_wrap          = new DERObjectIdentifier(aes + ".45"); 
-    static final DERObjectIdentifier    id_aes256_GCM           = new DERObjectIdentifier(aes + ".46");
-    static final DERObjectIdentifier    id_aes256_CCM           = new DERObjectIdentifier(aes + ".47");
+    static final ASN1ObjectIdentifier    id_aes256_ECB           = aes.branch("41"); 
+    static final ASN1ObjectIdentifier    id_aes256_CBC           = aes.branch("42");
+    static final ASN1ObjectIdentifier    id_aes256_OFB           = aes.branch("43"); 
+    static final ASN1ObjectIdentifier    id_aes256_CFB           = aes.branch("44"); 
+    static final ASN1ObjectIdentifier    id_aes256_wrap          = aes.branch("45"); 
+    static final ASN1ObjectIdentifier    id_aes256_GCM           = aes.branch("46");
+    static final ASN1ObjectIdentifier    id_aes256_CCM           = aes.branch("47");
 
     //
     // signatures
     //
-    static final DERObjectIdentifier    id_dsa_with_sha2        = new DERObjectIdentifier(nistAlgorithm + ".3"); 
+    static final ASN1ObjectIdentifier    id_dsa_with_sha2        = nistAlgorithm.branch("3");
 
-    static final DERObjectIdentifier    dsa_with_sha224         = new DERObjectIdentifier(id_dsa_with_sha2 + ".1"); 
-    static final DERObjectIdentifier    dsa_with_sha256         = new DERObjectIdentifier(id_dsa_with_sha2 + ".2");
-    static final DERObjectIdentifier    dsa_with_sha384         = new DERObjectIdentifier(id_dsa_with_sha2 + ".3");
-    static final DERObjectIdentifier    dsa_with_sha512         = new DERObjectIdentifier(id_dsa_with_sha2 + ".4"); 
+    static final ASN1ObjectIdentifier    dsa_with_sha224         = id_dsa_with_sha2.branch("1");
+    static final ASN1ObjectIdentifier    dsa_with_sha256         = id_dsa_with_sha2.branch("2");
+    static final ASN1ObjectIdentifier    dsa_with_sha384         = id_dsa_with_sha2.branch("3");
+    static final ASN1ObjectIdentifier    dsa_with_sha512         = id_dsa_with_sha2.branch("4");
 }
diff --git a/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java
index d9690ec..c8ce26b 100644
--- a/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java
@@ -1,31 +1,31 @@
 package org.bouncycastle.asn1.oiw;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 public interface OIWObjectIdentifiers
 {
     // id-SHA1 OBJECT IDENTIFIER ::=    
     //   {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 }    //
-    static final DERObjectIdentifier    md4WithRSA              = new DERObjectIdentifier("1.3.14.3.2.2");
-    static final DERObjectIdentifier    md5WithRSA              = new DERObjectIdentifier("1.3.14.3.2.3");
-    static final DERObjectIdentifier    md4WithRSAEncryption    = new DERObjectIdentifier("1.3.14.3.2.4");
+    static final ASN1ObjectIdentifier    md4WithRSA              = new ASN1ObjectIdentifier("1.3.14.3.2.2");
+    static final ASN1ObjectIdentifier    md5WithRSA              = new ASN1ObjectIdentifier("1.3.14.3.2.3");
+    static final ASN1ObjectIdentifier    md4WithRSAEncryption    = new ASN1ObjectIdentifier("1.3.14.3.2.4");
     
-    static final DERObjectIdentifier    desECB                  = new DERObjectIdentifier("1.3.14.3.2.6");
-    static final DERObjectIdentifier    desCBC                  = new DERObjectIdentifier("1.3.14.3.2.7");
-    static final DERObjectIdentifier    desOFB                  = new DERObjectIdentifier("1.3.14.3.2.8");
-    static final DERObjectIdentifier    desCFB                  = new DERObjectIdentifier("1.3.14.3.2.9");
+    static final ASN1ObjectIdentifier    desECB                  = new ASN1ObjectIdentifier("1.3.14.3.2.6");
+    static final ASN1ObjectIdentifier    desCBC                  = new ASN1ObjectIdentifier("1.3.14.3.2.7");
+    static final ASN1ObjectIdentifier    desOFB                  = new ASN1ObjectIdentifier("1.3.14.3.2.8");
+    static final ASN1ObjectIdentifier    desCFB                  = new ASN1ObjectIdentifier("1.3.14.3.2.9");
 
-    static final DERObjectIdentifier    desEDE                  = new DERObjectIdentifier("1.3.14.3.2.17");
+    static final ASN1ObjectIdentifier    desEDE                  = new ASN1ObjectIdentifier("1.3.14.3.2.17");
     
-    static final DERObjectIdentifier    idSHA1                  = new DERObjectIdentifier("1.3.14.3.2.26");
+    static final ASN1ObjectIdentifier    idSHA1                  = new ASN1ObjectIdentifier("1.3.14.3.2.26");
 
-    static final DERObjectIdentifier    dsaWithSHA1             = new DERObjectIdentifier("1.3.14.3.2.27");
+    static final ASN1ObjectIdentifier    dsaWithSHA1             = new ASN1ObjectIdentifier("1.3.14.3.2.27");
 
-    static final DERObjectIdentifier    sha1WithRSA             = new DERObjectIdentifier("1.3.14.3.2.29");
+    static final ASN1ObjectIdentifier    sha1WithRSA             = new ASN1ObjectIdentifier("1.3.14.3.2.29");
     
     // ElGamal Algorithm OBJECT IDENTIFIER ::=    
     // {iso(1) identified-organization(3) oiw(14) dirservsig(7) algorithm(2) encryption(1) 1 }
     //
-    static final DERObjectIdentifier    elGamalAlgorithm        = new DERObjectIdentifier("1.3.14.7.2.1.1");
+    static final ASN1ObjectIdentifier    elGamalAlgorithm        = new ASN1ObjectIdentifier("1.3.14.7.2.1.1");
 
 }
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java
index 23772ce..73c2e94 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java
@@ -32,12 +32,12 @@
             return (CertificationRequest)o;
         }
 
-        if (o instanceof ASN1Sequence)
+        if (o != null)
         {
-            return new CertificationRequest((ASN1Sequence)o);
+            return new CertificationRequest(ASN1Sequence.getInstance(o));
         }
 
-        throw new IllegalArgumentException("Invalid object: " + o.getClass().getName());
+        return null;
     }
 
     protected CertificationRequest()
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
index 4b737ea..bf3b0a8 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
@@ -8,6 +8,7 @@
 import org.bouncycastle.asn1.DERObject;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509Name;
 
@@ -53,6 +54,21 @@
     }
 
     public CertificationRequestInfo(
+        X500Name subject,
+        SubjectPublicKeyInfo    pkInfo,
+        ASN1Set                 attributes)
+    {
+        this.subject = X509Name.getInstance(subject.getDERObject());
+        this.subjectPKInfo = pkInfo;
+        this.attributes = attributes;
+
+        if ((subject == null) || (version == null) || (subjectPKInfo == null))
+        {
+            throw new IllegalArgumentException("Not all mandatory fields set in CertificationRequestInfo generator.");
+        }
+    }
+
+    public CertificationRequestInfo(
         X509Name                subject,
         SubjectPublicKeyInfo    pkInfo,
         ASN1Set                 attributes)
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java
index 75b81b4..7fa8e08 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java
@@ -1,6 +1,16 @@
 package org.bouncycastle.asn1.pkcs;
 
-import org.bouncycastle.asn1.*;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.BERSequence;
+import org.bouncycastle.asn1.BERTaggedObject;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 
 /**
@@ -86,7 +96,7 @@
         {
             DERTaggedObject o = (DERTaggedObject)data.getObjectAt(2);
 
-            return ASN1OctetString.getInstance(o.getObject());
+            return ASN1OctetString.getInstance(o, false);
         }
 
         return null;
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
index 77c4b04..0ca629a 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
@@ -37,10 +37,13 @@
     public static EncryptedPrivateKeyInfo getInstance(
         Object  obj)
     {
-        if (obj instanceof EncryptedData)
+        // BEGIN android-changed
+        //     fix copy and paste error in instanceof call
+        if (obj instanceof EncryptedPrivateKeyInfo)
         {
             return (EncryptedPrivateKeyInfo)obj;
         }
+        // END android-changed
         else if (obj instanceof ASN1Sequence)
         { 
             return new EncryptedPrivateKeyInfo((ASN1Sequence)obj);
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
index eb9b326..8f06c23 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java
@@ -2,36 +2,53 @@
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEREncodable;
 import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 
 public class EncryptionScheme
     extends AlgorithmIdentifier
-{   
-    DERObject   objectId;
-    DERObject   obj;
+{
+    public EncryptionScheme(
+        DERObjectIdentifier objectId,
+        DEREncodable parameters)
+    {
+        super(objectId, parameters);
+    }
 
     EncryptionScheme(
         ASN1Sequence  seq)
     {   
-        super(seq);
-        
-        objectId = (DERObject)seq.getObjectAt(0);
-        obj = (DERObject)seq.getObjectAt(1);
+        this((DERObjectIdentifier)seq.getObjectAt(0), seq.getObjectAt(1));
+    }
+
+    public static final AlgorithmIdentifier getInstance(Object obj)
+    {
+        if (obj instanceof EncryptionScheme)
+        {
+            return (EncryptionScheme)obj;
+        }
+        else if (obj instanceof ASN1Sequence)
+        {
+            return new EncryptionScheme((ASN1Sequence)obj);
+        }
+
+        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
     }
 
     public DERObject getObject()
     {
-        return obj;
+        return (DERObject)getParameters();
     }
 
     public DERObject getDERObject()
     {
         ASN1EncodableVector  v = new ASN1EncodableVector();
 
-        v.add(objectId);
-        v.add(obj);
+        v.add(getObjectId());
+        v.add(getParameters());
 
         return new DERSequence(v);
     }
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java b/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
index 50c9ef2..08dd94f 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java
@@ -14,7 +14,7 @@
         super(seq);
     }
     
-    KeyDerivationFunc(
+    public KeyDerivationFunc(
         DERObjectIdentifier id,
         ASN1Encodable       params)
     {
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java b/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java
new file mode 100644
index 0000000..f24cd9a
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/PBEParameter.java
@@ -0,0 +1,73 @@
+package org.bouncycastle.asn1.pkcs;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
+
+public class PBEParameter
+    extends ASN1Encodable
+{
+    DERInteger      iterations;
+    ASN1OctetString salt;
+
+    public PBEParameter(
+        byte[]      salt,
+        int         iterations)
+    {
+        if (salt.length != 8)
+        {
+            throw new IllegalArgumentException("salt length must be 8");
+        }
+        this.salt = new DEROctetString(salt);
+        this.iterations = new DERInteger(iterations);
+    }
+
+    public PBEParameter(
+        ASN1Sequence  seq)
+    {
+        salt = (ASN1OctetString)seq.getObjectAt(0);
+        iterations = (DERInteger)seq.getObjectAt(1);
+    }
+
+    public static PBEParameter getInstance(
+        Object  obj)
+    {
+        if (obj instanceof PBEParameter)
+        {
+            return (PBEParameter)obj;
+        }
+        else if (obj instanceof ASN1Sequence)
+        {
+            return new PBEParameter((ASN1Sequence)obj);
+        }
+
+        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+    }
+
+    public BigInteger getIterationCount()
+    {
+        return iterations.getValue();
+    }
+
+    public byte[] getSalt()
+    {
+        return salt.getOctets();
+    }
+
+    public DERObject toASN1Object()
+    {
+        ASN1EncodableVector  v = new ASN1EncodableVector();
+
+        v.add(salt);
+        v.add(iterations);
+
+        return new DERSequence(v);
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java b/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java
index 57c773c..c96d169 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java
@@ -5,6 +5,7 @@
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEREncodable;
 import org.bouncycastle.asn1.DERObject;
 import org.bouncycastle.asn1.DERSequence;
 
@@ -15,11 +16,27 @@
     private KeyDerivationFunc   func;
     private EncryptionScheme    scheme;
 
+    public static PBES2Parameters getInstance(
+        Object  obj)
+    {
+        if (obj== null || obj instanceof PBES2Parameters)
+        {
+            return (PBES2Parameters)obj;
+        }
+
+        if (obj instanceof ASN1Sequence)
+        {
+            return new PBES2Parameters((ASN1Sequence)obj);
+        }
+
+        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+    }
+
     public PBES2Parameters(
         ASN1Sequence  obj)
     {
         Enumeration e = obj.getObjects();
-        ASN1Sequence  funcSeq = (ASN1Sequence)e.nextElement();
+        ASN1Sequence  funcSeq = ASN1Sequence.getInstance(((DEREncodable)e.nextElement()).getDERObject());
 
         if (funcSeq.getObjectAt(0).equals(id_PBKDF2))
         {
@@ -30,7 +47,7 @@
             func = new KeyDerivationFunc(funcSeq);
         }
 
-        scheme = new EncryptionScheme((ASN1Sequence)e.nextElement());
+        scheme = (EncryptionScheme)EncryptionScheme.getInstance(e.nextElement());
     }
 
     public KeyDerivationFunc getKeyDerivationFunc()
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
index a49b0b3..7bec34b 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
@@ -1,6 +1,6 @@
 package org.bouncycastle.asn1.pkcs;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 public interface PKCSObjectIdentifiers
 {
@@ -8,213 +8,221 @@
     // pkcs-1 OBJECT IDENTIFIER ::= {
     //       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
     //
-    static final String                 pkcs_1                    = "1.2.840.113549.1.1";
-    static final DERObjectIdentifier    rsaEncryption             = new DERObjectIdentifier(pkcs_1 + ".1");
+    static final ASN1ObjectIdentifier    pkcs_1                    = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
+    static final ASN1ObjectIdentifier    rsaEncryption             = pkcs_1.branch("1");
     // BEGIN android-removed
-    // Dropping MD2
-    // static final DERObjectIdentifier    md2WithRSAEncryption      = new DERObjectIdentifier(pkcs_1 + ".2");
+    // static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
+    // static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
     // END android-removed
-    static final DERObjectIdentifier    md4WithRSAEncryption      = new DERObjectIdentifier(pkcs_1 + ".3");
-    static final DERObjectIdentifier    md5WithRSAEncryption      = new DERObjectIdentifier(pkcs_1 + ".4");
-    static final DERObjectIdentifier    sha1WithRSAEncryption     = new DERObjectIdentifier(pkcs_1 + ".5");
-    static final DERObjectIdentifier    srsaOAEPEncryptionSET     = new DERObjectIdentifier(pkcs_1 + ".6");
-    static final DERObjectIdentifier    id_RSAES_OAEP             = new DERObjectIdentifier(pkcs_1 + ".7");
-    static final DERObjectIdentifier    id_mgf1                   = new DERObjectIdentifier(pkcs_1 + ".8");
-    static final DERObjectIdentifier    id_pSpecified             = new DERObjectIdentifier(pkcs_1 + ".9");
-    static final DERObjectIdentifier    id_RSASSA_PSS             = new DERObjectIdentifier(pkcs_1 + ".10");
-    static final DERObjectIdentifier    sha256WithRSAEncryption   = new DERObjectIdentifier(pkcs_1 + ".11");
-    static final DERObjectIdentifier    sha384WithRSAEncryption   = new DERObjectIdentifier(pkcs_1 + ".12");
-    static final DERObjectIdentifier    sha512WithRSAEncryption   = new DERObjectIdentifier(pkcs_1 + ".13");
-    static final DERObjectIdentifier    sha224WithRSAEncryption   = new DERObjectIdentifier(pkcs_1 + ".14");
+    static final ASN1ObjectIdentifier    md5WithRSAEncryption      = pkcs_1.branch("4");
+    static final ASN1ObjectIdentifier    sha1WithRSAEncryption     = pkcs_1.branch("5");
+    static final ASN1ObjectIdentifier    srsaOAEPEncryptionSET     = pkcs_1.branch("6");
+    static final ASN1ObjectIdentifier    id_RSAES_OAEP             = pkcs_1.branch("7");
+    static final ASN1ObjectIdentifier    id_mgf1                   = pkcs_1.branch("8");
+    static final ASN1ObjectIdentifier    id_pSpecified             = pkcs_1.branch("9");
+    static final ASN1ObjectIdentifier    id_RSASSA_PSS             = pkcs_1.branch("10");
+    static final ASN1ObjectIdentifier    sha256WithRSAEncryption   = pkcs_1.branch("11");
+    static final ASN1ObjectIdentifier    sha384WithRSAEncryption   = pkcs_1.branch("12");
+    static final ASN1ObjectIdentifier    sha512WithRSAEncryption   = pkcs_1.branch("13");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    sha224WithRSAEncryption   = pkcs_1.branch("14");
+    // END android-removed
 
     //
     // pkcs-3 OBJECT IDENTIFIER ::= {
     //       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 3 }
     //
-    static final String                 pkcs_3                  = "1.2.840.113549.1.3";
-    static final DERObjectIdentifier    dhKeyAgreement          = new DERObjectIdentifier(pkcs_3 + ".1");
+    static final ASN1ObjectIdentifier    pkcs_3                  = new ASN1ObjectIdentifier("1.2.840.113549.1.3");
+    static final ASN1ObjectIdentifier    dhKeyAgreement          = pkcs_3.branch("1");
 
     //
     // pkcs-5 OBJECT IDENTIFIER ::= {
     //       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 }
     //
-    static final String                 pkcs_5                  = "1.2.840.113549.1.5";
+    static final ASN1ObjectIdentifier    pkcs_5                  = new ASN1ObjectIdentifier("1.2.840.113549.1.5");
 
-    static final DERObjectIdentifier    pbeWithMD2AndDES_CBC    = new DERObjectIdentifier(pkcs_5 + ".1");
-    static final DERObjectIdentifier    pbeWithMD2AndRC2_CBC    = new DERObjectIdentifier(pkcs_5 + ".4");
-    static final DERObjectIdentifier    pbeWithMD5AndDES_CBC    = new DERObjectIdentifier(pkcs_5 + ".3");
-    static final DERObjectIdentifier    pbeWithMD5AndRC2_CBC    = new DERObjectIdentifier(pkcs_5 + ".6");
-    static final DERObjectIdentifier    pbeWithSHA1AndDES_CBC   = new DERObjectIdentifier(pkcs_5 + ".10");
-    static final DERObjectIdentifier    pbeWithSHA1AndRC2_CBC   = new DERObjectIdentifier(pkcs_5 + ".11");
+    static final ASN1ObjectIdentifier    pbeWithMD2AndDES_CBC    = pkcs_5.branch("1");
+    static final ASN1ObjectIdentifier    pbeWithMD2AndRC2_CBC    = pkcs_5.branch("4");
+    static final ASN1ObjectIdentifier    pbeWithMD5AndDES_CBC    = pkcs_5.branch("3");
+    static final ASN1ObjectIdentifier    pbeWithMD5AndRC2_CBC    = pkcs_5.branch("6");
+    static final ASN1ObjectIdentifier    pbeWithSHA1AndDES_CBC   = pkcs_5.branch("10");
+    static final ASN1ObjectIdentifier    pbeWithSHA1AndRC2_CBC   = pkcs_5.branch("11");
 
-    static final DERObjectIdentifier    id_PBES2                = new DERObjectIdentifier(pkcs_5 + ".13");
+    static final ASN1ObjectIdentifier    id_PBES2                = pkcs_5.branch("13");
 
-    static final DERObjectIdentifier    id_PBKDF2               = new DERObjectIdentifier(pkcs_5 + ".12");
+    static final ASN1ObjectIdentifier    id_PBKDF2               = pkcs_5.branch("12");
 
     //
     // encryptionAlgorithm OBJECT IDENTIFIER ::= {
     //       iso(1) member-body(2) us(840) rsadsi(113549) 3 }
     //
-    static final String                 encryptionAlgorithm     = "1.2.840.113549.3";
+    static final ASN1ObjectIdentifier    encryptionAlgorithm     = new ASN1ObjectIdentifier("1.2.840.113549.3");
 
-    static final DERObjectIdentifier    des_EDE3_CBC            = new DERObjectIdentifier(encryptionAlgorithm + ".7");
-    static final DERObjectIdentifier    RC2_CBC                 = new DERObjectIdentifier(encryptionAlgorithm + ".2");
+    static final ASN1ObjectIdentifier    des_EDE3_CBC            = encryptionAlgorithm.branch("7");
+    static final ASN1ObjectIdentifier    RC2_CBC                 = encryptionAlgorithm.branch("2");
 
     //
     // object identifiers for digests
     //
-    static final String                 digestAlgorithm     = "1.2.840.113549.2";
+    static final ASN1ObjectIdentifier    digestAlgorithm        = new ASN1ObjectIdentifier("1.2.840.113549.2");
     //
     // md2 OBJECT IDENTIFIER ::=
     //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2}
     //
     // BEGIN android-removed
-    // Dropping MD2
-    // static final DERObjectIdentifier    md2                     = new DERObjectIdentifier(digestAlgorithm + ".2");
+    // static final ASN1ObjectIdentifier    md2                    = digestAlgorithm.branch("2");
     // END android-removed
 
     //
     // md4 OBJECT IDENTIFIER ::=
     //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4}
     //
-    static final DERObjectIdentifier    md4 = new DERObjectIdentifier(digestAlgorithm + ".4");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    md4 = digestAlgorithm.branch("4");
+    // END android-removed
 
     //
     // md5 OBJECT IDENTIFIER ::=
     //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 5}
     //
-    static final DERObjectIdentifier    md5                     = new DERObjectIdentifier(digestAlgorithm + ".5");
+    static final ASN1ObjectIdentifier    md5                     = digestAlgorithm.branch("5");
 
-    static final DERObjectIdentifier    id_hmacWithSHA1         = new DERObjectIdentifier(digestAlgorithm + ".7");
-    static final DERObjectIdentifier    id_hmacWithSHA224       = new DERObjectIdentifier(digestAlgorithm + ".8");
-    static final DERObjectIdentifier    id_hmacWithSHA256       = new DERObjectIdentifier(digestAlgorithm + ".9");
-    static final DERObjectIdentifier    id_hmacWithSHA384       = new DERObjectIdentifier(digestAlgorithm + ".10");
-    static final DERObjectIdentifier    id_hmacWithSHA512       = new DERObjectIdentifier(digestAlgorithm + ".11");
+    static final ASN1ObjectIdentifier    id_hmacWithSHA1         = digestAlgorithm.branch("7");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    id_hmacWithSHA224       = digestAlgorithm.branch("8");
+    // END android-removed
+    static final ASN1ObjectIdentifier    id_hmacWithSHA256       = digestAlgorithm.branch("9");
+    static final ASN1ObjectIdentifier    id_hmacWithSHA384       = digestAlgorithm.branch("10");
+    static final ASN1ObjectIdentifier    id_hmacWithSHA512       = digestAlgorithm.branch("11");
 
     //
     // pkcs-7 OBJECT IDENTIFIER ::= {
     //       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 }
     //
     static final String                 pkcs_7                  = "1.2.840.113549.1.7";
-    static final DERObjectIdentifier    data                    = new DERObjectIdentifier(pkcs_7 + ".1");
-    static final DERObjectIdentifier    signedData              = new DERObjectIdentifier(pkcs_7 + ".2");
-    static final DERObjectIdentifier    envelopedData           = new DERObjectIdentifier(pkcs_7 + ".3");
-    static final DERObjectIdentifier    signedAndEnvelopedData  = new DERObjectIdentifier(pkcs_7 + ".4");
-    static final DERObjectIdentifier    digestedData            = new DERObjectIdentifier(pkcs_7 + ".5");
-    static final DERObjectIdentifier    encryptedData           = new DERObjectIdentifier(pkcs_7 + ".6");
+    static final ASN1ObjectIdentifier    data                    = new ASN1ObjectIdentifier(pkcs_7 + ".1");
+    static final ASN1ObjectIdentifier    signedData              = new ASN1ObjectIdentifier(pkcs_7 + ".2");
+    static final ASN1ObjectIdentifier    envelopedData           = new ASN1ObjectIdentifier(pkcs_7 + ".3");
+    static final ASN1ObjectIdentifier    signedAndEnvelopedData  = new ASN1ObjectIdentifier(pkcs_7 + ".4");
+    static final ASN1ObjectIdentifier    digestedData            = new ASN1ObjectIdentifier(pkcs_7 + ".5");
+    static final ASN1ObjectIdentifier    encryptedData           = new ASN1ObjectIdentifier(pkcs_7 + ".6");
 
     //
     // pkcs-9 OBJECT IDENTIFIER ::= {
     //       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
     //
-    static final String                 pkcs_9                  = "1.2.840.113549.1.9";
+    static final ASN1ObjectIdentifier    pkcs_9                  = new ASN1ObjectIdentifier("1.2.840.113549.1.9");
 
-    static final DERObjectIdentifier    pkcs_9_at_emailAddress  = new DERObjectIdentifier(pkcs_9 + ".1");
-    static final DERObjectIdentifier    pkcs_9_at_unstructuredName = new DERObjectIdentifier(pkcs_9 + ".2");
-    static final DERObjectIdentifier    pkcs_9_at_contentType = new DERObjectIdentifier(pkcs_9 + ".3");
-    static final DERObjectIdentifier    pkcs_9_at_messageDigest = new DERObjectIdentifier(pkcs_9 + ".4");
-    static final DERObjectIdentifier    pkcs_9_at_signingTime = new DERObjectIdentifier(pkcs_9 + ".5");
-    static final DERObjectIdentifier    pkcs_9_at_counterSignature = new DERObjectIdentifier(pkcs_9 + ".6");
-    static final DERObjectIdentifier    pkcs_9_at_challengePassword = new DERObjectIdentifier(pkcs_9 + ".7");
-    static final DERObjectIdentifier    pkcs_9_at_unstructuredAddress = new DERObjectIdentifier(pkcs_9 + ".8");
-    static final DERObjectIdentifier    pkcs_9_at_extendedCertificateAttributes = new DERObjectIdentifier(pkcs_9 + ".9");
+    static final ASN1ObjectIdentifier    pkcs_9_at_emailAddress  = pkcs_9.branch("1");
+    static final ASN1ObjectIdentifier    pkcs_9_at_unstructuredName = pkcs_9.branch("2");
+    static final ASN1ObjectIdentifier    pkcs_9_at_contentType = pkcs_9.branch("3");
+    static final ASN1ObjectIdentifier    pkcs_9_at_messageDigest = pkcs_9.branch("4");
+    static final ASN1ObjectIdentifier    pkcs_9_at_signingTime = pkcs_9.branch("5");
+    static final ASN1ObjectIdentifier    pkcs_9_at_counterSignature = pkcs_9.branch("6");
+    static final ASN1ObjectIdentifier    pkcs_9_at_challengePassword = pkcs_9.branch("7");
+    static final ASN1ObjectIdentifier    pkcs_9_at_unstructuredAddress = pkcs_9.branch("8");
+    static final ASN1ObjectIdentifier    pkcs_9_at_extendedCertificateAttributes = pkcs_9.branch("9");
 
-    static final DERObjectIdentifier    pkcs_9_at_signingDescription = new DERObjectIdentifier(pkcs_9 + ".13");
-    static final DERObjectIdentifier    pkcs_9_at_extensionRequest = new DERObjectIdentifier(pkcs_9 + ".14");
-    static final DERObjectIdentifier    pkcs_9_at_smimeCapabilities = new DERObjectIdentifier(pkcs_9 + ".15");
+    static final ASN1ObjectIdentifier    pkcs_9_at_signingDescription = pkcs_9.branch("13");
+    static final ASN1ObjectIdentifier    pkcs_9_at_extensionRequest = pkcs_9.branch("14");
+    static final ASN1ObjectIdentifier    pkcs_9_at_smimeCapabilities = pkcs_9.branch("15");
 
-    static final DERObjectIdentifier    pkcs_9_at_friendlyName  = new DERObjectIdentifier(pkcs_9 + ".20");
-    static final DERObjectIdentifier    pkcs_9_at_localKeyId    = new DERObjectIdentifier(pkcs_9 + ".21");
+    static final ASN1ObjectIdentifier    pkcs_9_at_friendlyName  = pkcs_9.branch("20");
+    static final ASN1ObjectIdentifier    pkcs_9_at_localKeyId    = pkcs_9.branch("21");
 
     /** @deprecated use x509Certificate instead */
-    static final DERObjectIdentifier    x509certType            = new DERObjectIdentifier(pkcs_9 + ".22.1");
+    static final ASN1ObjectIdentifier    x509certType            = pkcs_9.branch("22.1");
 
-    static final String                 certTypes               = pkcs_9 + ".22";
-    static final DERObjectIdentifier    x509Certificate         = new DERObjectIdentifier(certTypes + ".1");
-    static final DERObjectIdentifier    sdsiCertificate         = new DERObjectIdentifier(certTypes + ".2");
+    static final ASN1ObjectIdentifier    certTypes               = pkcs_9.branch("22");
+    static final ASN1ObjectIdentifier    x509Certificate         = certTypes.branch("1");
+    static final ASN1ObjectIdentifier    sdsiCertificate         = certTypes.branch("2");
 
-    static final String                 crlTypes                = pkcs_9 + ".23";
-    static final DERObjectIdentifier    x509Crl                 = new DERObjectIdentifier(crlTypes + ".1");
+    static final ASN1ObjectIdentifier    crlTypes                = pkcs_9.branch("23");
+    static final ASN1ObjectIdentifier    x509Crl                 = crlTypes.branch("1");
 
-    static final DERObjectIdentifier    id_alg_PWRI_KEK    = new DERObjectIdentifier(pkcs_9 + ".16.3.9");
+    static final ASN1ObjectIdentifier    id_alg_PWRI_KEK    = pkcs_9.branch("16.3.9");
 
     //
     // SMIME capability sub oids.
     //
-    static final DERObjectIdentifier    preferSignedData        = new DERObjectIdentifier(pkcs_9 + ".15.1");
-    static final DERObjectIdentifier    canNotDecryptAny        = new DERObjectIdentifier(pkcs_9 + ".15.2");
-    static final DERObjectIdentifier    sMIMECapabilitiesVersions = new DERObjectIdentifier(pkcs_9 + ".15.3");
+    static final ASN1ObjectIdentifier    preferSignedData        = pkcs_9.branch("15.1");
+    static final ASN1ObjectIdentifier    canNotDecryptAny        = pkcs_9.branch("15.2");
+    static final ASN1ObjectIdentifier    sMIMECapabilitiesVersions = pkcs_9.branch("15.3");
 
     //
     // id-ct OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840)
     // rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1)}
     //
-    static String id_ct = "1.2.840.113549.1.9.16.1";
+    static final ASN1ObjectIdentifier    id_ct = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.1");
 
-    static final DERObjectIdentifier    id_ct_authData          = new DERObjectIdentifier(id_ct + ".2");
-    static final DERObjectIdentifier    id_ct_TSTInfo           = new DERObjectIdentifier(id_ct + ".4");
-    static final DERObjectIdentifier    id_ct_compressedData    = new DERObjectIdentifier(id_ct + ".9");
-    static final DERObjectIdentifier    id_ct_authEnvelopedData = new DERObjectIdentifier(id_ct + ".23");
+    static final ASN1ObjectIdentifier    id_ct_authData          = id_ct.branch("2");
+    static final ASN1ObjectIdentifier    id_ct_TSTInfo           = id_ct.branch("4");
+    static final ASN1ObjectIdentifier    id_ct_compressedData    = id_ct.branch("9");
+    static final ASN1ObjectIdentifier    id_ct_authEnvelopedData = id_ct.branch("23");
+    static final ASN1ObjectIdentifier    id_ct_timestampedData   = id_ct.branch("31");
 
     //
     // id-cti OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840)
     // rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6)}
     //
-    static String id_cti = "1.2.840.113549.1.9.16.6";
+    static final ASN1ObjectIdentifier    id_cti = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.6");
     
-    static final DERObjectIdentifier    id_cti_ets_proofOfOrigin  = new DERObjectIdentifier(id_cti + ".1");
-    static final DERObjectIdentifier    id_cti_ets_proofOfReceipt = new DERObjectIdentifier(id_cti + ".2");
-    static final DERObjectIdentifier    id_cti_ets_proofOfDelivery = new DERObjectIdentifier(id_cti + ".3");
-    static final DERObjectIdentifier    id_cti_ets_proofOfSender = new DERObjectIdentifier(id_cti + ".4");
-    static final DERObjectIdentifier    id_cti_ets_proofOfApproval = new DERObjectIdentifier(id_cti + ".5");
-    static final DERObjectIdentifier    id_cti_ets_proofOfCreation = new DERObjectIdentifier(id_cti + ".6");
+    static final ASN1ObjectIdentifier    id_cti_ets_proofOfOrigin  = id_cti.branch("1");
+    static final ASN1ObjectIdentifier    id_cti_ets_proofOfReceipt = id_cti.branch("2");
+    static final ASN1ObjectIdentifier    id_cti_ets_proofOfDelivery = id_cti.branch("3");
+    static final ASN1ObjectIdentifier    id_cti_ets_proofOfSender = id_cti.branch("4");
+    static final ASN1ObjectIdentifier    id_cti_ets_proofOfApproval = id_cti.branch("5");
+    static final ASN1ObjectIdentifier    id_cti_ets_proofOfCreation = id_cti.branch("6");
     
     //
     // id-aa OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840)
     // rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) attributes(2)}
     //
-    static String id_aa = "1.2.840.113549.1.9.16.2";
+    static final ASN1ObjectIdentifier    id_aa = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.2");
 
-    static final DERObjectIdentifier id_aa_receiptRequest = new DERObjectIdentifier(id_aa + ".1");
+
+    static final ASN1ObjectIdentifier id_aa_receiptRequest = id_aa.branch("1");
     
-    static final DERObjectIdentifier id_aa_contentHint = new DERObjectIdentifier(id_aa + ".4"); // See RFC 2634
+    static final ASN1ObjectIdentifier id_aa_contentHint = id_aa.branch("4"); // See RFC 2634
+    static final ASN1ObjectIdentifier id_aa_msgSigDigest = id_aa.branch("5");
+    static final ASN1ObjectIdentifier id_aa_contentReference = id_aa.branch("10");
     /*
      * id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11}
      * 
      */
-    static final DERObjectIdentifier id_aa_encrypKeyPref = new DERObjectIdentifier(id_aa + ".11");
-    static final DERObjectIdentifier id_aa_signingCertificate = new DERObjectIdentifier(id_aa + ".12");
-    static final DERObjectIdentifier id_aa_signingCertificateV2 = new DERObjectIdentifier(id_aa + ".47");
+    static final ASN1ObjectIdentifier id_aa_encrypKeyPref = id_aa.branch("11");
+    static final ASN1ObjectIdentifier id_aa_signingCertificate = id_aa.branch("12");
+    static final ASN1ObjectIdentifier id_aa_signingCertificateV2 = id_aa.branch("47");
 
-    static final DERObjectIdentifier id_aa_contentIdentifier = new DERObjectIdentifier(id_aa + ".7"); // See RFC 2634
+    static final ASN1ObjectIdentifier id_aa_contentIdentifier = id_aa.branch("7"); // See RFC 2634
 
     /*
      * RFC 3126
      */
-    static final DERObjectIdentifier id_aa_signatureTimeStampToken = new DERObjectIdentifier(id_aa + ".14");
+    static final ASN1ObjectIdentifier id_aa_signatureTimeStampToken = id_aa.branch("14");
     
-    static final DERObjectIdentifier id_aa_ets_sigPolicyId = new DERObjectIdentifier(id_aa + ".15");
-    static final DERObjectIdentifier id_aa_ets_commitmentType = new DERObjectIdentifier(id_aa + ".16");
-    static final DERObjectIdentifier id_aa_ets_signerLocation = new DERObjectIdentifier(id_aa + ".17");
-    static final DERObjectIdentifier id_aa_ets_signerAttr = new DERObjectIdentifier(id_aa + ".18");
-    static final DERObjectIdentifier id_aa_ets_otherSigCert = new DERObjectIdentifier(id_aa + ".19");
-    static final DERObjectIdentifier id_aa_ets_contentTimestamp = new DERObjectIdentifier(id_aa + ".20");
-    static final DERObjectIdentifier id_aa_ets_certificateRefs = new DERObjectIdentifier(id_aa + ".21");
-    static final DERObjectIdentifier id_aa_ets_revocationRefs = new DERObjectIdentifier(id_aa + ".22");
-    static final DERObjectIdentifier id_aa_ets_certValues = new DERObjectIdentifier(id_aa + ".23");
-    static final DERObjectIdentifier id_aa_ets_revocationValues = new DERObjectIdentifier(id_aa + ".24");
-    static final DERObjectIdentifier id_aa_ets_escTimeStamp = new DERObjectIdentifier(id_aa + ".25");
-    static final DERObjectIdentifier id_aa_ets_certCRLTimestamp = new DERObjectIdentifier(id_aa + ".26");
-    static final DERObjectIdentifier id_aa_ets_archiveTimestamp = new DERObjectIdentifier(id_aa + ".27");
+    static final ASN1ObjectIdentifier id_aa_ets_sigPolicyId = id_aa.branch("15");
+    static final ASN1ObjectIdentifier id_aa_ets_commitmentType = id_aa.branch("16");
+    static final ASN1ObjectIdentifier id_aa_ets_signerLocation = id_aa.branch("17");
+    static final ASN1ObjectIdentifier id_aa_ets_signerAttr = id_aa.branch("18");
+    static final ASN1ObjectIdentifier id_aa_ets_otherSigCert = id_aa.branch("19");
+    static final ASN1ObjectIdentifier id_aa_ets_contentTimestamp = id_aa.branch("20");
+    static final ASN1ObjectIdentifier id_aa_ets_certificateRefs = id_aa.branch("21");
+    static final ASN1ObjectIdentifier id_aa_ets_revocationRefs = id_aa.branch("22");
+    static final ASN1ObjectIdentifier id_aa_ets_certValues = id_aa.branch("23");
+    static final ASN1ObjectIdentifier id_aa_ets_revocationValues = id_aa.branch("24");
+    static final ASN1ObjectIdentifier id_aa_ets_escTimeStamp = id_aa.branch("25");
+    static final ASN1ObjectIdentifier id_aa_ets_certCRLTimestamp = id_aa.branch("26");
+    static final ASN1ObjectIdentifier id_aa_ets_archiveTimestamp = id_aa.branch("27");
 
     /** @deprecated use id_aa_ets_sigPolicyId instead */
-    static final DERObjectIdentifier id_aa_sigPolicyId = id_aa_ets_sigPolicyId;
+    static final ASN1ObjectIdentifier id_aa_sigPolicyId = id_aa_ets_sigPolicyId;
     /** @deprecated use id_aa_ets_commitmentType instead */
-    static final DERObjectIdentifier id_aa_commitmentType = id_aa_ets_commitmentType;
+    static final ASN1ObjectIdentifier id_aa_commitmentType = id_aa_ets_commitmentType;
     /** @deprecated use id_aa_ets_signerLocation instead */
-    static final DERObjectIdentifier id_aa_signerLocation = id_aa_ets_signerLocation;
+    static final ASN1ObjectIdentifier id_aa_signerLocation = id_aa_ets_signerLocation;
     /** @deprecated use id_aa_ets_otherSigCert instead */
-    static final DERObjectIdentifier id_aa_otherSigCert = id_aa_ets_otherSigCert;
+    static final ASN1ObjectIdentifier id_aa_otherSigCert = id_aa_ets_otherSigCert;
     
     //
     // id-spq OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840)
@@ -222,33 +230,33 @@
     //
     final String id_spq = "1.2.840.113549.1.9.16.5";
 
-    static final DERObjectIdentifier id_spq_ets_uri = new DERObjectIdentifier(id_spq + ".1");
-    static final DERObjectIdentifier id_spq_ets_unotice = new DERObjectIdentifier(id_spq + ".2");
+    static final ASN1ObjectIdentifier id_spq_ets_uri = new ASN1ObjectIdentifier(id_spq + ".1");
+    static final ASN1ObjectIdentifier id_spq_ets_unotice = new ASN1ObjectIdentifier(id_spq + ".2");
 
     //
     // pkcs-12 OBJECT IDENTIFIER ::= {
     //       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 }
     //
-    static final String                 pkcs_12                  = "1.2.840.113549.1.12";
-    static final String                 bagtypes                 = pkcs_12 + ".10.1";
+    static final ASN1ObjectIdentifier   pkcs_12                  = new ASN1ObjectIdentifier("1.2.840.113549.1.12");
+    static final ASN1ObjectIdentifier   bagtypes                 = pkcs_12.branch("10.1");
 
-    static final DERObjectIdentifier    keyBag                  = new DERObjectIdentifier(bagtypes + ".1");
-    static final DERObjectIdentifier    pkcs8ShroudedKeyBag     = new DERObjectIdentifier(bagtypes + ".2");
-    static final DERObjectIdentifier    certBag                 = new DERObjectIdentifier(bagtypes + ".3");
-    static final DERObjectIdentifier    crlBag                  = new DERObjectIdentifier(bagtypes + ".4");
-    static final DERObjectIdentifier    secretBag               = new DERObjectIdentifier(bagtypes + ".5");
-    static final DERObjectIdentifier    safeContentsBag         = new DERObjectIdentifier(bagtypes + ".6");
+    static final ASN1ObjectIdentifier    keyBag                  = bagtypes.branch("1");
+    static final ASN1ObjectIdentifier    pkcs8ShroudedKeyBag     = bagtypes.branch("2");
+    static final ASN1ObjectIdentifier    certBag                 = bagtypes.branch("3");
+    static final ASN1ObjectIdentifier    crlBag                  = bagtypes.branch("4");
+    static final ASN1ObjectIdentifier    secretBag               = bagtypes.branch("5");
+    static final ASN1ObjectIdentifier    safeContentsBag         = bagtypes.branch("6");
 
-    static final String pkcs_12PbeIds  = pkcs_12 + ".1";
+    static final ASN1ObjectIdentifier    pkcs_12PbeIds  = pkcs_12.branch("1");
 
-    static final DERObjectIdentifier    pbeWithSHAAnd128BitRC4 = new DERObjectIdentifier(pkcs_12PbeIds + ".1");
-    static final DERObjectIdentifier    pbeWithSHAAnd40BitRC4  = new DERObjectIdentifier(pkcs_12PbeIds + ".2");
-    static final DERObjectIdentifier    pbeWithSHAAnd3_KeyTripleDES_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".3");
-    static final DERObjectIdentifier    pbeWithSHAAnd2_KeyTripleDES_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".4");
-    static final DERObjectIdentifier    pbeWithSHAAnd128BitRC2_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".5");
-    static final DERObjectIdentifier    pbewithSHAAnd40BitRC2_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".6");
+    static final ASN1ObjectIdentifier    pbeWithSHAAnd128BitRC4 = pkcs_12PbeIds.branch("1");
+    static final ASN1ObjectIdentifier    pbeWithSHAAnd40BitRC4  = pkcs_12PbeIds.branch("2");
+    static final ASN1ObjectIdentifier    pbeWithSHAAnd3_KeyTripleDES_CBC = pkcs_12PbeIds.branch("3");
+    static final ASN1ObjectIdentifier    pbeWithSHAAnd2_KeyTripleDES_CBC = pkcs_12PbeIds.branch("4");
+    static final ASN1ObjectIdentifier    pbeWithSHAAnd128BitRC2_CBC = pkcs_12PbeIds.branch("5");
+    static final ASN1ObjectIdentifier    pbewithSHAAnd40BitRC2_CBC = pkcs_12PbeIds.branch("6");
 
-    static final DERObjectIdentifier    id_alg_CMS3DESwrap = new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6");
-    static final DERObjectIdentifier    id_alg_CMSRC2wrap = new DERObjectIdentifier("1.2.840.113549.1.9.16.3.7");
+    static final ASN1ObjectIdentifier    id_alg_CMS3DESwrap = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6");
+    static final ASN1ObjectIdentifier    id_alg_CMSRC2wrap = new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.7");
 }
 
diff --git a/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java b/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
index a7fff2f..9e84499 100644
--- a/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
+++ b/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
@@ -1,5 +1,9 @@
 package org.bouncycastle.asn1.pkcs;
 
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Enumeration;
+
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1InputStream;
@@ -14,10 +18,6 @@
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.Enumeration;
-
 public class PrivateKeyInfo
     extends ASN1Encodable
 {
@@ -39,12 +39,12 @@
         {
             return (PrivateKeyInfo)obj;
         }
-        else if (obj instanceof ASN1Sequence)
+        else if (obj != null)
         {
-            return new PrivateKeyInfo((ASN1Sequence)obj);
+            return new PrivateKeyInfo(ASN1Sequence.getInstance(obj));
         }
 
-        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+        return null;
     }
         
     public PrivateKeyInfo(
diff --git a/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java b/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java
new file mode 100644
index 0000000..b9a0407
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/sec/ECPrivateKeyStructure.java
@@ -0,0 +1,128 @@
+package org.bouncycastle.asn1.sec;
+
+import java.math.BigInteger;
+import java.util.Enumeration;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.util.BigIntegers;
+
+/**
+ * the elliptic curve private key object from SEC 1
+ */
+public class ECPrivateKeyStructure
+    extends ASN1Encodable
+{
+    private ASN1Sequence  seq;
+
+    public ECPrivateKeyStructure(
+        ASN1Sequence  seq)
+    {
+        this.seq = seq;
+    }
+
+    public ECPrivateKeyStructure(
+        BigInteger  key)
+    {
+        byte[] bytes = BigIntegers.asUnsignedByteArray(key);
+
+        ASN1EncodableVector v = new ASN1EncodableVector();
+
+        v.add(new DERInteger(1));
+        v.add(new DEROctetString(bytes));
+
+        seq = new DERSequence(v);
+    }
+
+    public ECPrivateKeyStructure(
+        BigInteger    key,
+        ASN1Encodable parameters)
+    {
+        this(key, null, parameters);
+    }
+
+    public ECPrivateKeyStructure(
+        BigInteger    key,
+        DERBitString  publicKey,
+        ASN1Encodable parameters)
+    {
+        byte[] bytes = BigIntegers.asUnsignedByteArray(key);
+
+        ASN1EncodableVector v = new ASN1EncodableVector();
+
+        v.add(new DERInteger(1));
+        v.add(new DEROctetString(bytes));
+
+        if (parameters != null)
+        {
+            v.add(new DERTaggedObject(true, 0, parameters));
+        }
+
+        if (publicKey != null)
+        {
+            v.add(new DERTaggedObject(true, 1, publicKey));
+        }
+
+        seq = new DERSequence(v);
+    }
+
+    public BigInteger getKey()
+    {
+        ASN1OctetString  octs = (ASN1OctetString)seq.getObjectAt(1);
+
+        return new BigInteger(1, octs.getOctets());
+    }
+
+    public DERBitString getPublicKey()
+    {
+        return (DERBitString)getObjectInTag(1);
+    }
+
+    public ASN1Object getParameters()
+    {
+        return getObjectInTag(0);
+    }
+
+    private ASN1Object getObjectInTag(int tagNo)
+    {
+        Enumeration e = seq.getObjects();
+
+        while (e.hasMoreElements())
+        {
+            DEREncodable obj = (DEREncodable)e.nextElement();
+
+            if (obj instanceof ASN1TaggedObject)
+            {
+                ASN1TaggedObject tag = (ASN1TaggedObject)obj;
+                if (tag.getTagNo() == tagNo)
+                {
+                    return (ASN1Object)((DEREncodable)tag.getObject()).getDERObject();
+                }
+            }
+        }
+        return null;
+    }
+
+    /**
+     * ECPrivateKey ::= SEQUENCE {
+     *     version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+     *     privateKey OCTET STRING,
+     *     parameters [0] Parameters OPTIONAL,
+     *     publicKey [1] BIT STRING OPTIONAL }
+     */
+    public DERObject toASN1Object()
+    {
+        return seq;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java b/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java
new file mode 100644
index 0000000..67ead06
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java
@@ -0,0 +1,1029 @@
+package org.bouncycastle.asn1.sec;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ECParametersHolder;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+
+import java.math.BigInteger;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+public class SECNamedCurves
+{
+    private static BigInteger fromHex(
+        String hex)
+    {
+        return new BigInteger(1, Hex.decode(hex));
+    }
+
+    /*
+     * secp112r1
+     */
+    static X9ECParametersHolder secp112r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = (2^128 - 3) / 76439
+            BigInteger p = fromHex("DB7C2ABF62E35E668076BEAD208B");
+            BigInteger a = fromHex("DB7C2ABF62E35E668076BEAD2088");
+            BigInteger b = fromHex("659EF8BA043916EEDE8911702B22");
+            byte[] S = Hex.decode("00F50B028E4D696E676875615175290472783FB1");
+            BigInteger n = fromHex("DB7C2ABF62E35E7628DFAC6561C5");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("02"
+            //+ "09487239995A5EE76B55F9C2F098"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "09487239995A5EE76B55F9C2F098"
+                + "A89CE5AF8724C0A23E0E0FF77500"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp112r2
+     */
+    static X9ECParametersHolder secp112r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = (2^128 - 3) / 76439
+            BigInteger p = fromHex("DB7C2ABF62E35E668076BEAD208B");
+            BigInteger a = fromHex("6127C24C05F38A0AAAF65C0EF02C");
+            BigInteger b = fromHex("51DEF1815DB5ED74FCC34C85D709");
+            byte[] S = Hex.decode("002757A1114D696E6768756151755316C05E0BD4");
+            BigInteger n = fromHex("36DF0AAFD8B8D7597CA10520D04B");
+            BigInteger h = BigInteger.valueOf(4);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "4BA30AB5E892B4E1649DD0928643"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "4BA30AB5E892B4E1649DD0928643"
+                + "ADCD46F5882E3747DEF36E956E97"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp128r1
+     */
+    static X9ECParametersHolder secp128r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^128 - 2^97 - 1
+            BigInteger p = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF");
+            BigInteger a = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC");
+            BigInteger b = fromHex("E87579C11079F43DD824993C2CEE5ED3");
+            byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679");
+            BigInteger n = fromHex("FFFFFFFE0000000075A30D1B9038A115");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "161FF7528B899B2D0C28607CA52C5B86"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "161FF7528B899B2D0C28607CA52C5B86"
+                + "CF5AC8395BAFEB13C02DA292DDED7A83"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp128r2
+     */
+    static X9ECParametersHolder secp128r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^128 - 2^97 - 1
+            BigInteger p = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF");
+            BigInteger a = fromHex("D6031998D1B3BBFEBF59CC9BBFF9AEE1");
+            BigInteger b = fromHex("5EEEFCA380D02919DC2C6558BB6D8A5D");
+            byte[] S = Hex.decode("004D696E67687561517512D8F03431FCE63B88F4");
+            BigInteger n = fromHex("3FFFFFFF7FFFFFFFBE0024720613B5A3");
+            BigInteger h = BigInteger.valueOf(4);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("02"
+            //+ "7B6AA5D85E572983E6FB32A7CDEBC140"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "7B6AA5D85E572983E6FB32A7CDEBC140"
+                + "27B6916A894D3AEE7106FE805FC34B44"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp160k1
+     */
+    static X9ECParametersHolder secp160k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1
+            BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73");
+            BigInteger a = ECConstants.ZERO;
+            BigInteger b = BigInteger.valueOf(7);
+            byte[] S = null;
+            BigInteger n = fromHex("0100000000000000000001B8FA16DFAB9ACA16B6B3");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+//            ECPoint G = curve.decodePoint(Hex.decode("02"
+//                + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"
+                + "938CF935318FDCED6BC28286531733C3F03C4FEE"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp160r1
+     */
+    static X9ECParametersHolder secp160r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^160 - 2^31 - 1
+            BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF");
+            BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC");
+            BigInteger b = fromHex("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45");
+            byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345");
+            BigInteger n = fromHex("0100000000000000000001F4C8F927AED3CA752257");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("02"
+                //+ "4A96B5688EF573284664698968C38BB913CBFC82"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "4A96B5688EF573284664698968C38BB913CBFC82"
+                + "23A628553168947D59DCC912042351377AC5FB32"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp160r2
+     */
+    static X9ECParametersHolder secp160r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1
+            BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73");
+            BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70");
+            BigInteger b = fromHex("B4E134D3FB59EB8BAB57274904664D5AF50388BA");
+            byte[] S = Hex.decode("B99B99B099B323E02709A4D696E6768756151751");
+            BigInteger n = fromHex("0100000000000000000000351EE786A818F3A1A16B");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("02"
+            //+ "52DCB034293A117E1F4FF11B30F7199D3144CE6D"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "52DCB034293A117E1F4FF11B30F7199D3144CE6D"
+                + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp192k1
+     */
+    static X9ECParametersHolder secp192k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^192 - 2^32 - 2^12 - 2^8 - 2^7 - 2^6 - 2^3 - 1
+            BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37");
+            BigInteger a = ECConstants.ZERO;
+            BigInteger b = BigInteger.valueOf(3);
+            byte[] S = null;
+            BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D"
+                + "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp192r1
+     */
+    static X9ECParametersHolder secp192r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^192 - 2^64 - 1
+            BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF");
+            BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC");
+            BigInteger b = fromHex("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1");
+            byte[] S = Hex.decode("3045AE6FC8422F64ED579528D38120EAE12196D5");
+            BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"
+                + "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp224k1
+     */
+    static X9ECParametersHolder secp224k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^224 - 2^32 - 2^12 - 2^11 - 2^9 - 2^7 - 2^4 - 2 - 1
+            BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D");
+            BigInteger a = ECConstants.ZERO;
+            BigInteger b = BigInteger.valueOf(5);
+            byte[] S = null;
+            BigInteger n = fromHex("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C"
+                + "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp224r1
+     */
+    static X9ECParametersHolder secp224r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^224 - 2^96 + 1
+            BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001");
+            BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE");
+            BigInteger b = fromHex("B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4");
+            byte[] S = Hex.decode("BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5");
+            BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("02"
+            //+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"
+                + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp256k1
+     */
+    static X9ECParametersHolder secp256k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
+            BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F");
+            BigInteger a = ECConstants.ZERO;
+            BigInteger b = BigInteger.valueOf(7);
+            byte[] S = null;
+            BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("02"
+            //+ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"
+                + "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp256r1
+     */
+    static X9ECParametersHolder secp256r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^224 (2^32 - 1) + 2^192 + 2^96 - 1
+            BigInteger p = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF");
+            BigInteger a = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC");
+            BigInteger b = fromHex("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B");
+            byte[] S = Hex.decode("C49D360886E704936A6678E1139D26B7819F7E90");
+            BigInteger n = fromHex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
+                + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp384r1
+     */
+    static X9ECParametersHolder secp384r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^384 - 2^128 - 2^96 + 2^32 - 1
+            BigInteger p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF");
+            BigInteger a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC");
+            BigInteger b = fromHex("B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF");
+            byte[] S = Hex.decode("A335926AA319A27A1D00896A6773A4827ACDAC73");
+            BigInteger n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7"
+                + "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * secp521r1
+     */
+    static X9ECParametersHolder secp521r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            // p = 2^521 - 1
+            BigInteger p = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
+            BigInteger a = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC");
+            BigInteger b = fromHex("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00");
+            byte[] S = Hex.decode("D09E8800291CB85396CC6717393284AAA0DA64BA");
+            BigInteger n = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409");
+            BigInteger h = BigInteger.valueOf(1);
+
+            ECCurve curve = new ECCurve.Fp(p, a, b);
+            //ECPoint G = curve.decodePoint(Hex.decode("02"
+            //+ "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66"
+                + "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+    
+    /*
+     * sect113r1
+     */
+    static X9ECParametersHolder sect113r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 113;
+            int k = 9;
+
+            BigInteger a = fromHex("003088250CA6E7C7FE649CE85820F7");
+            BigInteger b = fromHex("00E8BEE4D3E2260744188BE0E9C723");
+            byte[] S = Hex.decode("10E723AB14D696E6768756151756FEBF8FCB49A9");
+            BigInteger n = fromHex("0100000000000000D9CCEC8A39E56F");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "009D73616F35F4AB1407D73562C10F"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "009D73616F35F4AB1407D73562C10F"
+                + "00A52830277958EE84D1315ED31886"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect113r2
+     */
+    static X9ECParametersHolder sect113r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 113;
+            int k = 9;
+
+            BigInteger a = fromHex("00689918DBEC7E5A0DD6DFC0AA55C7");
+            BigInteger b = fromHex("0095E9A9EC9B297BD4BF36E059184F");
+            byte[] S = Hex.decode("10C0FB15760860DEF1EEF4D696E676875615175D");
+            BigInteger n = fromHex("010000000000000108789B2496AF93");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "01A57A6A7B26CA5EF52FCDB8164797"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "01A57A6A7B26CA5EF52FCDB8164797"
+                + "00B3ADC94ED1FE674C06E695BABA1D"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect131r1
+     */
+    static X9ECParametersHolder sect131r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 131;
+            int k1 = 2;
+            int k2 = 3;
+            int k3 = 8;
+
+            BigInteger a = fromHex("07A11B09A76B562144418FF3FF8C2570B8");
+            BigInteger b = fromHex("0217C05610884B63B9C6C7291678F9D341");
+            byte[] S = Hex.decode("4D696E676875615175985BD3ADBADA21B43A97E2");
+            BigInteger n = fromHex("0400000000000000023123953A9464B54D");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "0081BAF91FDF9833C40F9C181343638399"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "0081BAF91FDF9833C40F9C181343638399"
+                + "078C6E7EA38C001F73C8134B1B4EF9E150"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect131r2
+     */
+    static X9ECParametersHolder sect131r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 131;
+            int k1 = 2;
+            int k2 = 3;
+            int k3 = 8;
+
+            BigInteger a = fromHex("03E5A88919D7CAFCBF415F07C2176573B2");
+            BigInteger b = fromHex("04B8266A46C55657AC734CE38F018F2192");
+            byte[] S = Hex.decode("985BD3ADBAD4D696E676875615175A21B43A97E3");
+            BigInteger n = fromHex("0400000000000000016954A233049BA98F");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "0356DCD8F2F95031AD652D23951BB366A8"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "0356DCD8F2F95031AD652D23951BB366A8"
+                + "0648F06D867940A5366D9E265DE9EB240F"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect163k1
+     */
+    static X9ECParametersHolder sect163k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 163;
+            int k1 = 3;
+            int k2 = 6;
+            int k3 = 7;
+
+            BigInteger a = BigInteger.valueOf(1);
+            BigInteger b = BigInteger.valueOf(1);
+            byte[] S = null;
+            BigInteger n = fromHex("04000000000000000000020108A2E0CC0D99F8A5EF");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8"
+                + "0289070FB05D38FF58321F2E800536D538CCDAA3D9"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect163r1
+     */
+    static X9ECParametersHolder sect163r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 163;
+            int k1 = 3;
+            int k2 = 6;
+            int k3 = 7;
+
+            BigInteger a = fromHex("07B6882CAAEFA84F9554FF8428BD88E246D2782AE2");
+            BigInteger b = fromHex("0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9");
+            byte[] S = Hex.decode("24B7B137C8A14D696E6768756151756FD0DA2E5C");
+            BigInteger n = fromHex("03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "0369979697AB43897789566789567F787A7876A654"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "0369979697AB43897789566789567F787A7876A654"
+                + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect163r2
+     */
+    static X9ECParametersHolder sect163r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 163;
+            int k1 = 3;
+            int k2 = 6;
+            int k3 = 7;
+
+            BigInteger a = BigInteger.valueOf(1);
+            BigInteger b = fromHex("020A601907B8C953CA1481EB10512F78744A3205FD");
+            byte[] S = Hex.decode("85E25BFE5C86226CDB12016F7553F9D0E693A268");
+            BigInteger n = fromHex("040000000000000000000292FE77E70C12A4234C33");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "03F0EBA16286A2D57EA0991168D4994637E8343E36"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "03F0EBA16286A2D57EA0991168D4994637E8343E36"
+                + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect193r1
+     */
+    static X9ECParametersHolder sect193r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 193;
+            int k = 15;
+
+            BigInteger a = fromHex("0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01");
+            BigInteger b = fromHex("00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814");
+            byte[] S = Hex.decode("103FAEC74D696E676875615175777FC5B191EF30");
+            BigInteger n = fromHex("01000000000000000000000000C7F34A778F443ACC920EBA49");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1"
+                + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect193r2
+     */
+    static X9ECParametersHolder sect193r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 193;
+            int k = 15;
+
+            BigInteger a = fromHex("0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B");
+            BigInteger b = fromHex("00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE");
+            byte[] S = Hex.decode("10B7B4D696E676875615175137C8A16FD0DA2211");
+            BigInteger n = fromHex("010000000000000000000000015AAB561B005413CCD4EE99D5");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F"
+                + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect233k1
+     */
+    static X9ECParametersHolder sect233k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 233;
+            int k = 74;
+
+            BigInteger a = ECConstants.ZERO;
+            BigInteger b = BigInteger.valueOf(1);
+            byte[] S = null;
+            BigInteger n = fromHex("8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF");
+            BigInteger h = BigInteger.valueOf(4);
+
+            ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("02"
+            //+ "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126"
+                + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect233r1
+     */
+    static X9ECParametersHolder sect233r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 233;
+            int k = 74;
+
+            BigInteger a = BigInteger.valueOf(1);
+            BigInteger b = fromHex("0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD");
+            byte[] S = Hex.decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3");
+            BigInteger n = fromHex("01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B"
+                + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect239k1
+     */
+    static X9ECParametersHolder sect239k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 239;
+            int k = 158;
+
+            BigInteger a = ECConstants.ZERO;
+            BigInteger b = BigInteger.valueOf(1);
+            byte[] S = null;
+            BigInteger n = fromHex("2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5");
+            BigInteger h = BigInteger.valueOf(4);
+
+            ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC"
+                + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect283k1
+     */
+    static X9ECParametersHolder sect283k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 283;
+            int k1 = 5;
+            int k2 = 7;
+            int k3 = 12;
+
+            BigInteger a = ECConstants.ZERO;
+            BigInteger b = BigInteger.valueOf(1);
+            byte[] S = null;
+            BigInteger n = fromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61");
+            BigInteger h = BigInteger.valueOf(4);
+
+            ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("02"
+            //+ "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"
+                + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect283r1
+     */
+    static X9ECParametersHolder sect283r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 283;
+            int k1 = 5;
+            int k2 = 7;
+            int k3 = 12;
+
+            BigInteger a = BigInteger.valueOf(1);
+            BigInteger b = fromHex("027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5");
+            byte[] S = Hex.decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE");
+            BigInteger n = fromHex("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"
+                + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect409k1
+     */
+    static X9ECParametersHolder sect409k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 409;
+            int k = 87;
+
+            BigInteger a = ECConstants.ZERO;
+            BigInteger b = BigInteger.valueOf(1);
+            byte[] S = null;
+            BigInteger n = fromHex("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF");
+            BigInteger h = BigInteger.valueOf(4);
+
+            ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"
+                + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect409r1
+     */
+    static X9ECParametersHolder sect409r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 409;
+            int k = 87;
+
+            BigInteger a = BigInteger.valueOf(1);
+            BigInteger b = fromHex("0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F");
+            byte[] S = Hex.decode("4099B5A457F9D69F79213D094C4BCD4D4262210B");
+            BigInteger n = fromHex("010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"
+                + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect571k1
+     */
+    static X9ECParametersHolder sect571k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 571;
+            int k1 = 2;
+            int k2 = 5;
+            int k3 = 10;
+
+            BigInteger a = ECConstants.ZERO;
+            BigInteger b = BigInteger.valueOf(1);
+            byte[] S = null;
+            BigInteger n = fromHex("020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001");
+            BigInteger h = BigInteger.valueOf(4);
+
+            ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("02"
+            //+ "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"
+                + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+    /*
+     * sect571r1
+     */
+    static X9ECParametersHolder sect571r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            int m = 571;
+            int k1 = 2;
+            int k2 = 5;
+            int k3 = 10;
+
+            BigInteger a = BigInteger.valueOf(1);
+            BigInteger b = fromHex("02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A");
+            byte[] S = Hex.decode("2AA058F73A0E33AB486B0F610410C53A7F132310");
+            BigInteger n = fromHex("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47");
+            BigInteger h = BigInteger.valueOf(2);
+
+            ECCurve curve = new ECCurve.F2m(m, k1, k2, k3, a, b, n, h);
+            //ECPoint G = curve.decodePoint(Hex.decode("03"
+            //+ "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"));
+            ECPoint G = curve.decodePoint(Hex.decode("04"
+                + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"
+                + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B"));
+
+            return new X9ECParameters(curve, G, n, h, S);
+        }
+    };
+
+
+    static final Hashtable objIds = new Hashtable();
+    static final Hashtable curves = new Hashtable();
+    static final Hashtable names = new Hashtable();
+
+    static void defineCurve(String name, DERObjectIdentifier oid, X9ECParametersHolder holder)
+    {
+        objIds.put(name, oid);
+        names.put(oid, name);
+        curves.put(oid, holder);
+    }
+
+    static
+    {
+        defineCurve("secp112r1", SECObjectIdentifiers.secp112r1, secp112r1);
+        defineCurve("secp112r2", SECObjectIdentifiers.secp112r2, secp112r2);
+        defineCurve("secp128r1", SECObjectIdentifiers.secp128r1, secp128r1);
+        defineCurve("secp128r2", SECObjectIdentifiers.secp128r2, secp128r2);
+        defineCurve("secp160k1", SECObjectIdentifiers.secp160k1, secp160k1);
+        defineCurve("secp160r1", SECObjectIdentifiers.secp160r1, secp160r1);
+        defineCurve("secp160r2", SECObjectIdentifiers.secp160r2, secp160r2);
+        defineCurve("secp192k1", SECObjectIdentifiers.secp192k1, secp192k1);
+        defineCurve("secp192r1", SECObjectIdentifiers.secp192r1, secp192r1);
+        defineCurve("secp224k1", SECObjectIdentifiers.secp224k1, secp224k1);
+        defineCurve("secp224r1", SECObjectIdentifiers.secp224r1, secp224r1); 
+        defineCurve("secp256k1", SECObjectIdentifiers.secp256k1, secp256k1);
+        defineCurve("secp256r1", SECObjectIdentifiers.secp256r1, secp256r1); 
+        defineCurve("secp384r1", SECObjectIdentifiers.secp384r1, secp384r1); 
+        defineCurve("secp521r1", SECObjectIdentifiers.secp521r1, secp521r1); 
+
+        defineCurve("sect113r1", SECObjectIdentifiers.sect113r1, sect113r1);
+        defineCurve("sect113r2", SECObjectIdentifiers.sect113r2, sect113r2);
+        defineCurve("sect131r1", SECObjectIdentifiers.sect131r1, sect131r1);
+        defineCurve("sect131r2", SECObjectIdentifiers.sect131r2, sect131r2);
+        defineCurve("sect163k1", SECObjectIdentifiers.sect163k1, sect163k1);
+        defineCurve("sect163r1", SECObjectIdentifiers.sect163r1, sect163r1);
+        defineCurve("sect163r2", SECObjectIdentifiers.sect163r2, sect163r2);
+        defineCurve("sect193r1", SECObjectIdentifiers.sect193r1, sect193r1);
+        defineCurve("sect193r2", SECObjectIdentifiers.sect193r2, sect193r2);
+        defineCurve("sect233k1", SECObjectIdentifiers.sect233k1, sect233k1);
+        defineCurve("sect233r1", SECObjectIdentifiers.sect233r1, sect233r1);
+        defineCurve("sect239k1", SECObjectIdentifiers.sect239k1, sect239k1);
+        defineCurve("sect283k1", SECObjectIdentifiers.sect283k1, sect283k1);
+        defineCurve("sect283r1", SECObjectIdentifiers.sect283r1, sect283r1);
+        defineCurve("sect409k1", SECObjectIdentifiers.sect409k1, sect409k1);
+        defineCurve("sect409r1", SECObjectIdentifiers.sect409r1, sect409r1);
+        defineCurve("sect571k1", SECObjectIdentifiers.sect571k1, sect571k1);
+        defineCurve("sect571r1", SECObjectIdentifiers.sect571r1, sect571r1); 
+    }
+
+    public static X9ECParameters getByName(
+        String name)
+    {
+        DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name));
+
+        if (oid != null)
+        {
+            return getByOID(oid);
+        }
+
+        return null;
+    }
+
+    /**
+     * return the X9ECParameters object for the named curve represented by
+     * the passed in object identifier. Null if the curve isn't present.
+     *
+     * @param oid an object identifier representing a named curve, if present.
+     */
+    public static X9ECParameters getByOID(
+        DERObjectIdentifier oid)
+    {
+        X9ECParametersHolder holder = (X9ECParametersHolder)curves.get(oid);
+
+        if (holder != null)
+        {
+            return holder.getParameters();
+        }
+
+        return null;
+    }
+
+    /**
+     * return the object identifier signified by the passed in name. Null
+     * if there is no object identifier associated with name.
+     *
+     * @return the object identifier associated with name, if present.
+     */
+    public static DERObjectIdentifier getOID(
+        String name)
+    {
+        return (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name));
+    }
+
+    /**
+     * return the named curve name represented by the given object identifier.
+     */
+    public static String getName(
+        DERObjectIdentifier oid)
+    {
+        return (String)names.get(oid);
+    }
+
+    /**
+     * returns an enumeration containing the name strings for curves
+     * contained in this structure.
+     */
+    public static Enumeration getNames()
+    {
+        return objIds.keys();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java
new file mode 100644
index 0000000..8b19cd6
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/sec/SECObjectIdentifiers.java
@@ -0,0 +1,50 @@
+package org.bouncycastle.asn1.sec;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+
+public interface SECObjectIdentifiers
+{
+    /**
+     *  ellipticCurve OBJECT IDENTIFIER ::= {
+     *        iso(1) identified-organization(3) certicom(132) curve(0)
+     *  }
+     */
+    static final ASN1ObjectIdentifier ellipticCurve = new ASN1ObjectIdentifier("1.3.132.0");
+
+    static final ASN1ObjectIdentifier sect163k1 = ellipticCurve.branch("1");
+    static final ASN1ObjectIdentifier sect163r1 = ellipticCurve.branch("2");
+    static final ASN1ObjectIdentifier sect239k1 = ellipticCurve.branch("3");
+    static final ASN1ObjectIdentifier sect113r1 = ellipticCurve.branch("4");
+    static final ASN1ObjectIdentifier sect113r2 = ellipticCurve.branch("5");
+    static final ASN1ObjectIdentifier secp112r1 = ellipticCurve.branch("6");
+    static final ASN1ObjectIdentifier secp112r2 = ellipticCurve.branch("7");
+    static final ASN1ObjectIdentifier secp160r1 = ellipticCurve.branch("8");
+    static final ASN1ObjectIdentifier secp160k1 = ellipticCurve.branch("9");
+    static final ASN1ObjectIdentifier secp256k1 = ellipticCurve.branch("10");
+    static final ASN1ObjectIdentifier sect163r2 = ellipticCurve.branch("15");
+    static final ASN1ObjectIdentifier sect283k1 = ellipticCurve.branch("16");
+    static final ASN1ObjectIdentifier sect283r1 = ellipticCurve.branch("17");
+    static final ASN1ObjectIdentifier sect131r1 = ellipticCurve.branch("22");
+    static final ASN1ObjectIdentifier sect131r2 = ellipticCurve.branch("23");
+    static final ASN1ObjectIdentifier sect193r1 = ellipticCurve.branch("24");
+    static final ASN1ObjectIdentifier sect193r2 = ellipticCurve.branch("25");
+    static final ASN1ObjectIdentifier sect233k1 = ellipticCurve.branch("26");
+    static final ASN1ObjectIdentifier sect233r1 = ellipticCurve.branch("27");
+    static final ASN1ObjectIdentifier secp128r1 = ellipticCurve.branch("28");
+    static final ASN1ObjectIdentifier secp128r2 = ellipticCurve.branch("29");
+    static final ASN1ObjectIdentifier secp160r2 = ellipticCurve.branch("30");
+    static final ASN1ObjectIdentifier secp192k1 = ellipticCurve.branch("31");
+    static final ASN1ObjectIdentifier secp224k1 = ellipticCurve.branch("32");
+    static final ASN1ObjectIdentifier secp224r1 = ellipticCurve.branch("33");
+    static final ASN1ObjectIdentifier secp384r1 = ellipticCurve.branch("34");
+    static final ASN1ObjectIdentifier secp521r1 = ellipticCurve.branch("35");
+    static final ASN1ObjectIdentifier sect409k1 = ellipticCurve.branch("36");
+    static final ASN1ObjectIdentifier sect409r1 = ellipticCurve.branch("37");
+    static final ASN1ObjectIdentifier sect571k1 = ellipticCurve.branch("38");
+    static final ASN1ObjectIdentifier sect571r1 = ellipticCurve.branch("39");
+
+    static final ASN1ObjectIdentifier secp192r1 = X9ObjectIdentifiers.prime192v1;
+    static final ASN1ObjectIdentifier secp256r1 = X9ObjectIdentifiers.prime256v1;
+
+}
diff --git a/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java
index 32a2ed6..df9a0ff 100644
--- a/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java
@@ -1,42 +1,42 @@
 package org.bouncycastle.asn1.teletrust;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 public interface TeleTrusTObjectIdentifiers
 {
-    static final String teleTrusTAlgorithm = "1.3.36.3";
+    static final ASN1ObjectIdentifier teleTrusTAlgorithm = new ASN1ObjectIdentifier("1.3.36.3");
 
-    static final DERObjectIdentifier    ripemd160           = new DERObjectIdentifier(teleTrusTAlgorithm + ".2.1");
-    static final DERObjectIdentifier    ripemd128           = new DERObjectIdentifier(teleTrusTAlgorithm + ".2.2");
-    static final DERObjectIdentifier    ripemd256           = new DERObjectIdentifier(teleTrusTAlgorithm + ".2.3");
+    static final ASN1ObjectIdentifier    ripemd160           = teleTrusTAlgorithm.branch("2.1");
+    static final ASN1ObjectIdentifier    ripemd128           = teleTrusTAlgorithm.branch("2.2");
+    static final ASN1ObjectIdentifier    ripemd256           = teleTrusTAlgorithm.branch("2.3");
 
-    static final String teleTrusTRSAsignatureAlgorithm = teleTrusTAlgorithm + ".3.1";
+    static final ASN1ObjectIdentifier teleTrusTRSAsignatureAlgorithm = teleTrusTAlgorithm.branch("3.1");
 
-    static final DERObjectIdentifier    rsaSignatureWithripemd160           = new DERObjectIdentifier(teleTrusTRSAsignatureAlgorithm + ".2");
-    static final DERObjectIdentifier    rsaSignatureWithripemd128           = new DERObjectIdentifier(teleTrusTRSAsignatureAlgorithm + ".3");
-    static final DERObjectIdentifier    rsaSignatureWithripemd256           = new DERObjectIdentifier(teleTrusTRSAsignatureAlgorithm + ".4");
+    static final ASN1ObjectIdentifier    rsaSignatureWithripemd160           = teleTrusTRSAsignatureAlgorithm.branch("2");
+    static final ASN1ObjectIdentifier    rsaSignatureWithripemd128           = teleTrusTRSAsignatureAlgorithm.branch("3");
+    static final ASN1ObjectIdentifier    rsaSignatureWithripemd256           = teleTrusTRSAsignatureAlgorithm.branch("4");
 
-    static final DERObjectIdentifier    ecSign = new DERObjectIdentifier(teleTrusTAlgorithm + ".3.2");
+    static final ASN1ObjectIdentifier    ecSign = teleTrusTAlgorithm.branch("3.2");
 
-    static final DERObjectIdentifier    ecSignWithSha1  = new DERObjectIdentifier(ecSign + ".1");
-    static final DERObjectIdentifier    ecSignWithRipemd160  = new DERObjectIdentifier(ecSign + ".2");
+    static final ASN1ObjectIdentifier    ecSignWithSha1  = ecSign.branch("1");
+    static final ASN1ObjectIdentifier    ecSignWithRipemd160  = ecSign.branch("2");
 
-    static final DERObjectIdentifier ecc_brainpool = new DERObjectIdentifier(teleTrusTAlgorithm + ".3.2.8");
-    static final DERObjectIdentifier ellipticCurve = new DERObjectIdentifier(ecc_brainpool + ".1");
-    static final DERObjectIdentifier versionOne = new DERObjectIdentifier(ellipticCurve + ".1");    
+    static final ASN1ObjectIdentifier ecc_brainpool = teleTrusTAlgorithm.branch("3.2.8");
+    static final ASN1ObjectIdentifier ellipticCurve = ecc_brainpool.branch("1");
+    static final ASN1ObjectIdentifier versionOne = ellipticCurve.branch("1");
 
-    static final DERObjectIdentifier brainpoolP160r1 = new DERObjectIdentifier(versionOne + ".1");
-    static final DERObjectIdentifier brainpoolP160t1 = new DERObjectIdentifier(versionOne + ".2");
-    static final DERObjectIdentifier brainpoolP192r1 = new DERObjectIdentifier(versionOne + ".3");
-    static final DERObjectIdentifier brainpoolP192t1 = new DERObjectIdentifier(versionOne + ".4");
-    static final DERObjectIdentifier brainpoolP224r1 = new DERObjectIdentifier(versionOne + ".5");
-    static final DERObjectIdentifier brainpoolP224t1 = new DERObjectIdentifier(versionOne + ".6");
-    static final DERObjectIdentifier brainpoolP256r1 = new DERObjectIdentifier(versionOne + ".7");
-    static final DERObjectIdentifier brainpoolP256t1 = new DERObjectIdentifier(versionOne + ".8");
-    static final DERObjectIdentifier brainpoolP320r1 = new DERObjectIdentifier(versionOne + ".9");
-    static final DERObjectIdentifier brainpoolP320t1 = new DERObjectIdentifier(versionOne+".10");
-    static final DERObjectIdentifier brainpoolP384r1 = new DERObjectIdentifier(versionOne+".11");
-    static final DERObjectIdentifier brainpoolP384t1 = new DERObjectIdentifier(versionOne+".12");
-    static final DERObjectIdentifier brainpoolP512r1 = new DERObjectIdentifier(versionOne+".13");
-    static final DERObjectIdentifier brainpoolP512t1 = new DERObjectIdentifier(versionOne+".14");
+    static final ASN1ObjectIdentifier brainpoolP160r1 = versionOne.branch("1");
+    static final ASN1ObjectIdentifier brainpoolP160t1 = versionOne.branch("2");
+    static final ASN1ObjectIdentifier brainpoolP192r1 = versionOne.branch("3");
+    static final ASN1ObjectIdentifier brainpoolP192t1 = versionOne.branch("4");
+    static final ASN1ObjectIdentifier brainpoolP224r1 = versionOne.branch("5");
+    static final ASN1ObjectIdentifier brainpoolP224t1 = versionOne.branch("6");
+    static final ASN1ObjectIdentifier brainpoolP256r1 = versionOne.branch("7");
+    static final ASN1ObjectIdentifier brainpoolP256t1 = versionOne.branch("8");
+    static final ASN1ObjectIdentifier brainpoolP320r1 = versionOne.branch("9");
+    static final ASN1ObjectIdentifier brainpoolP320t1 = versionOne.branch("10");
+    static final ASN1ObjectIdentifier brainpoolP384r1 = versionOne.branch("11");
+    static final ASN1ObjectIdentifier brainpoolP384t1 = versionOne.branch("12");
+    static final ASN1ObjectIdentifier brainpoolP512r1 = versionOne.branch("13");
+    static final ASN1ObjectIdentifier brainpoolP512t1 = versionOne.branch("14");
 }
diff --git a/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
index 7d4f999..272f374 100644
--- a/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
+++ b/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
@@ -8,7 +8,6 @@
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.BERApplicationSpecific;
 import org.bouncycastle.asn1.BERConstructedOctetString;
-import org.bouncycastle.asn1.BERConstructedSequence;
 import org.bouncycastle.asn1.BERSequence;
 import org.bouncycastle.asn1.BERSet;
 import org.bouncycastle.asn1.BERTaggedObject;
@@ -16,8 +15,6 @@
 import org.bouncycastle.asn1.DERBMPString;
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERBoolean;
-import org.bouncycastle.asn1.DERConstructedSequence;
-import org.bouncycastle.asn1.DERConstructedSet;
 import org.bouncycastle.asn1.DEREncodable;
 import org.bouncycastle.asn1.DEREnumerated;
 import org.bouncycastle.asn1.DERExternal;
@@ -63,15 +60,7 @@
             String          tab = indent + TAB;
 
             buf.append(indent);
-            if (obj instanceof BERConstructedSequence)
-            {
-                buf.append("BER ConstructedSequence");
-            }
-            else if (obj instanceof DERConstructedSequence)
-            {
-                buf.append("DER ConstructedSequence");
-            }
-            else if (obj instanceof BERSequence)
+            if (obj instanceof BERSequence)
             {
                 buf.append("BER Sequence");
             }
@@ -145,35 +134,6 @@
                 _dumpAsString(tab, verbose, o.getObject(), buf);
             }
         }
-        else if (obj instanceof DERConstructedSet)
-        {
-            Enumeration     e = ((ASN1Set)obj).getObjects();
-            String          tab = indent + TAB;
-
-            buf.append(indent);
-            buf.append("ConstructedSet");
-            buf.append(nl);
-
-            while (e.hasMoreElements())
-            {
-                Object  o = e.nextElement();
-
-                if (o == null)
-                {
-                    buf.append(tab);
-                    buf.append("NULL");
-                    buf.append(nl);
-                }
-                else if (o instanceof DERObject)
-                {
-                    _dumpAsString(tab, verbose, (DERObject)o, buf);
-                }
-                else
-                {
-                    _dumpAsString(tab, verbose, ((DEREncodable)o).getDERObject(), buf);
-                }
-            }
-        }
         else if (obj instanceof BERSet)
         {
             Enumeration     e = ((ASN1Set)obj).getObjects();
diff --git a/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java b/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java
new file mode 100644
index 0000000..bbe2171
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/AttributeTypeAndValue.java
@@ -0,0 +1,71 @@
+package org.bouncycastle.asn1.x500;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+
+public class AttributeTypeAndValue
+    extends ASN1Encodable
+{
+    private ASN1ObjectIdentifier type;
+    private ASN1Encodable       value;
+
+    private AttributeTypeAndValue(ASN1Sequence seq)
+    {
+        type = (ASN1ObjectIdentifier)seq.getObjectAt(0);
+        value = (ASN1Encodable)seq.getObjectAt(1);
+    }
+
+    public static AttributeTypeAndValue getInstance(Object o)
+    {
+        if (o instanceof AttributeTypeAndValue)
+        {
+            return (AttributeTypeAndValue)o;
+        }
+        else if (o != null)
+        {
+            return new AttributeTypeAndValue(ASN1Sequence.getInstance(o));
+        }
+
+        throw new IllegalArgumentException("null value in getInstance()");
+    }
+
+    public AttributeTypeAndValue(
+        ASN1ObjectIdentifier type,
+        ASN1Encodable value)
+    {
+        this.type = type;
+        this.value = value;
+    }
+
+    public ASN1ObjectIdentifier getType()
+    {
+        return type;
+    }
+
+    public ASN1Encodable getValue()
+    {
+        return value;
+    }
+
+    /**
+     * <pre>
+     * AttributeTypeAndValue ::= SEQUENCE {
+     *           type         OBJECT IDENTIFIER,
+     *           value        ANY DEFINED BY type }
+     * </pre>
+     * @return a basic ASN.1 object representation.
+     */
+    public DERObject toASN1Object()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+
+        v.add(type);
+        v.add(value);
+
+        return new DERSequence(v);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java b/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java
new file mode 100644
index 0000000..b76155c
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/DirectoryString.java
@@ -0,0 +1,125 @@
+package org.bouncycastle.asn1.x500;
+
+import org.bouncycastle.asn1.ASN1Choice;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERBMPString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERT61String;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.DERUniversalString;
+
+public class DirectoryString
+    extends ASN1Encodable
+    implements ASN1Choice, ASN1String
+{
+    private ASN1String string;
+
+    public static DirectoryString getInstance(Object o)
+    {
+        if (o instanceof DirectoryString)
+        {
+            return (DirectoryString)o;
+        }
+
+        if (o instanceof DERT61String)
+        {
+            return new DirectoryString((DERT61String)o);
+        }
+
+        if (o instanceof DERPrintableString)
+        {
+            return new DirectoryString((DERPrintableString)o);
+        }
+
+        if (o instanceof DERUniversalString)
+        {
+            return new DirectoryString((DERUniversalString)o);
+        }
+
+        if (o instanceof DERUTF8String)
+        {
+            return new DirectoryString((DERUTF8String)o);
+        }
+
+        if (o instanceof DERBMPString)
+        {
+            return new DirectoryString((DERBMPString)o);
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + o.getClass().getName());
+    }
+
+    public static DirectoryString getInstance(ASN1TaggedObject o, boolean explicit)
+    {
+        if (!explicit)
+        {
+            throw new IllegalArgumentException("choice item must be explicitly tagged");
+        }
+
+        return getInstance(o.getObject());
+    }
+
+    private DirectoryString(
+        DERT61String string)
+    {
+        this.string = string;
+    }
+
+    private DirectoryString(
+        DERPrintableString string)
+    {
+        this.string = string;
+    }
+
+    private DirectoryString(
+        DERUniversalString string)
+    {
+        this.string = string;
+    }
+
+    private DirectoryString(
+        DERUTF8String string)
+    {
+        this.string = string;
+    }
+
+    private DirectoryString(
+        DERBMPString string)
+    {
+        this.string = string;
+    }
+
+    public DirectoryString(String string)
+    {
+        this.string = new DERUTF8String(string);
+    }
+
+    public String getString()
+    {
+        return string.getString();
+    }
+
+    public String toString()
+    {
+        return string.getString();
+    }
+
+    /**
+     * <pre>
+     *  DirectoryString ::= CHOICE {
+     *    teletexString               TeletexString (SIZE (1..MAX)),
+     *    printableString             PrintableString (SIZE (1..MAX)),
+     *    universalString             UniversalString (SIZE (1..MAX)),
+     *    utf8String                  UTF8String (SIZE (1..MAX)),
+     *    bmpString                   BMPString (SIZE (1..MAX))  }
+     * </pre>
+     */
+    public DERObject toASN1Object()
+    {
+        return ((DEREncodable)string).getDERObject();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/RDN.java b/src/main/java/org/bouncycastle/asn1/x500/RDN.java
new file mode 100644
index 0000000..700a918
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/RDN.java
@@ -0,0 +1,106 @@
+package org.bouncycastle.asn1.x500;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERSet;
+
+public class RDN
+    extends ASN1Encodable
+{
+    private ASN1Set values;
+
+    private RDN(ASN1Set values)
+    {
+        this.values = values;
+    }
+
+    public static RDN getInstance(Object obj)
+    {
+        if (obj instanceof RDN)
+        {
+            return (RDN)obj;
+        }
+        else if (obj != null)
+        {
+            return new RDN(ASN1Set.getInstance(obj));
+        }
+
+        return null;
+    }
+
+    /**
+     * Create a single valued RDN.
+     *
+     * @param oid
+     * @param value
+     */
+    public RDN(ASN1ObjectIdentifier oid, ASN1Encodable value)
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+
+        v.add(oid);
+        v.add(value);
+
+        this.values = new DERSet(new DERSequence(v));
+    }
+
+    public RDN(AttributeTypeAndValue attrTAndV)
+    {
+        this.values = new DERSet(attrTAndV);
+    }
+
+    /**
+     * Create a multi-valued RDN.
+     */
+    public RDN(AttributeTypeAndValue[] aAndVs)
+    {
+        this.values = new DERSet(aAndVs);
+    }
+
+    public boolean isMultiValued()
+    {
+        return this.values.size() > 1;
+    }
+
+    public AttributeTypeAndValue getFirst()
+    {
+        if (this.values.size() == 0)
+        {
+            return null;
+        }
+
+        return AttributeTypeAndValue.getInstance(this.values.getObjectAt(0));
+    }
+
+    public AttributeTypeAndValue[] getTypesAndValues()
+    {
+        AttributeTypeAndValue[] tmp = new AttributeTypeAndValue[values.size()];
+
+        for (int i = 0; i != tmp.length; i++)
+        {
+            tmp[i] = AttributeTypeAndValue.getInstance(values.getObjectAt(i));
+        }
+
+        return tmp;
+    }
+
+    /**
+     * <pre>
+     * RelativeDistinguishedName ::=
+     *                     SET OF AttributeTypeAndValue
+
+     * AttributeTypeAndValue ::= SEQUENCE {
+     *        type     AttributeType,
+     *        value    AttributeValue }
+     * </pre>
+     * @return
+     */
+    public DERObject toASN1Object()
+    {
+        return values;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/X500Name.java b/src/main/java/org/bouncycastle/asn1/x500/X500Name.java
new file mode 100644
index 0000000..3166463
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/X500Name.java
@@ -0,0 +1,274 @@
+package org.bouncycastle.asn1.x500;
+
+import java.util.Enumeration;
+
+import org.bouncycastle.asn1.ASN1Choice;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x509.X509Name;
+
+/**
+ * <pre>
+ *     Name ::= CHOICE {
+ *                       RDNSequence }
+ *
+ *     RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+ *
+ *     RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
+ *
+ *     AttributeTypeAndValue ::= SEQUENCE {
+ *                                   type  OBJECT IDENTIFIER,
+ *                                   value ANY }
+ * </pre>
+ */
+public class X500Name
+    extends ASN1Encodable
+    implements ASN1Choice
+{
+    private static X500NameStyle    defaultStyle = BCStyle.INSTANCE;
+
+    private boolean                 isHashCodeCalculated;
+    private int                     hashCodeValue;
+
+    private X500NameStyle style;
+    private RDN[] rdns;
+
+    public X500Name(X500NameStyle style, X500Name name)
+    {
+        this.rdns = name.rdns;
+        this.style = style;
+    }
+
+    /**
+     * Return a X509Name based on the passed in tagged object.
+     * 
+     * @param obj tag object holding name.
+     * @param explicit true if explicitly tagged false otherwise.
+     * @return the X509Name
+     */
+    public static X500Name getInstance(
+        ASN1TaggedObject obj,
+        boolean          explicit)
+    {
+        // must be true as choice item
+        return getInstance(ASN1Sequence.getInstance(obj, true));
+    }
+
+    public static X500Name getInstance(
+        Object  obj)
+    {
+        if (obj instanceof X500Name)
+        {
+            return (X500Name)obj;
+        }
+        else if (obj instanceof X509Name)
+        {
+            return new X500Name(ASN1Sequence.getInstance(((X509Name)obj).getDERObject()));
+        }
+        else if (obj != null)
+        {
+            return new X500Name(ASN1Sequence.getInstance(obj));
+        }
+
+        return null;
+    }
+
+    /**
+     * Constructor from ASN1Sequence
+     *
+     * the principal will be a list of constructed sets, each containing an (OID, String) pair.
+     */
+    private X500Name(
+        ASN1Sequence  seq)
+    {
+        this(defaultStyle, seq);
+    }
+
+    private X500Name(
+        X500NameStyle style,
+        ASN1Sequence  seq)
+    {
+        this.style = style;
+        this.rdns = new RDN[seq.size()];
+
+        int index = 0;
+
+        for (Enumeration e = seq.getObjects(); e.hasMoreElements();)
+        {
+            rdns[index++] = RDN.getInstance(e.nextElement());
+        }
+    }
+
+    public X500Name(
+        RDN[] rDNs)
+    {
+        this(defaultStyle, rDNs);
+    }
+
+    public X500Name(
+        X500NameStyle style,
+        RDN[]         rDNs)
+    {
+        this.rdns = rDNs;
+        this.style = style;
+    }
+
+    public X500Name(
+        String dirName)
+    {
+        this(defaultStyle, dirName);
+    }
+
+    public X500Name(
+        X500NameStyle style,
+        String        dirName)
+    {
+        this(style.fromString(dirName));
+
+        this.style = style;
+    }
+
+    /**
+     * return an array of RDNs in structure order.
+     *
+     * @return an array of RDN objects.
+     */
+    public RDN[] getRDNs()
+    {
+        RDN[] tmp = new RDN[this.rdns.length];
+
+        System.arraycopy(rdns, 0, tmp, 0, tmp.length);
+
+        return tmp;
+    }
+
+    /**
+     * return an array of RDNs containing the attribute type given by OID in structure order.
+     *
+     * @param oid the type OID we are looking for.
+     * @return an array, possibly zero length, of RDN objects.
+     */
+    public RDN[] getRDNs(ASN1ObjectIdentifier oid)
+    {
+        RDN[] res = new RDN[rdns.length];
+        int   count = 0;
+
+        for (int i = 0; i != rdns.length; i++)
+        {
+            RDN rdn = rdns[i];
+
+            if (rdn.isMultiValued())
+            {
+                AttributeTypeAndValue[] attr = rdn.getTypesAndValues();
+                for (int j = 0; j != attr.length; j++)
+                {
+                    if (attr[j].getType().equals(oid))
+                    {
+                        res[count++] = rdn;
+                        break;
+                    }
+                }
+            }
+            else
+            {
+                if (rdn.getFirst().getType().equals(oid))
+                {
+                    res[count++] = rdn;
+                }
+            }
+        }
+
+        RDN[] tmp = new RDN[count];
+
+        System.arraycopy(res, 0, tmp, 0, tmp.length);
+
+        return tmp;
+    }
+
+    public DERObject toASN1Object()
+    {
+        return new DERSequence(rdns);
+    }
+
+    public int hashCode()
+    {
+        if (isHashCodeCalculated)
+        {
+            return hashCodeValue;
+        }
+
+        isHashCodeCalculated = true;
+
+        hashCodeValue = style.calculateHashCode(this);
+
+        return hashCodeValue;
+    }
+
+    /**
+     * test for equality - note: case is ignored.
+     */
+    public boolean equals(Object obj)
+    {
+        if (obj == this)
+        {
+            return true;
+        }
+
+        if (!(obj instanceof X500Name || obj instanceof ASN1Sequence))
+        {
+            return false;
+        }
+        
+        DERObject derO = ((DEREncodable)obj).getDERObject();
+
+        if (this.getDERObject().equals(derO))
+        {
+            return true;
+        }
+
+        try
+        {
+            return style.areEqual(this, new X500Name(ASN1Sequence.getInstance(((DEREncodable)obj).getDERObject())));
+        }
+        catch (Exception e)
+        {
+            return false;
+        }
+    }
+    
+    public String toString()
+    {
+        return style.toString(this);
+    }
+
+    /**
+     * Set the default style for X500Name construction.
+     *
+     * @param style  an X500NameStyle
+     */
+    public static void setDefaultStyle(X500NameStyle style)
+    {
+        if (style == null)
+        {
+            throw new NullPointerException("cannot set style to null");
+        }
+
+        defaultStyle = style;
+    }
+
+    /**
+     * Return the current default style.
+     *
+     * @return default style for X500Name construction.
+     */
+    public static X500NameStyle getDefaultStyle()
+    {
+        return defaultStyle;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/X500NameBuilder.java b/src/main/java/org/bouncycastle/asn1/x500/X500NameBuilder.java
new file mode 100644
index 0000000..30e871c
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/X500NameBuilder.java
@@ -0,0 +1,81 @@
+package org.bouncycastle.asn1.x500;
+
+import java.util.Vector;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+
+public class X500NameBuilder
+{
+    private X500NameStyle template;
+    private Vector rdns = new Vector();
+
+    public X500NameBuilder(X500NameStyle template)
+    {
+        this.template = template;
+    }
+
+    public X500NameBuilder addRDN(ASN1ObjectIdentifier oid, String value)
+    {
+        this.addRDN(oid, template.stringToValue(oid, value));
+
+        return this;
+    }
+
+    public X500NameBuilder addRDN(ASN1ObjectIdentifier oid, ASN1Encodable value)
+    {
+        rdns.addElement(new RDN(oid, value));
+
+        return this;
+    }
+
+    public X500NameBuilder addRDN(AttributeTypeAndValue attrTAndV)
+    {
+        rdns.addElement(new RDN(attrTAndV));
+
+        return this;
+    }
+
+    public X500NameBuilder addMultiValuedRDN(ASN1ObjectIdentifier[] oids, String[] values)
+    {
+        ASN1Encodable[] vals = new ASN1Encodable[values.length];
+
+        for (int i = 0; i != vals.length; i++)
+        {
+            vals[i] = template.stringToValue(oids[i], values[i]);
+        }
+
+        return addMultiValuedRDN(oids, vals);
+    }
+
+    public X500NameBuilder addMultiValuedRDN(ASN1ObjectIdentifier[] oids, ASN1Encodable[] values)
+    {
+        AttributeTypeAndValue[] avs = new AttributeTypeAndValue[oids.length];
+
+        for (int i = 0; i != oids.length; i++)
+        {
+            avs[i] = new AttributeTypeAndValue(oids[i], values[i]);
+        }
+
+        return addMultiValuedRDN(avs);
+    }
+
+    public X500NameBuilder addMultiValuedRDN(AttributeTypeAndValue[] attrTAndVs)
+    {
+        rdns.addElement(new RDN(attrTAndVs));
+
+        return this;
+    }
+
+    public X500Name build()
+    {
+        RDN[] vals = new RDN[rdns.size()];
+
+        for (int i = 0; i != vals.length; i++)
+        {
+            vals[i] = (RDN)rdns.elementAt(i);
+        }
+
+        return new X500Name(template, vals);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java b/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java
new file mode 100644
index 0000000..7a7c837
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/X500NameStyle.java
@@ -0,0 +1,34 @@
+package org.bouncycastle.asn1.x500;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+
+/**
+ * It turns out that the number of standard ways the fields in a DN should be 
+ * encoded into their ASN.1 counterparts is rapidly approaching the
+ * number of machines on the internet. By default the X500Name class
+ * will produce UTF8Strings in line with the current recommendations (RFC 3280).
+ * <p>
+ */
+public interface X500NameStyle
+{
+    /**
+     * Convert the passed in String value into the appropriate ASN.1
+     * encoded object.
+     * 
+     * @param oid the oid associated with the value in the DN.
+     * @param value the value of the particular DN component.
+     * @return the ASN.1 equivalent for the value.
+     */
+    ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value);
+
+    ASN1ObjectIdentifier attrNameToOID(String attrName);
+
+    boolean areEqual(X500Name name1, X500Name name2);
+
+    RDN[] fromString(String dirName);
+
+    int calculateHashCode(X500Name name);
+
+    String toString(X500Name name);
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/BCStrictStyle.java b/src/main/java/org/bouncycastle/asn1/x500/style/BCStrictStyle.java
new file mode 100644
index 0000000..af10fef
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/style/BCStrictStyle.java
@@ -0,0 +1,33 @@
+package org.bouncycastle.asn1.x500.style;
+
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+
+/**
+ * Variation of BCStyle that insists on strict ordering for equality
+ * and hashCode comparisons
+ */
+public class BCStrictStyle
+    extends BCStyle
+{
+    public boolean areEqual(X500Name name1, X500Name name2)
+    {
+        RDN[] rdns1 = name1.getRDNs();
+        RDN[] rdns2 = name2.getRDNs();
+
+        if (rdns1.length != rdns2.length)
+        {
+            return false;
+        }
+
+        for (int i = 0; i != rdns1.length; i++)
+        {
+            if (rdnAreEqual(rdns1[i], rdns2[i]))
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java b/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java
new file mode 100644
index 0000000..32f93ff
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java
@@ -0,0 +1,544 @@
+package org.bouncycastle.asn1.x500.style;
+
+import java.io.IOException;
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERGeneralizedTime;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameStyle;
+import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
+
+public class BCStyle
+    implements X500NameStyle
+{
+    public static final X500NameStyle INSTANCE = new BCStyle();
+
+    /**
+     * country code - StringType(SIZE(2))
+     */
+    public static final ASN1ObjectIdentifier C = new ASN1ObjectIdentifier("2.5.4.6");
+
+    /**
+     * organization - StringType(SIZE(1..64))
+     */
+    public static final ASN1ObjectIdentifier O = new ASN1ObjectIdentifier("2.5.4.10");
+
+    /**
+     * organizational unit name - StringType(SIZE(1..64))
+     */
+    public static final ASN1ObjectIdentifier OU = new ASN1ObjectIdentifier("2.5.4.11");
+
+    /**
+     * Title
+     */
+    public static final ASN1ObjectIdentifier T = new ASN1ObjectIdentifier("2.5.4.12");
+
+    /**
+     * common name - StringType(SIZE(1..64))
+     */
+    public static final ASN1ObjectIdentifier CN = new ASN1ObjectIdentifier("2.5.4.3");
+
+    /**
+     * device serial number name - StringType(SIZE(1..64))
+     */
+    public static final ASN1ObjectIdentifier SN = new ASN1ObjectIdentifier("2.5.4.5");
+
+    /**
+     * street - StringType(SIZE(1..64))
+     */
+    public static final ASN1ObjectIdentifier STREET = new ASN1ObjectIdentifier("2.5.4.9");
+
+    /**
+     * device serial number name - StringType(SIZE(1..64))
+     */
+    public static final ASN1ObjectIdentifier SERIALNUMBER = SN;
+
+    /**
+     * locality name - StringType(SIZE(1..64))
+     */
+    public static final ASN1ObjectIdentifier L = new ASN1ObjectIdentifier("2.5.4.7");
+
+    /**
+     * state, or province name - StringType(SIZE(1..64))
+     */
+    public static final ASN1ObjectIdentifier ST = new ASN1ObjectIdentifier("2.5.4.8");
+
+    /**
+     * Naming attributes of type X520name
+     */
+    public static final ASN1ObjectIdentifier SURNAME = new ASN1ObjectIdentifier("2.5.4.4");
+    public static final ASN1ObjectIdentifier GIVENNAME = new ASN1ObjectIdentifier("2.5.4.42");
+    public static final ASN1ObjectIdentifier INITIALS = new ASN1ObjectIdentifier("2.5.4.43");
+    public static final ASN1ObjectIdentifier GENERATION = new ASN1ObjectIdentifier("2.5.4.44");
+    public static final ASN1ObjectIdentifier UNIQUE_IDENTIFIER = new ASN1ObjectIdentifier("2.5.4.45");
+
+    /**
+     * businessCategory - DirectoryString(SIZE(1..128)
+     */
+    public static final ASN1ObjectIdentifier BUSINESS_CATEGORY = new ASN1ObjectIdentifier(
+        "2.5.4.15");
+
+    /**
+     * postalCode - DirectoryString(SIZE(1..40)
+     */
+    public static final ASN1ObjectIdentifier POSTAL_CODE = new ASN1ObjectIdentifier(
+        "2.5.4.17");
+
+    /**
+     * dnQualifier - DirectoryString(SIZE(1..64)
+     */
+    public static final ASN1ObjectIdentifier DN_QUALIFIER = new ASN1ObjectIdentifier(
+        "2.5.4.46");
+
+    /**
+     * RFC 3039 Pseudonym - DirectoryString(SIZE(1..64)
+     */
+    public static final ASN1ObjectIdentifier PSEUDONYM = new ASN1ObjectIdentifier(
+        "2.5.4.65");
+
+
+    /**
+     * RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z
+     */
+    public static final ASN1ObjectIdentifier DATE_OF_BIRTH = new ASN1ObjectIdentifier(
+        "1.3.6.1.5.5.7.9.1");
+
+    /**
+     * RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128)
+     */
+    public static final ASN1ObjectIdentifier PLACE_OF_BIRTH = new ASN1ObjectIdentifier(
+        "1.3.6.1.5.5.7.9.2");
+
+    /**
+     * RFC 3039 Gender - PrintableString (SIZE(1)) -- "M", "F", "m" or "f"
+     */
+    public static final ASN1ObjectIdentifier GENDER = new ASN1ObjectIdentifier(
+        "1.3.6.1.5.5.7.9.3");
+
+    /**
+     * RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166
+     * codes only
+     */
+    public static final ASN1ObjectIdentifier COUNTRY_OF_CITIZENSHIP = new ASN1ObjectIdentifier(
+        "1.3.6.1.5.5.7.9.4");
+
+    /**
+     * RFC 3039 CountryOfResidence - PrintableString (SIZE (2)) -- ISO 3166
+     * codes only
+     */
+    public static final ASN1ObjectIdentifier COUNTRY_OF_RESIDENCE = new ASN1ObjectIdentifier(
+        "1.3.6.1.5.5.7.9.5");
+
+
+    /**
+     * ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64)
+     */
+    public static final ASN1ObjectIdentifier NAME_AT_BIRTH = new ASN1ObjectIdentifier("1.3.36.8.3.14");
+
+    /**
+     * RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF
+     * DirectoryString(SIZE(1..30))
+     */
+    public static final ASN1ObjectIdentifier POSTAL_ADDRESS = new ASN1ObjectIdentifier("2.5.4.16");
+
+    /**
+     * RFC 2256 dmdName
+     */
+    public static final ASN1ObjectIdentifier DMD_NAME = new ASN1ObjectIdentifier("2.5.4.54");
+
+    /**
+     * id-at-telephoneNumber
+     */
+    public static final ASN1ObjectIdentifier TELEPHONE_NUMBER = X509ObjectIdentifiers.id_at_telephoneNumber;
+
+    /**
+     * id-at-name
+     */
+    public static final ASN1ObjectIdentifier NAME = X509ObjectIdentifiers.id_at_name;
+
+    /**
+     * Email address (RSA PKCS#9 extension) - IA5String.
+     * <p>Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here.
+     */
+    public static final ASN1ObjectIdentifier EmailAddress = PKCSObjectIdentifiers.pkcs_9_at_emailAddress;
+
+    /**
+     * more from PKCS#9
+     */
+    public static final ASN1ObjectIdentifier UnstructuredName = PKCSObjectIdentifiers.pkcs_9_at_unstructuredName;
+    public static final ASN1ObjectIdentifier UnstructuredAddress = PKCSObjectIdentifiers.pkcs_9_at_unstructuredAddress;
+
+    /**
+     * email address in Verisign certificates
+     */
+    public static final ASN1ObjectIdentifier E = EmailAddress;
+
+    /*
+    * others...
+    */
+    public static final ASN1ObjectIdentifier DC = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25");
+
+    /**
+     * LDAP User id.
+     */
+    public static final ASN1ObjectIdentifier UID = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1");
+
+    /**
+     * default look up table translating OID values into their common symbols following
+     * the convention in RFC 2253 with a few extras
+     */
+    private static final Hashtable DefaultSymbols = new Hashtable();
+
+    /**
+     * look up table translating common symbols into their OIDS.
+     */
+    private static final Hashtable DefaultLookUp = new Hashtable();
+
+    static
+    {
+        DefaultSymbols.put(C, "C");
+        DefaultSymbols.put(O, "O");
+        DefaultSymbols.put(T, "T");
+        DefaultSymbols.put(OU, "OU");
+        DefaultSymbols.put(CN, "CN");
+        DefaultSymbols.put(L, "L");
+        DefaultSymbols.put(ST, "ST");
+        DefaultSymbols.put(SN, "SERIALNUMBER");
+        DefaultSymbols.put(EmailAddress, "E");
+        DefaultSymbols.put(DC, "DC");
+        DefaultSymbols.put(UID, "UID");
+        DefaultSymbols.put(STREET, "STREET");
+        DefaultSymbols.put(SURNAME, "SURNAME");
+        DefaultSymbols.put(GIVENNAME, "GIVENNAME");
+        DefaultSymbols.put(INITIALS, "INITIALS");
+        DefaultSymbols.put(GENERATION, "GENERATION");
+        DefaultSymbols.put(UnstructuredAddress, "unstructuredAddress");
+        DefaultSymbols.put(UnstructuredName, "unstructuredName");
+        DefaultSymbols.put(UNIQUE_IDENTIFIER, "UniqueIdentifier");
+        DefaultSymbols.put(DN_QUALIFIER, "DN");
+        DefaultSymbols.put(PSEUDONYM, "Pseudonym");
+        DefaultSymbols.put(POSTAL_ADDRESS, "PostalAddress");
+        DefaultSymbols.put(NAME_AT_BIRTH, "NameAtBirth");
+        DefaultSymbols.put(COUNTRY_OF_CITIZENSHIP, "CountryOfCitizenship");
+        DefaultSymbols.put(COUNTRY_OF_RESIDENCE, "CountryOfResidence");
+        DefaultSymbols.put(GENDER, "Gender");
+        DefaultSymbols.put(PLACE_OF_BIRTH, "PlaceOfBirth");
+        DefaultSymbols.put(DATE_OF_BIRTH, "DateOfBirth");
+        DefaultSymbols.put(POSTAL_CODE, "PostalCode");
+        DefaultSymbols.put(BUSINESS_CATEGORY, "BusinessCategory");
+        DefaultSymbols.put(TELEPHONE_NUMBER, "TelephoneNumber");
+        DefaultSymbols.put(NAME, "Name");
+
+        DefaultLookUp.put("c", C);
+        DefaultLookUp.put("o", O);
+        DefaultLookUp.put("t", T);
+        DefaultLookUp.put("ou", OU);
+        DefaultLookUp.put("cn", CN);
+        DefaultLookUp.put("l", L);
+        DefaultLookUp.put("st", ST);
+        DefaultLookUp.put("sn", SN);
+        DefaultLookUp.put("serialnumber", SN);
+        DefaultLookUp.put("street", STREET);
+        DefaultLookUp.put("emailaddress", E);
+        DefaultLookUp.put("dc", DC);
+        DefaultLookUp.put("e", E);
+        DefaultLookUp.put("uid", UID);
+        DefaultLookUp.put("surname", SURNAME);
+        DefaultLookUp.put("givenname", GIVENNAME);
+        DefaultLookUp.put("initials", INITIALS);
+        DefaultLookUp.put("generation", GENERATION);
+        DefaultLookUp.put("unstructuredaddress", UnstructuredAddress);
+        DefaultLookUp.put("unstructuredname", UnstructuredName);
+        DefaultLookUp.put("uniqueidentifier", UNIQUE_IDENTIFIER);
+        DefaultLookUp.put("dn", DN_QUALIFIER);
+        DefaultLookUp.put("pseudonym", PSEUDONYM);
+        DefaultLookUp.put("postaladdress", POSTAL_ADDRESS);
+        DefaultLookUp.put("nameofbirth", NAME_AT_BIRTH);
+        DefaultLookUp.put("countryofcitizenship", COUNTRY_OF_CITIZENSHIP);
+        DefaultLookUp.put("countryofresidence", COUNTRY_OF_RESIDENCE);
+        DefaultLookUp.put("gender", GENDER);
+        DefaultLookUp.put("placeofbirth", PLACE_OF_BIRTH);
+        DefaultLookUp.put("dateofbirth", DATE_OF_BIRTH);
+        DefaultLookUp.put("postalcode", POSTAL_CODE);
+        DefaultLookUp.put("businesscategory", BUSINESS_CATEGORY);
+        DefaultLookUp.put("telephonenumber", TELEPHONE_NUMBER);
+        DefaultLookUp.put("name", NAME);
+    }
+
+    protected BCStyle()
+    {
+
+    }
+    
+    public ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value)
+    {
+        if (value.length() != 0 && value.charAt(0) == '#')
+        {
+            try
+            {
+                return IETFUtils.valueFromHexString(value, 1);
+            }
+            catch (IOException e)
+            {
+                throw new RuntimeException("can't recode value for oid " + oid.getId());
+            }
+        }
+        else
+        {
+            if (value.length() != 0 && value.charAt(0) == '\\')
+            {
+                value = value.substring(1);
+            }
+            if (oid.equals(EmailAddress) || oid.equals(DC))
+            {
+                return new DERIA5String(value);
+            }
+            else if (oid.equals(DATE_OF_BIRTH))  // accept time string as well as # (for compatibility)
+            {
+                return new DERGeneralizedTime(value);
+            }
+            else if (oid.equals(C) || oid.equals(SN) || oid.equals(DN_QUALIFIER)
+                || oid.equals(TELEPHONE_NUMBER))
+            {
+                return new DERPrintableString(value);
+            }
+        }
+
+        return new DERUTF8String(value);
+    }
+
+    public ASN1ObjectIdentifier attrNameToOID(String attrName)
+    {
+        return IETFUtils.decodeAttrName(attrName, DefaultLookUp);
+    }
+
+    public boolean areEqual(X500Name name1, X500Name name2)
+    {
+        RDN[] rdns1 = name1.getRDNs();
+        RDN[] rdns2 = name2.getRDNs();
+
+        if (rdns1.length != rdns2.length)
+        {
+            return false;
+        }
+
+        boolean reverse = false;
+
+        if (rdns1[0].getFirst() != null && rdns2[0].getFirst() != null)
+        {
+            reverse = !rdns1[0].getFirst().getType().equals(rdns2[0].getFirst().getType());  // guess forward
+        }
+
+        for (int i = 0; i != rdns1.length; i++)
+        {
+            if (!foundMatch(reverse, rdns1[i], rdns2))
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private boolean foundMatch(boolean reverse, RDN rdn, RDN[] possRDNs)
+    {
+        if (reverse)
+        {
+            for (int i = possRDNs.length - 1; i >= 0; i--)
+            {
+                if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
+                {
+                    possRDNs[i] = null;
+                    return true;
+                }
+            }
+        }
+        else
+        {
+            for (int i = 0; i != possRDNs.length; i++)
+            {
+                if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
+                {
+                    possRDNs[i] = null;
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    protected boolean rdnAreEqual(RDN rdn1, RDN rdn2)
+    {
+        if (rdn1.isMultiValued())
+        {
+            if (rdn2.isMultiValued())
+            {
+                AttributeTypeAndValue[] atvs1 = rdn1.getTypesAndValues();
+                AttributeTypeAndValue[] atvs2 = rdn2.getTypesAndValues();
+
+                if (atvs1.length != atvs2.length)
+                {
+                    return false;
+                }
+
+                for (int i = 0; i != atvs1.length; i++)
+                {
+                    if (!atvAreEqual(atvs1[i], atvs2[i]))
+                    {
+                        return false;
+                    }
+                }
+            }
+            else
+            {
+                return false;
+            }
+        }
+        else
+        {
+            if (!rdn2.isMultiValued())
+            {
+                return atvAreEqual(rdn1.getFirst(), rdn2.getFirst());
+            }
+            else
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private boolean atvAreEqual(AttributeTypeAndValue atv1, AttributeTypeAndValue atv2)
+    {
+        if (atv1 == atv2)
+        {
+            return true;
+        }
+
+        if (atv1 == null)
+        {
+            return false;
+        }
+
+        if (atv2 == null)
+        {
+            return false;
+        }
+
+        ASN1ObjectIdentifier o1 = atv1.getType();
+        ASN1ObjectIdentifier o2 = atv2.getType();
+
+        if (!o1.equals(o2))
+        {
+            return false;
+        }
+
+        String v1 = IETFUtils.canonicalize(IETFUtils.valueToString(atv1.getValue()));
+        String v2 = IETFUtils.canonicalize(IETFUtils.valueToString(atv2.getValue()));
+
+        if (!v1.equals(v2))
+        {
+            return false;
+        }
+
+        return true;
+    }
+
+    public RDN[] fromString(String dirName)
+    {
+        return IETFUtils.rDNsFromString(dirName, this);
+    }
+
+    public int calculateHashCode(X500Name name)
+    {
+        int hashCodeValue = 0;
+        RDN[] rdns = name.getRDNs();
+
+        // this needs to be order independent, like equals
+        for (int i = 0; i != rdns.length; i++)
+        {
+            if (rdns[i].isMultiValued())
+            {
+                AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
+
+                for (int j = 0; j != atv.length; j++)
+                {
+                    hashCodeValue ^= atv[j].getType().hashCode();
+                    hashCodeValue ^= calcHashCode(atv[j].getValue());
+                }
+            }
+            else
+            {
+                hashCodeValue ^= rdns[i].getFirst().getType().hashCode();
+                hashCodeValue ^= calcHashCode(rdns[i].getFirst().getValue());
+            }
+        }
+
+        return hashCodeValue;
+    }
+
+    private int calcHashCode(ASN1Encodable enc)
+    {
+        String value = IETFUtils.valueToString(enc);
+
+        value = IETFUtils.canonicalize(value);
+
+        return value.hashCode();
+    }
+
+    public String toString(X500Name name)
+    {
+        StringBuffer buf = new StringBuffer();
+        boolean first = true;
+
+        RDN[] rdns = name.getRDNs();
+
+        for (int i = 0; i < rdns.length; i++)
+        {
+            if (first)
+            {
+                first = false;
+            }
+            else
+            {
+                buf.append(',');
+            }
+
+            if (rdns[i].isMultiValued())
+            {
+                AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
+                boolean firstAtv = true;
+
+                for (int j = 0; j != atv.length; j++)
+                {
+                    if (firstAtv)
+                    {
+                        firstAtv = false;
+                    }
+                    else
+                    {
+                        buf.append('+');
+                    }
+                    
+                    IETFUtils.appendTypeAndValue(buf, atv[j], DefaultSymbols);
+                }
+            }
+            else
+            {
+                IETFUtils.appendTypeAndValue(buf, rdns[i].getFirst(), DefaultSymbols);
+            }
+        }
+
+        return buf.toString();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java b/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java
new file mode 100644
index 0000000..5803042
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/style/IETFUtils.java
@@ -0,0 +1,294 @@
+package org.bouncycastle.asn1.x500.style;
+
+import java.io.IOException;
+import java.util.Hashtable;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERUniversalString;
+import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.X500NameStyle;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+
+public class IETFUtils
+{
+    public static RDN[] rDNsFromString(String name, X500NameStyle x500Style)
+    {
+        X500NameTokenizer nTok = new X500NameTokenizer(name);
+        X500NameBuilder builder = new X500NameBuilder(x500Style);
+
+        while (nTok.hasMoreTokens())
+        {
+            String  token = nTok.nextToken();
+            int     index = token.indexOf('=');
+
+            if (index == -1)
+            {
+                throw new IllegalArgumentException("badly formated directory string");
+            }
+
+            String               attr = token.substring(0, index);
+            String               value = token.substring(index + 1);
+            ASN1ObjectIdentifier oid = x500Style.attrNameToOID(attr);
+
+            if (value.indexOf('+') > 0)
+            {
+                X500NameTokenizer   vTok = new X500NameTokenizer(value, '+');
+                String  v = vTok.nextToken();
+
+                Vector oids = new Vector();
+                Vector values = new Vector();
+
+                oids.addElement(oid);
+                values.addElement(v);
+
+                while (vTok.hasMoreTokens())
+                {
+                    String  sv = vTok.nextToken();
+                    int     ndx = sv.indexOf('=');
+
+                    String  nm = sv.substring(0, ndx);
+                    String  vl = sv.substring(ndx + 1);
+
+                    oids.addElement(x500Style.attrNameToOID(nm));
+                    values.addElement(vl);
+                }
+
+                builder.addMultiValuedRDN(toOIDArray(oids), toValueArray(values));
+            }
+            else
+            {
+                builder.addRDN(oid, value);
+            }
+        }
+
+        return builder.build().getRDNs();
+    }
+
+    private static String[] toValueArray(Vector values)
+    {
+        String[] tmp = new String[values.size()];
+
+        for (int i = 0; i != tmp.length; i++)
+        {
+            tmp[i] = (String)values.elementAt(i);
+        }
+
+        return tmp;
+    }
+
+    private static ASN1ObjectIdentifier[] toOIDArray(Vector oids)
+    {
+        ASN1ObjectIdentifier[] tmp = new ASN1ObjectIdentifier[oids.size()];
+
+        for (int i = 0; i != tmp.length; i++)
+        {
+            tmp[i] = (ASN1ObjectIdentifier)oids.elementAt(i);
+        }
+
+        return tmp;
+    }
+
+    public static ASN1ObjectIdentifier decodeAttrName(
+        String      name,
+        Hashtable   lookUp)
+    {
+        if (Strings.toUpperCase(name).startsWith("OID."))
+        {
+            return new ASN1ObjectIdentifier(name.substring(4));
+        }
+        else if (name.charAt(0) >= '0' && name.charAt(0) <= '9')
+        {
+            return new ASN1ObjectIdentifier(name);
+        }
+
+        ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)lookUp.get(Strings.toLowerCase(name));
+        if (oid == null)
+        {
+            throw new IllegalArgumentException("Unknown object id - " + name + " - passed to distinguished name");
+        }
+
+        return oid;
+    }
+
+    public static ASN1Encodable valueFromHexString(
+        String  str,
+        int     off)
+        throws IOException
+    {
+        str = Strings.toLowerCase(str);
+        byte[] data = new byte[(str.length() - off) / 2];
+        for (int index = 0; index != data.length; index++)
+        {
+            char left = str.charAt((index * 2) + off);
+            char right = str.charAt((index * 2) + off + 1);
+
+            if (left < 'a')
+            {
+                data[index] = (byte)((left - '0') << 4);
+            }
+            else
+            {
+                data[index] = (byte)((left - 'a' + 10) << 4);
+            }
+            if (right < 'a')
+            {
+                data[index] |= (byte)(right - '0');
+            }
+            else
+            {
+                data[index] |= (byte)(right - 'a' + 10);
+            }
+        }
+
+        return ASN1Object.fromByteArray(data);
+    }
+
+    public static void appendTypeAndValue(
+        StringBuffer          buf,
+        AttributeTypeAndValue typeAndValue,
+        Hashtable             oidSymbols)
+    {
+        String  sym = (String)oidSymbols.get(typeAndValue.getType());
+
+        if (sym != null)
+        {
+            buf.append(sym);
+        }
+        else
+        {
+            buf.append(typeAndValue.getType().getId());
+        }
+
+        buf.append('=');
+
+        buf.append(valueToString(typeAndValue.getValue()));
+    }
+
+    public static String valueToString(ASN1Encodable value)
+    {
+        StringBuffer vBuf = new StringBuffer();
+
+        if (value instanceof ASN1String && !(value instanceof DERUniversalString))
+        {
+            String v = ((ASN1String)value).getString();
+            if (v.length() > 0 && v.charAt(0) == '#')
+            {
+                vBuf.append("\\" + v);
+            }
+            else
+            {
+                vBuf.append(v);
+            }
+        }
+        else
+        {
+            vBuf.append("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded())));
+        }
+
+        int     end = vBuf.length();
+        int     index = 0;
+
+        if (vBuf.length() >= 2 && vBuf.charAt(0) == '\\' && vBuf.charAt(1) == '#')
+        {
+            index += 2;
+        }
+
+        while (index != end)
+        {
+            if ((vBuf.charAt(index) == ',')
+               || (vBuf.charAt(index) == '"')
+               || (vBuf.charAt(index) == '\\')
+               || (vBuf.charAt(index) == '+')
+               || (vBuf.charAt(index) == '=')
+               || (vBuf.charAt(index) == '<')
+               || (vBuf.charAt(index) == '>')
+               || (vBuf.charAt(index) == ';'))
+            {
+                vBuf.insert(index, "\\");
+                index++;
+                end++;
+            }
+
+            index++;
+        }
+
+        return vBuf.toString();
+    }
+
+    private static String bytesToString(
+        byte[] data)
+    {
+        char[]  cs = new char[data.length];
+
+        for (int i = 0; i != cs.length; i++)
+        {
+            cs[i] = (char)(data[i] & 0xff);
+        }
+
+        return new String(cs);
+    }
+
+    public static String canonicalize(String s)
+    {
+        String value = Strings.toLowerCase(s.trim());
+
+        if (value.length() > 0 && value.charAt(0) == '#')
+        {
+            DERObject obj = decodeObject(value);
+
+            if (obj instanceof ASN1String)
+            {
+                value = Strings.toLowerCase(((ASN1String)obj).getString().trim());
+            }
+        }
+
+        value = stripInternalSpaces(value);
+
+        return value;
+    }
+
+    private static ASN1Object decodeObject(String oValue)
+    {
+        try
+        {
+            return ASN1Object.fromByteArray(Hex.decode(oValue.substring(1)));
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("unknown encoding in name: " + e);
+        }
+    }
+
+    public static String stripInternalSpaces(
+        String str)
+    {
+        StringBuffer res = new StringBuffer();
+
+        if (str.length() != 0)
+        {
+            char c1 = str.charAt(0);
+
+            res.append(c1);
+
+            for (int k = 1; k < str.length(); k++)
+            {
+                char c2 = str.charAt(k);
+                if (!(c1 == ' ' && c2 == ' '))
+                {
+                    res.append(c2);
+                }
+                c1 = c2;
+            }
+        }
+
+        return res.toString();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java b/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java
new file mode 100644
index 0000000..63f1a25
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/style/RFC4519Style.java
@@ -0,0 +1,443 @@
+package org.bouncycastle.asn1.x500.style;
+
+import java.io.IOException;
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERPrintableString;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameStyle;
+
+public class RFC4519Style
+    implements X500NameStyle
+{
+    public static final X500NameStyle INSTANCE = new RFC4519Style();
+
+    public static final ASN1ObjectIdentifier businessCategory = new ASN1ObjectIdentifier("2.5.4.15");
+    public static final ASN1ObjectIdentifier c = new ASN1ObjectIdentifier("2.5.4.6");
+    public static final ASN1ObjectIdentifier cn = new ASN1ObjectIdentifier("2.5.4.3");
+    public static final ASN1ObjectIdentifier dc = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.25");
+    public static final ASN1ObjectIdentifier description = new ASN1ObjectIdentifier("2.5.4.13");
+    public static final ASN1ObjectIdentifier destinationIndicator = new ASN1ObjectIdentifier("2.5.4.27");
+    public static final ASN1ObjectIdentifier distinguishedName = new ASN1ObjectIdentifier("2.5.4.49");
+    public static final ASN1ObjectIdentifier dnQualifier = new ASN1ObjectIdentifier("2.5.4.46");
+    public static final ASN1ObjectIdentifier enhancedSearchGuide = new ASN1ObjectIdentifier("2.5.4.47");
+    public static final ASN1ObjectIdentifier facsimileTelephoneNumber = new ASN1ObjectIdentifier("2.5.4.23");
+    public static final ASN1ObjectIdentifier generationQualifier = new ASN1ObjectIdentifier("2.5.4.44");
+    public static final ASN1ObjectIdentifier givenName = new ASN1ObjectIdentifier("2.5.4.42");
+    public static final ASN1ObjectIdentifier houseIdentifier = new ASN1ObjectIdentifier("2.5.4.51");
+    public static final ASN1ObjectIdentifier initials = new ASN1ObjectIdentifier("2.5.4.43");
+    public static final ASN1ObjectIdentifier internationalISDNNumber = new ASN1ObjectIdentifier("2.5.4.25");
+    public static final ASN1ObjectIdentifier l = new ASN1ObjectIdentifier("2.5.4.7");
+    public static final ASN1ObjectIdentifier member = new ASN1ObjectIdentifier("2.5.4.31");
+    public static final ASN1ObjectIdentifier name = new ASN1ObjectIdentifier("2.5.4.41");
+    public static final ASN1ObjectIdentifier o = new ASN1ObjectIdentifier("2.5.4.10");
+    public static final ASN1ObjectIdentifier ou = new ASN1ObjectIdentifier("2.5.4.11");
+    public static final ASN1ObjectIdentifier owner = new ASN1ObjectIdentifier("2.5.4.32");
+    public static final ASN1ObjectIdentifier physicalDeliveryOfficeName = new ASN1ObjectIdentifier("2.5.4.19");
+    public static final ASN1ObjectIdentifier postalAddress = new ASN1ObjectIdentifier("2.5.4.16");
+    public static final ASN1ObjectIdentifier postalCode = new ASN1ObjectIdentifier("2.5.4.17");
+    public static final ASN1ObjectIdentifier postOfficeBox = new ASN1ObjectIdentifier("2.5.4.18");
+    public static final ASN1ObjectIdentifier preferredDeliveryMethod = new ASN1ObjectIdentifier("2.5.4.28");
+    public static final ASN1ObjectIdentifier registeredAddress = new ASN1ObjectIdentifier("2.5.4.26");
+    public static final ASN1ObjectIdentifier roleOccupant = new ASN1ObjectIdentifier("2.5.4.33");
+    public static final ASN1ObjectIdentifier searchGuide = new ASN1ObjectIdentifier("2.5.4.14");
+    public static final ASN1ObjectIdentifier seeAlso = new ASN1ObjectIdentifier("2.5.4.34");
+    public static final ASN1ObjectIdentifier serialNumber = new ASN1ObjectIdentifier("2.5.4.5");
+    public static final ASN1ObjectIdentifier sn = new ASN1ObjectIdentifier("2.5.4.4");
+    public static final ASN1ObjectIdentifier st = new ASN1ObjectIdentifier("2.5.4.8");
+    public static final ASN1ObjectIdentifier street = new ASN1ObjectIdentifier("2.5.4.9");
+    public static final ASN1ObjectIdentifier telephoneNumber = new ASN1ObjectIdentifier("2.5.4.20");
+    public static final ASN1ObjectIdentifier teletexTerminalIdentifier = new ASN1ObjectIdentifier("2.5.4.22");
+    public static final ASN1ObjectIdentifier telexNumber = new ASN1ObjectIdentifier("2.5.4.21");
+    public static final ASN1ObjectIdentifier title = new ASN1ObjectIdentifier("2.5.4.12");
+    public static final ASN1ObjectIdentifier uid = new ASN1ObjectIdentifier("0.9.2342.19200300.100.1.1");
+    public static final ASN1ObjectIdentifier uniqueMember = new ASN1ObjectIdentifier("2.5.4.50");
+    public static final ASN1ObjectIdentifier userPassword = new ASN1ObjectIdentifier("2.5.4.35");
+    public static final ASN1ObjectIdentifier x121Address = new ASN1ObjectIdentifier("2.5.4.24");
+    public static final ASN1ObjectIdentifier x500UniqueIdentifier = new ASN1ObjectIdentifier("2.5.4.45");
+
+    /**
+     * default look up table translating OID values into their common symbols following
+     * the convention in RFC 2253 with a few extras
+     */
+    private static final Hashtable DefaultSymbols = new Hashtable();
+
+    /**
+     * look up table translating common symbols into their OIDS.
+     */
+    private static final Hashtable DefaultLookUp = new Hashtable();
+
+    static
+    {
+        DefaultSymbols.put(businessCategory, "businessCategory");
+        DefaultSymbols.put(c, "c");
+        DefaultSymbols.put(cn, "cn");
+        DefaultSymbols.put(dc, "dc");
+        DefaultSymbols.put(description, "description");
+        DefaultSymbols.put(destinationIndicator, "destinationIndicator");
+        DefaultSymbols.put(distinguishedName, "distinguishedName");
+        DefaultSymbols.put(dnQualifier, "dnQualifier");
+        DefaultSymbols.put(enhancedSearchGuide, "enhancedSearchGuide");
+        DefaultSymbols.put(facsimileTelephoneNumber, "facsimileTelephoneNumber");
+        DefaultSymbols.put(generationQualifier, "generationQualifier");
+        DefaultSymbols.put(givenName, "givenName");
+        DefaultSymbols.put(houseIdentifier, "houseIdentifier");
+        DefaultSymbols.put(initials, "initials");
+        DefaultSymbols.put(internationalISDNNumber, "internationalISDNNumber");
+        DefaultSymbols.put(l, "l");
+        DefaultSymbols.put(member, "member");
+        DefaultSymbols.put(name, "name");
+        DefaultSymbols.put(o, "o");
+        DefaultSymbols.put(ou, "ou");
+        DefaultSymbols.put(owner, "owner");
+        DefaultSymbols.put(physicalDeliveryOfficeName, "physicalDeliveryOfficeName");
+        DefaultSymbols.put(postalAddress, "postalAddress");
+        DefaultSymbols.put(postalCode, "postalCode");
+        DefaultSymbols.put(postOfficeBox, "postOfficeBox");
+        DefaultSymbols.put(preferredDeliveryMethod, "preferredDeliveryMethod");
+        DefaultSymbols.put(registeredAddress, "registeredAddress");
+        DefaultSymbols.put(roleOccupant, "roleOccupant");
+        DefaultSymbols.put(searchGuide, "searchGuide");
+        DefaultSymbols.put(seeAlso, "seeAlso");
+        DefaultSymbols.put(serialNumber, "serialNumber");
+        DefaultSymbols.put(sn, "sn");
+        DefaultSymbols.put(st, "st");
+        DefaultSymbols.put(street, "street");
+        DefaultSymbols.put(telephoneNumber, "telephoneNumber");
+        DefaultSymbols.put(teletexTerminalIdentifier, "teletexTerminalIdentifier");
+        DefaultSymbols.put(telexNumber, "telexNumber");
+        DefaultSymbols.put(title, "title");
+        DefaultSymbols.put(uid, "uid");
+        DefaultSymbols.put(uniqueMember, "uniqueMember");
+        DefaultSymbols.put(userPassword, "userPassword");
+        DefaultSymbols.put(x121Address, "x121Address");
+        DefaultSymbols.put(x500UniqueIdentifier, "x500UniqueIdentifier");
+
+        DefaultLookUp.put("businesscategory", businessCategory);
+        DefaultLookUp.put("c", c);
+        DefaultLookUp.put("cn", cn);
+        DefaultLookUp.put("dc", dc);
+        DefaultLookUp.put("description", description);
+        DefaultLookUp.put("destinationindicator", destinationIndicator);
+        DefaultLookUp.put("distinguishedname", distinguishedName);
+        DefaultLookUp.put("dnqualifier", dnQualifier);
+        DefaultLookUp.put("enhancedsearchguide", enhancedSearchGuide);
+        DefaultLookUp.put("facsimiletelephonenumber", facsimileTelephoneNumber);
+        DefaultLookUp.put("generationqualifier", generationQualifier);
+        DefaultLookUp.put("givenname", givenName);
+        DefaultLookUp.put("houseidentifier", houseIdentifier);
+        DefaultLookUp.put("initials", initials);
+        DefaultLookUp.put("internationalisdnnumber", internationalISDNNumber);
+        DefaultLookUp.put("l", l);
+        DefaultLookUp.put("member", member);
+        DefaultLookUp.put("name", name);
+        DefaultLookUp.put("o", o);
+        DefaultLookUp.put("ou", ou);
+        DefaultLookUp.put("owner", owner);
+        DefaultLookUp.put("physicaldeliveryofficename", physicalDeliveryOfficeName);
+        DefaultLookUp.put("postaladdress", postalAddress);
+        DefaultLookUp.put("postalcode", postalCode);
+        DefaultLookUp.put("postofficebox", postOfficeBox);
+        DefaultLookUp.put("preferreddeliverymethod", preferredDeliveryMethod);
+        DefaultLookUp.put("registeredaddress", registeredAddress);
+        DefaultLookUp.put("roleoccupant", roleOccupant);
+        DefaultLookUp.put("searchguide", searchGuide);
+        DefaultLookUp.put("seealso", seeAlso);
+        DefaultLookUp.put("serialnumber", serialNumber);
+        DefaultLookUp.put("sn", sn);
+        DefaultLookUp.put("st", st);
+        DefaultLookUp.put("street", street);
+        DefaultLookUp.put("telephonenumber", telephoneNumber);
+        DefaultLookUp.put("teletexterminalidentifier", teletexTerminalIdentifier);
+        DefaultLookUp.put("telexnumber", telexNumber);
+        DefaultLookUp.put("title", title);
+        DefaultLookUp.put("uid", uid);
+        DefaultLookUp.put("uniquemember", uniqueMember);
+        DefaultLookUp.put("userpassword", userPassword);
+        DefaultLookUp.put("x121address", x121Address);
+        DefaultLookUp.put("x500uniqueidentifier", x500UniqueIdentifier);
+
+        // TODO: need to add correct matching for equality comparisons.
+    }
+
+    protected RFC4519Style()
+    {
+
+    }
+
+    public ASN1Encodable stringToValue(ASN1ObjectIdentifier oid, String value)
+    {
+        if (value.length() != 0 && value.charAt(0) == '#')
+        {
+            try
+            {
+                return IETFUtils.valueFromHexString(value, 1);
+            }
+            catch (IOException e)
+            {
+                throw new RuntimeException("can't recode value for oid " + oid.getId());
+            }
+        }
+        else
+        {
+            if (value.length() != 0 && value.charAt(0) == '\\')
+            {
+                value = value.substring(1);
+            }
+            if (oid.equals(dc))
+            {
+                return new DERIA5String(value);
+            }
+            else if (oid.equals(c) || oid.equals(serialNumber) || oid.equals(dnQualifier)
+                || oid.equals(telephoneNumber))
+            {
+                return new DERPrintableString(value);
+            }
+        }
+
+        return new DERUTF8String(value);
+    }
+
+    public ASN1ObjectIdentifier attrNameToOID(String attrName)
+    {
+        return IETFUtils.decodeAttrName(attrName, DefaultLookUp);
+    }
+
+    public boolean areEqual(X500Name name1, X500Name name2)
+    {
+        RDN[] rdns1 = name1.getRDNs();
+        RDN[] rdns2 = name2.getRDNs();
+
+        if (rdns1.length != rdns2.length)
+        {
+            return false;
+        }
+
+        boolean reverse = false;
+
+        if (rdns1[0].getFirst() != null && rdns2[0].getFirst() != null)
+        {
+            reverse = !rdns1[0].getFirst().getType().equals(rdns2[0].getFirst().getType());  // guess forward
+        }
+
+        for (int i = 0; i != rdns1.length; i++)
+        {
+            if (!foundMatch(reverse, rdns1[i], rdns2))
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private boolean foundMatch(boolean reverse, RDN rdn, RDN[] possRDNs)
+    {
+        if (reverse)
+        {
+            for (int i = possRDNs.length - 1; i >= 0; i--)
+            {
+                if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
+                {
+                    possRDNs[i] = null;
+                    return true;
+                }
+            }
+        }
+        else
+        {
+            for (int i = 0; i != possRDNs.length; i++)
+            {
+                if (possRDNs[i] != null && rdnAreEqual(rdn, possRDNs[i]))
+                {
+                    possRDNs[i] = null;
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
+    protected boolean rdnAreEqual(RDN rdn1, RDN rdn2)
+    {
+        if (rdn1.isMultiValued())
+        {
+            if (rdn2.isMultiValued())
+            {
+                AttributeTypeAndValue[] atvs1 = rdn1.getTypesAndValues();
+                AttributeTypeAndValue[] atvs2 = rdn2.getTypesAndValues();
+
+                if (atvs1.length != atvs2.length)
+                {
+                    return false;
+                }
+
+                for (int i = 0; i != atvs1.length; i++)
+                {
+                    if (!atvAreEqual(atvs1[i], atvs2[i]))
+                    {
+                        return false;
+                    }
+                }
+            }
+            else
+            {
+                return false;
+            }
+        }
+        else
+        {
+            if (!rdn2.isMultiValued())
+            {
+                return atvAreEqual(rdn1.getFirst(), rdn2.getFirst());
+            }
+            else
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private boolean atvAreEqual(AttributeTypeAndValue atv1, AttributeTypeAndValue atv2)
+    {
+        if (atv1 == atv2)
+        {
+            return true;
+        }
+
+        if (atv1 == null)
+        {
+            return false;
+        }
+
+        if (atv2 == null)
+        {
+            return false;
+        }
+
+        ASN1ObjectIdentifier o1 = atv1.getType();
+        ASN1ObjectIdentifier o2 = atv2.getType();
+
+        if (!o1.equals(o2))
+        {
+            return false;
+        }
+
+        String v1 = IETFUtils.canonicalize(IETFUtils.valueToString(atv1.getValue()));
+        String v2 = IETFUtils.canonicalize(IETFUtils.valueToString(atv2.getValue()));
+
+        if (!v1.equals(v2))
+        {
+            return false;
+        }
+
+        return true;
+    }
+
+    // parse backwards
+    public RDN[] fromString(String dirName)
+    {
+        RDN[] tmp = IETFUtils.rDNsFromString(dirName, this);
+        RDN[] res = new RDN[tmp.length];
+
+        for (int i = 0; i != tmp.length; i++)
+        {
+            res[res.length - i - 1] = tmp[i];
+        }
+
+        return res;
+    }
+
+    public int calculateHashCode(X500Name name)
+    {
+        int hashCodeValue = 0;
+        RDN[] rdns = name.getRDNs();
+
+        // this needs to be order independent, like equals
+        for (int i = 0; i != rdns.length; i++)
+        {
+            if (rdns[i].isMultiValued())
+            {
+                AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
+
+                for (int j = 0; j != atv.length; j++)
+                {
+                    hashCodeValue ^= atv[j].getType().hashCode();
+                    hashCodeValue ^= calcHashCode(atv[j].getValue());
+                }
+            }
+            else
+            {
+                hashCodeValue ^= rdns[i].getFirst().getType().hashCode();
+                hashCodeValue ^= calcHashCode(rdns[i].getFirst().getValue());
+            }
+        }
+
+        return hashCodeValue;
+    }
+
+    private int calcHashCode(ASN1Encodable enc)
+    {
+        String value = IETFUtils.valueToString(enc);
+
+        value = IETFUtils.canonicalize(value);
+
+        return value.hashCode();
+    }
+
+    // convert in reverse
+    public String toString(X500Name name)
+    {
+        StringBuffer buf = new StringBuffer();
+        boolean first = true;
+
+        RDN[] rdns = name.getRDNs();
+
+        for (int i = rdns.length - 1; i >= 0; i--)
+        {
+            if (first)
+            {
+                first = false;
+            }
+            else
+            {
+                buf.append(',');
+            }
+
+            if (rdns[i].isMultiValued())
+            {
+                AttributeTypeAndValue[] atv = rdns[i].getTypesAndValues();
+                boolean firstAtv = true;
+
+                for (int j = 0; j != atv.length; j++)
+                {
+                    if (firstAtv)
+                    {
+                        firstAtv = false;
+                    }
+                    else
+                    {
+                        buf.append('+');
+                    }
+
+                    IETFUtils.appendTypeAndValue(buf, atv[j], DefaultSymbols);
+                }
+            }
+            else
+            {
+                IETFUtils.appendTypeAndValue(buf, rdns[i].getFirst(), DefaultSymbols);
+            }
+        }
+
+        return buf.toString();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java b/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java
new file mode 100644
index 0000000..7549a72
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x500/style/X500NameTokenizer.java
@@ -0,0 +1,99 @@
+package org.bouncycastle.asn1.x500.style;
+
+/**
+ * class for breaking up an X500 Name into it's component tokens, ala
+ * java.util.StringTokenizer. We need this class as some of the
+ * lightweight Java environment don't support classes like
+ * StringTokenizer.
+ */
+class X500NameTokenizer
+{
+    private String          value;
+    private int             index;
+    private char            seperator;
+    private StringBuffer    buf = new StringBuffer();
+
+    public X500NameTokenizer(
+        String  oid)
+    {
+        this(oid, ',');
+    }
+    
+    public X500NameTokenizer(
+        String  oid,
+        char    seperator)
+    {
+        this.value = oid;
+        this.index = -1;
+        this.seperator = seperator;
+    }
+
+    public boolean hasMoreTokens()
+    {
+        return (index != value.length());
+    }
+
+    public String nextToken()
+    {
+        if (index == value.length())
+        {
+            return null;
+        }
+
+        int     end = index + 1;
+        boolean quoted = false;
+        boolean escaped = false;
+
+        buf.setLength(0);
+
+        while (end != value.length())
+        {
+            char    c = value.charAt(end);
+
+            if (c == '"')
+            {
+                if (!escaped)
+                {
+                    quoted = !quoted;
+                }
+                else
+                {
+                    buf.append(c);
+                }
+                escaped = false;
+            }
+            else
+            {
+                if (escaped || quoted)
+                {
+                    if (c == '#' && buf.charAt(buf.length() - 1) == '=')
+                    {
+                        buf.append('\\');
+                    }
+                    else if (c == '+' && seperator != '+')
+                    {
+                        buf.append('\\');
+                    }
+                    buf.append(c);
+                    escaped = false;
+                }
+                else if (c == '\\')
+                {
+                    escaped = true;
+                }
+                else if (c == seperator)
+                {
+                    break;
+                }
+                else
+                {
+                    buf.append(c);
+                }
+            }
+            end++;
+        }
+
+        index = end;
+        return buf.toString().trim();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java b/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
index d581967..7288d38 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
@@ -2,9 +2,11 @@
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObject;
 import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
@@ -92,6 +94,15 @@
         }
     }
 
+    public ASN1ObjectIdentifier getAlgorithm()
+    {
+        return new ASN1ObjectIdentifier(objectId.getId());
+    }
+
+    /**
+     * @deprecated use getAlgorithm
+     * @return
+     */
     public DERObjectIdentifier getObjectId()
     {
         return objectId;
@@ -118,7 +129,14 @@
 
         if (parametersDefined)
         {
-            v.add(parameters);
+            if (parameters != null)
+            {
+                v.add(parameters);
+            }
+            else
+            {
+                v.add(DERNull.INSTANCE);
+            }
         }
 
         return new DERSequence(v);
diff --git a/src/main/java/org/bouncycastle/asn1/x509/Attribute.java b/src/main/java/org/bouncycastle/asn1/x509/Attribute.java
index c102e15..56df178 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/Attribute.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/Attribute.java
@@ -2,6 +2,7 @@
 
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.DERObject;
@@ -56,11 +57,16 @@
         this.attrValues = attrValues;
     }
 
-    public DERObjectIdentifier getAttrType()
+    public ASN1ObjectIdentifier getAttrType()
     {
-        return attrType;
+        return new ASN1ObjectIdentifier(attrType.getId());
     }
-    
+
+    public ASN1Encodable[] getAttributeValues()
+    {
+        return attrValues.toArray();
+    }
+
     public ASN1Set getAttrValues()
     {
         return attrValues;
diff --git a/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java b/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java
index cf00230..9e79e89 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java
@@ -24,12 +24,12 @@
         {
             return (AttributeCertificate)obj;
         }
-        else if (obj instanceof ASN1Sequence)
+        else if (obj != null)
         {
-            return new AttributeCertificate((ASN1Sequence)obj);
+            return new AttributeCertificate(ASN1Sequence.getInstance(obj));
         }
 
-        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+        return null;
     }
     
     public AttributeCertificate(
diff --git a/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java b/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java
index 66c9630..40c49c6 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java
@@ -1,6 +1,8 @@
 
 package org.bouncycastle.asn1.x509;
 
+import java.util.Enumeration;
+
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Sequence;
@@ -9,8 +11,6 @@
 import org.bouncycastle.asn1.DERObject;
 import org.bouncycastle.asn1.DERSequence;
 
-import java.util.Enumeration;
-
 /**
  * PKIX RFC-2459
  *
@@ -45,12 +45,12 @@
         {
             return (CertificateList)obj;
         }
-        else if (obj instanceof ASN1Sequence)
+        else if (obj != null)
         {
-            return new CertificateList((ASN1Sequence)obj);
+            return new CertificateList(ASN1Sequence.getInstance(obj));
         }
 
-        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+        return null;
     }
 
     public CertificateList(
diff --git a/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java b/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java
index a59f105..b6a294e 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java
@@ -13,7 +13,7 @@
  * <pre>
  * DistributionPointName ::= CHOICE {
  *     fullName                 [0] GeneralNames,
- *     nameRelativeToCRLIssuer  [1] RelativeDistinguishedName
+ *     nameRelativeToCRLIssuer  [1] RDN
  * }
  * </pre>
  */
diff --git a/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java b/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java
index c657c7b..29fdd72 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java
@@ -1,9 +1,11 @@
 package org.bouncycastle.asn1.x509;
 
+import java.io.IOException;
 import java.util.StringTokenizer;
 
 import org.bouncycastle.asn1.ASN1Choice;
 import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
@@ -13,6 +15,7 @@
 import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.util.IPAddress;
 
 /**
@@ -64,6 +67,13 @@
         this.tag = 4;
     }
 
+    public GeneralName(
+        X500Name dirName)
+    {
+        this.obj = dirName;
+        this.tag = 4;
+    }
+
     /**
      * @deprecated this constructor seems the wrong way round! Use GeneralName(tag, name).
      */
@@ -204,6 +214,18 @@
             }
         }
 
+        if (obj instanceof byte[])
+        {
+            try
+            {
+                return getInstance(ASN1Object.fromByteArray((byte[])obj));
+            }
+            catch (IOException e)
+            {
+                throw new IllegalArgumentException("unable to parse encoded general name");
+            }
+        }
+
         throw new IllegalArgumentException("unknown object in getInstance: " + obj.getClass().getName());
     }
 
diff --git a/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java b/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java
index 326ee20..2a4b1f1 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java
@@ -1,5 +1,7 @@
 package org.bouncycastle.asn1.x509;
 
+import java.math.BigInteger;
+
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Sequence;
@@ -9,8 +11,6 @@
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 
-import java.math.BigInteger;
-
 /**
  * Class for containing a restriction object subtrees in NameConstraints. See
  * RFC 3280.
@@ -64,9 +64,27 @@
             }
             break;
         case 3:
-            minimum = DERInteger.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(1)));
-            maximum = DERInteger.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(2)));
+        {
+            {
+                ASN1TaggedObject oMin = ASN1TaggedObject.getInstance(seq.getObjectAt(1));
+                if (oMin.getTagNo() != 0)
+                {
+                    throw new IllegalArgumentException("Bad tag number for 'minimum': " + oMin.getTagNo());
+                }
+                minimum = DERInteger.getInstance(oMin, false);
+            }
+
+            {
+                ASN1TaggedObject oMax = ASN1TaggedObject.getInstance(seq.getObjectAt(2));
+                if (oMax.getTagNo() != 1)
+                {
+                    throw new IllegalArgumentException("Bad tag number for 'maximum': " + oMax.getTagNo());
+                }
+                maximum = DERInteger.getInstance(oMax, false);
+            }
+
             break;
+        }
         default:
             throw new IllegalArgumentException("Bad sequence size: "
                     + seq.size());
diff --git a/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java b/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java
index d122327..9af439d 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java
@@ -39,12 +39,12 @@
         {
             return (SubjectPublicKeyInfo)obj;
         }
-        else if (obj instanceof ASN1Sequence)
+        else if (obj != null)
         {
-            return new SubjectPublicKeyInfo((ASN1Sequence)obj);
+            return new SubjectPublicKeyInfo(ASN1Sequence.getInstance(obj));
         }
 
-        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+        return null;
     }
 
     public SubjectPublicKeyInfo(
diff --git a/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java b/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java
index f14e9bb..128a1a1 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java
@@ -1,5 +1,7 @@
 package org.bouncycastle.asn1.x509;
 
+import java.util.Enumeration;
+
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
@@ -9,8 +11,6 @@
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.DERUTCTime;
 
-import java.util.Enumeration;
-
 /**
  * PKIX RFC-2459 - TBSCertList object.
  * <pre>
@@ -35,7 +35,7 @@
 public class TBSCertList
     extends ASN1Encodable
 {
-    public class CRLEntry
+    public static class CRLEntry
         extends ASN1Encodable
     {
         ASN1Sequence  seq;
diff --git a/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java b/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java
index f1a6cfd..36425d7 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java
@@ -60,12 +60,12 @@
         {
             return (TBSCertificateStructure)obj;
         }
-        else if (obj instanceof ASN1Sequence)
+        else if (obj != null)
         {
-            return new TBSCertificateStructure((ASN1Sequence)obj);
+            return new TBSCertificateStructure(ASN1Sequence.getInstance(obj));
         }
 
-        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+        return null;
     }
 
     public TBSCertificateStructure(
@@ -80,7 +80,7 @@
         //
         if (seq.getObjectAt(0) instanceof DERTaggedObject)
         {
-            version = DERInteger.getInstance(seq.getObjectAt(0));
+            version = DERInteger.getInstance((ASN1TaggedObject)seq.getObjectAt(0), true);
         }
         else
         {
diff --git a/src/main/java/org/bouncycastle/asn1/x509/Time.java b/src/main/java/org/bouncycastle/asn1/x509/Time.java
index c05c65d..d51209d 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/Time.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/Time.java
@@ -66,7 +66,7 @@
     public static Time getInstance(
         Object  obj)
     {
-        if (obj instanceof Time)
+        if (obj == null || obj instanceof Time)
         {
             return (Time)obj;
         }
diff --git a/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java b/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java
index 53505d1..1c3016d 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java
@@ -5,6 +5,7 @@
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.DERUTCTime;
+import org.bouncycastle.asn1.x500.X500Name;
 
 /**
  * Generator for Version 1 TBSCertificateStructures.
@@ -54,6 +55,12 @@
         this.issuer = issuer;
     }
 
+    public void setIssuer(
+        X500Name issuer)
+    {
+        this.issuer = X509Name.getInstance(issuer.getDERObject());
+    }
+
     public void setStartDate(
         Time startDate)
     {
@@ -84,6 +91,12 @@
         this.subject = subject;
     }
 
+    public void setSubject(
+        X500Name subject)
+    {
+        this.subject = X509Name.getInstance(subject.getDERObject());
+    }
+
     public void setSubjectPublicKeyInfo(
         SubjectPublicKeyInfo    pubKeyInfo)
     {
diff --git a/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java b/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java
index 9d8ba05..6fccbd0 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java
@@ -6,6 +6,7 @@
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.DERUTCTime;
+import org.bouncycastle.asn1.x500.X500Name;
 
 /**
  * Generator for Version 3 TBSCertificateStructures.
@@ -63,6 +64,12 @@
         this.issuer = issuer;
     }
 
+    public void setIssuer(
+        X500Name issuer)
+    {
+        this.issuer = X509Name.getInstance(issuer.getDERObject());
+    }
+    
     public void setStartDate(
         DERUTCTime startDate)
     {
@@ -93,6 +100,12 @@
         this.subject = subject;
     }
 
+    public void setSubject(
+        X500Name subject)
+    {
+        this.subject = X509Name.getInstance(subject.getDERObject());
+    }
+
     public void setIssuerUniqueID(
         DERBitString uniqueID)
     {
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java b/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java
index 347b661..8559b69 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java
@@ -41,17 +41,12 @@
         {
             return (X509CertificateStructure)obj;
         }
-        else if (obj instanceof ASN1Sequence)
+        else if (obj != null)
         {
-            return new X509CertificateStructure((ASN1Sequence)obj);
+            return new X509CertificateStructure(ASN1Sequence.getInstance(obj));
         }
 
-        if (obj != null)
-        {
-            throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
-        }
-
-        throw new IllegalArgumentException("null object in factory");
+        return null;
     }
 
     public X509CertificateStructure(
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java b/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
index 02ac76b..8c2cab4 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
@@ -1,16 +1,173 @@
 package org.bouncycastle.asn1.x509;
 
+import java.io.IOException;
+
+import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.DERBoolean;
 
-import java.io.IOException;
-
 /**
  * an object for the elements in the X.509 V3 extension block.
  */
 public class X509Extension
 {
+    /**
+     * Subject Directory Attributes
+     */
+    public static final ASN1ObjectIdentifier subjectDirectoryAttributes = new ASN1ObjectIdentifier("2.5.29.9");
+    
+    /**
+     * Subject Key Identifier 
+     */
+    public static final ASN1ObjectIdentifier subjectKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.14");
+
+    /**
+     * Key Usage 
+     */
+    public static final ASN1ObjectIdentifier keyUsage = new ASN1ObjectIdentifier("2.5.29.15");
+
+    /**
+     * Private Key Usage Period 
+     */
+    public static final ASN1ObjectIdentifier privateKeyUsagePeriod = new ASN1ObjectIdentifier("2.5.29.16");
+
+    /**
+     * Subject Alternative Name 
+     */
+    public static final ASN1ObjectIdentifier subjectAlternativeName = new ASN1ObjectIdentifier("2.5.29.17");
+
+    /**
+     * Issuer Alternative Name 
+     */
+    public static final ASN1ObjectIdentifier issuerAlternativeName = new ASN1ObjectIdentifier("2.5.29.18");
+
+    /**
+     * Basic Constraints 
+     */
+    public static final ASN1ObjectIdentifier basicConstraints = new ASN1ObjectIdentifier("2.5.29.19");
+
+    /**
+     * CRL Number 
+     */
+    public static final ASN1ObjectIdentifier cRLNumber = new ASN1ObjectIdentifier("2.5.29.20");
+
+    /**
+     * Reason code 
+     */
+    public static final ASN1ObjectIdentifier reasonCode = new ASN1ObjectIdentifier("2.5.29.21");
+
+    /**
+     * Hold Instruction Code 
+     */
+    public static final ASN1ObjectIdentifier instructionCode = new ASN1ObjectIdentifier("2.5.29.23");
+
+    /**
+     * Invalidity Date 
+     */
+    public static final ASN1ObjectIdentifier invalidityDate = new ASN1ObjectIdentifier("2.5.29.24");
+
+    /**
+     * Delta CRL indicator 
+     */
+    public static final ASN1ObjectIdentifier deltaCRLIndicator = new ASN1ObjectIdentifier("2.5.29.27");
+
+    /**
+     * Issuing Distribution Point 
+     */
+    public static final ASN1ObjectIdentifier issuingDistributionPoint = new ASN1ObjectIdentifier("2.5.29.28");
+
+    /**
+     * Certificate Issuer 
+     */
+    public static final ASN1ObjectIdentifier certificateIssuer = new ASN1ObjectIdentifier("2.5.29.29");
+
+    /**
+     * Name Constraints 
+     */
+    public static final ASN1ObjectIdentifier nameConstraints = new ASN1ObjectIdentifier("2.5.29.30");
+
+    /**
+     * CRL Distribution Points 
+     */
+    public static final ASN1ObjectIdentifier cRLDistributionPoints = new ASN1ObjectIdentifier("2.5.29.31");
+
+    /**
+     * Certificate Policies 
+     */
+    public static final ASN1ObjectIdentifier certificatePolicies = new ASN1ObjectIdentifier("2.5.29.32");
+
+    /**
+     * Policy Mappings 
+     */
+    public static final ASN1ObjectIdentifier policyMappings = new ASN1ObjectIdentifier("2.5.29.33");
+
+    /**
+     * Authority Key Identifier 
+     */
+    public static final ASN1ObjectIdentifier authorityKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.35");
+
+    /**
+     * Policy Constraints 
+     */
+    public static final ASN1ObjectIdentifier policyConstraints = new ASN1ObjectIdentifier("2.5.29.36");
+
+    /**
+     * Extended Key Usage 
+     */
+    public static final ASN1ObjectIdentifier extendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37");
+
+    /**
+     * Freshest CRL
+     */
+    public static final ASN1ObjectIdentifier freshestCRL = new ASN1ObjectIdentifier("2.5.29.46");
+     
+    /**
+     * Inhibit Any Policy
+     */
+    public static final ASN1ObjectIdentifier inhibitAnyPolicy = new ASN1ObjectIdentifier("2.5.29.54");
+
+    /**
+     * Authority Info Access
+     */
+    public static final ASN1ObjectIdentifier authorityInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.1");
+
+    /**
+     * Subject Info Access
+     */
+    public static final ASN1ObjectIdentifier subjectInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.11");
+    
+    /**
+     * Logo Type
+     */
+    public static final ASN1ObjectIdentifier logoType = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.12");
+
+    /**
+     * BiometricInfo
+     */
+    public static final ASN1ObjectIdentifier biometricInfo = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.2");
+    
+    /**
+     * QCStatements
+     */
+    public static final ASN1ObjectIdentifier qCStatements = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.3");
+
+    /**
+     * Audit identity extension in attribute certificates.
+     */
+    public static final ASN1ObjectIdentifier auditIdentity = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.4");
+    
+    /**
+     * NoRevAvail extension in attribute certificates.
+     */
+    public static final ASN1ObjectIdentifier noRevAvail = new ASN1ObjectIdentifier("2.5.29.56");
+
+    /**
+     * TargetInformation extension in attribute certificates.
+     */
+    public static final ASN1ObjectIdentifier targetInformation = new ASN1ObjectIdentifier("2.5.29.55");
+        
     boolean             critical;
     ASN1OctetString      value;
 
@@ -40,6 +197,11 @@
         return value;
     }
 
+    public ASN1Encodable getParsedValue()
+    {
+        return convertValueToObject(this);
+    }
+
     public int hashCode()
     {
         if (this.isCritical())
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java b/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
index 58d9504..a9819f4 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
@@ -1,7 +1,12 @@
 package org.bouncycastle.asn1.x509;
 
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.Vector;
+
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
@@ -9,175 +14,198 @@
 import org.bouncycastle.asn1.DERObject;
 import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
-// BEGIN android-added
-import org.bouncycastle.asn1.OrderedTable;
-// END android-added
-
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.Vector;
 
 public class X509Extensions
     extends ASN1Encodable
 {
     /**
      * Subject Directory Attributes
+     * @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier SubjectDirectoryAttributes = new DERObjectIdentifier("2.5.29.9");
+    public static final ASN1ObjectIdentifier SubjectDirectoryAttributes = new ASN1ObjectIdentifier("2.5.29.9");
     
     /**
-     * Subject Key Identifier 
+     * Subject Key Identifier
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier SubjectKeyIdentifier = new DERObjectIdentifier("2.5.29.14");
+    public static final ASN1ObjectIdentifier SubjectKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.14");
 
     /**
-     * Key Usage 
+     * Key Usage
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier KeyUsage = new DERObjectIdentifier("2.5.29.15");
+    public static final ASN1ObjectIdentifier KeyUsage = new ASN1ObjectIdentifier("2.5.29.15");
 
     /**
-     * Private Key Usage Period 
+     * Private Key Usage Period
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier PrivateKeyUsagePeriod = new DERObjectIdentifier("2.5.29.16");
+    public static final ASN1ObjectIdentifier PrivateKeyUsagePeriod = new ASN1ObjectIdentifier("2.5.29.16");
 
     /**
-     * Subject Alternative Name 
+     * Subject Alternative Name
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier SubjectAlternativeName = new DERObjectIdentifier("2.5.29.17");
+    public static final ASN1ObjectIdentifier SubjectAlternativeName = new ASN1ObjectIdentifier("2.5.29.17");
 
     /**
-     * Issuer Alternative Name 
+     * Issuer Alternative Name
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier IssuerAlternativeName = new DERObjectIdentifier("2.5.29.18");
+    public static final ASN1ObjectIdentifier IssuerAlternativeName = new ASN1ObjectIdentifier("2.5.29.18");
 
     /**
-     * Basic Constraints 
+     * Basic Constraints
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier BasicConstraints = new DERObjectIdentifier("2.5.29.19");
+    public static final ASN1ObjectIdentifier BasicConstraints = new ASN1ObjectIdentifier("2.5.29.19");
 
     /**
-     * CRL Number 
+     * CRL Number
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier CRLNumber = new DERObjectIdentifier("2.5.29.20");
+    public static final ASN1ObjectIdentifier CRLNumber = new ASN1ObjectIdentifier("2.5.29.20");
 
     /**
-     * Reason code 
+     * Reason code
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier ReasonCode = new DERObjectIdentifier("2.5.29.21");
+    public static final ASN1ObjectIdentifier ReasonCode = new ASN1ObjectIdentifier("2.5.29.21");
 
     /**
-     * Hold Instruction Code 
+     * Hold Instruction Code
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier InstructionCode = new DERObjectIdentifier("2.5.29.23");
+    public static final ASN1ObjectIdentifier InstructionCode = new ASN1ObjectIdentifier("2.5.29.23");
 
     /**
-     * Invalidity Date 
+     * Invalidity Date
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier InvalidityDate = new DERObjectIdentifier("2.5.29.24");
+    public static final ASN1ObjectIdentifier InvalidityDate = new ASN1ObjectIdentifier("2.5.29.24");
 
     /**
-     * Delta CRL indicator 
+     * Delta CRL indicator
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier DeltaCRLIndicator = new DERObjectIdentifier("2.5.29.27");
+    public static final ASN1ObjectIdentifier DeltaCRLIndicator = new ASN1ObjectIdentifier("2.5.29.27");
 
     /**
-     * Issuing Distribution Point 
+     * Issuing Distribution Point
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier IssuingDistributionPoint = new DERObjectIdentifier("2.5.29.28");
+    public static final ASN1ObjectIdentifier IssuingDistributionPoint = new ASN1ObjectIdentifier("2.5.29.28");
 
     /**
-     * Certificate Issuer 
+     * Certificate Issuer
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier CertificateIssuer = new DERObjectIdentifier("2.5.29.29");
+    public static final ASN1ObjectIdentifier CertificateIssuer = new ASN1ObjectIdentifier("2.5.29.29");
 
     /**
-     * Name Constraints 
+     * Name Constraints
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier NameConstraints = new DERObjectIdentifier("2.5.29.30");
+    public static final ASN1ObjectIdentifier NameConstraints = new ASN1ObjectIdentifier("2.5.29.30");
 
     /**
-     * CRL Distribution Points 
+     * CRL Distribution Points
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier CRLDistributionPoints = new DERObjectIdentifier("2.5.29.31");
+    public static final ASN1ObjectIdentifier CRLDistributionPoints = new ASN1ObjectIdentifier("2.5.29.31");
 
     /**
-     * Certificate Policies 
+     * Certificate Policies
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier CertificatePolicies = new DERObjectIdentifier("2.5.29.32");
+    public static final ASN1ObjectIdentifier CertificatePolicies = new ASN1ObjectIdentifier("2.5.29.32");
 
     /**
-     * Policy Mappings 
+     * Policy Mappings
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier PolicyMappings = new DERObjectIdentifier("2.5.29.33");
+    public static final ASN1ObjectIdentifier PolicyMappings = new ASN1ObjectIdentifier("2.5.29.33");
 
     /**
-     * Authority Key Identifier 
+     * Authority Key Identifier
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier AuthorityKeyIdentifier = new DERObjectIdentifier("2.5.29.35");
+    public static final ASN1ObjectIdentifier AuthorityKeyIdentifier = new ASN1ObjectIdentifier("2.5.29.35");
 
     /**
-     * Policy Constraints 
+     * Policy Constraints
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier PolicyConstraints = new DERObjectIdentifier("2.5.29.36");
+    public static final ASN1ObjectIdentifier PolicyConstraints = new ASN1ObjectIdentifier("2.5.29.36");
 
     /**
-     * Extended Key Usage 
+     * Extended Key Usage
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier ExtendedKeyUsage = new DERObjectIdentifier("2.5.29.37");
+    public static final ASN1ObjectIdentifier ExtendedKeyUsage = new ASN1ObjectIdentifier("2.5.29.37");
 
     /**
      * Freshest CRL
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier FreshestCRL = new DERObjectIdentifier("2.5.29.46");
+    public static final ASN1ObjectIdentifier FreshestCRL = new ASN1ObjectIdentifier("2.5.29.46");
      
     /**
      * Inhibit Any Policy
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier InhibitAnyPolicy = new DERObjectIdentifier("2.5.29.54");
+    public static final ASN1ObjectIdentifier InhibitAnyPolicy = new ASN1ObjectIdentifier("2.5.29.54");
 
     /**
      * Authority Info Access
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier AuthorityInfoAccess = new DERObjectIdentifier("1.3.6.1.5.5.7.1.1");
+    public static final ASN1ObjectIdentifier AuthorityInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.1");
 
     /**
      * Subject Info Access
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier SubjectInfoAccess = new DERObjectIdentifier("1.3.6.1.5.5.7.1.11");
+    public static final ASN1ObjectIdentifier SubjectInfoAccess = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.11");
     
     /**
      * Logo Type
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier LogoType = new DERObjectIdentifier("1.3.6.1.5.5.7.1.12");
+    public static final ASN1ObjectIdentifier LogoType = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.12");
 
     /**
      * BiometricInfo
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier BiometricInfo = new DERObjectIdentifier("1.3.6.1.5.5.7.1.2");
+    public static final ASN1ObjectIdentifier BiometricInfo = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.2");
     
     /**
      * QCStatements
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier QCStatements = new DERObjectIdentifier("1.3.6.1.5.5.7.1.3");
+    public static final ASN1ObjectIdentifier QCStatements = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.3");
 
     /**
      * Audit identity extension in attribute certificates.
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier AuditIdentity = new DERObjectIdentifier("1.3.6.1.5.5.7.1.4");
+    public static final ASN1ObjectIdentifier AuditIdentity = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.4");
     
     /**
      * NoRevAvail extension in attribute certificates.
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier NoRevAvail = new DERObjectIdentifier("2.5.29.56");
+    public static final ASN1ObjectIdentifier NoRevAvail = new ASN1ObjectIdentifier("2.5.29.56");
 
     /**
      * TargetInformation extension in attribute certificates.
+     *  @deprecated use X509Extension value.
      */
-    public static final DERObjectIdentifier TargetInformation = new DERObjectIdentifier("2.5.29.55");
+    public static final ASN1ObjectIdentifier TargetInformation = new ASN1ObjectIdentifier("2.5.29.55");
     
-    // BEGIN android-changed
-    private OrderedTable table = new OrderedTable();
-    // END android-changed
+    private Hashtable               extensions = new Hashtable();
+    private Vector                  ordering = new Vector();
 
     public static X509Extensions getInstance(
         ASN1TaggedObject obj,
@@ -221,26 +249,20 @@
         {
             ASN1Sequence            s = ASN1Sequence.getInstance(e.nextElement());
 
-            // BEGIN android-changed
-            int sSize = s.size();
-            DERObjectIdentifier key = (DERObjectIdentifier) s.getObjectAt(0);
-            Object value;
-            
-            if (sSize == 3)
+            if (s.size() == 3)
             {
-                value = new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2)));
+                extensions.put(s.getObjectAt(0), new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))));
             }
-            else if (sSize == 2)
+            else if (s.size() == 2)
             {
-                value = new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1)));
+                extensions.put(s.getObjectAt(0), new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1))));
             }
             else
             {
-                throw new IllegalArgumentException("Bad sequence size: " + sSize);
+                throw new IllegalArgumentException("Bad sequence size: " + s.size());
             }
 
-            table.add(key, value);
-            // END android-changed
+            ordering.addElement(s.getObjectAt(0));
         }
     }
 
@@ -275,14 +297,20 @@
             e = ordering.elements();
         }
 
-        // BEGIN android-changed
         while (e.hasMoreElements())
         {
-            DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
-            X509Extension           ext = (X509Extension)extensions.get(oid);
-            table.add(oid, ext);
+            this.ordering.addElement(new ASN1ObjectIdentifier(((DERObjectIdentifier)e.nextElement()).getId())); 
         }
-        // END android-changed
+
+        e = this.ordering.elements();
+
+        while (e.hasMoreElements())
+        {
+            ASN1ObjectIdentifier     oid = new ASN1ObjectIdentifier(((DERObjectIdentifier)e.nextElement()).getId());
+            X509Extension           ext = (X509Extension)extensions.get(oid);
+
+            this.extensions.put(oid, ext);
+        }
     }
 
     /**
@@ -297,18 +325,23 @@
     {
         Enumeration e = objectIDs.elements();
 
-        // BEGIN android-changed
-        int count = 0;
-        
         while (e.hasMoreElements())
         {
-            DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
+            this.ordering.addElement(e.nextElement()); 
+        }
+
+        int count = 0;
+        
+        e = this.ordering.elements();
+
+        while (e.hasMoreElements())
+        {
+            ASN1ObjectIdentifier     oid = (ASN1ObjectIdentifier)e.nextElement();
             X509Extension           ext = (X509Extension)values.elementAt(count);
 
-            table.add(oid, ext);
+            this.extensions.put(oid, ext);
             count++;
         }
-        // END android-changed
     }
     
     /**
@@ -316,9 +349,7 @@
      */
     public Enumeration oids()
     {
-        // BEGIN android-changed
-        return table.getKeys();
-        // END android-changed
+        return ordering.elements();
     }
 
     /**
@@ -328,11 +359,20 @@
      * @return the extension if it's present, null otherwise.
      */
     public X509Extension getExtension(
+        ASN1ObjectIdentifier oid)
+    {
+        return (X509Extension)extensions.get(oid);
+    }
+
+    /**
+     * @deprecated
+     * @param oid
+     * @return
+     */
+    public X509Extension getExtension(
         DERObjectIdentifier oid)
     {
-        // BEGIN android-changed
-        return (X509Extension)table.get(oid);
-        // END android-changed
+        return (X509Extension)extensions.get(oid);
     }
 
     /**
@@ -348,14 +388,12 @@
     public DERObject toASN1Object()
     {
         ASN1EncodableVector     vec = new ASN1EncodableVector();
-        // BEGIN android-changed
-        int                     size = table.size();
+        Enumeration             e = ordering.elements();
 
-        for (int i = 0; i < size; i++)
+        while (e.hasMoreElements())
         {
-            DERObjectIdentifier     oid = table.getKey(i);
-            X509Extension           ext = (X509Extension)table.getValue(i);
-            // END android-changed
+            ASN1ObjectIdentifier     oid = (ASN1ObjectIdentifier)e.nextElement();
+            X509Extension           ext = (X509Extension)extensions.get(oid);
             ASN1EncodableVector     v = new ASN1EncodableVector();
 
             v.add(oid);
@@ -378,24 +416,18 @@
     public boolean equivalent(
         X509Extensions other)
     {
-        // BEGIN android-changed
-        if (table.size() != other.table.size())
-        // END android-changed
+        if (extensions.size() != other.extensions.size())
         {
             return false;
         }
 
-        // BEGIN android-changed
-        Enumeration     e1 = table.getKeys();
-        // END android-changed
+        Enumeration     e1 = extensions.keys();
 
         while (e1.hasMoreElements())
         {
-            // BEGIN android-changed
-            DERObjectIdentifier  key = (DERObjectIdentifier)e1.nextElement();
+            Object  key = e1.nextElement();
 
-            if (!table.get(key).equals(other.table.get(key)))
-            // END android-changed
+            if (!extensions.get(key).equals(other.extensions.get(key)))
             {
                 return false;
             }
@@ -403,4 +435,47 @@
 
         return true;
     }
+
+    public ASN1ObjectIdentifier[] getExtensionOIDs()
+    {
+        return toOidArray(ordering);
+    }
+    
+    public ASN1ObjectIdentifier[] getNonCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(false);
+    }
+
+    public ASN1ObjectIdentifier[] getCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(true);
+    }
+
+    private ASN1ObjectIdentifier[] getExtensionOIDs(boolean isCritical)
+    {
+        Vector oidVec = new Vector();
+
+        for (int i = 0; i != ordering.size(); i++)
+        {
+            Object oid = ordering.elementAt(i);
+
+            if (((X509Extension)extensions.get(oid)).isCritical() == isCritical)
+            {
+                oidVec.addElement(oid);
+            }
+        }
+
+        return toOidArray(oidVec);
+    }
+
+    private ASN1ObjectIdentifier[] toOidArray(Vector oidVec)
+    {
+        ASN1ObjectIdentifier[] oids = new ASN1ObjectIdentifier[oidVec.size()];
+
+        for (int i = 0; i != oids.length; i++)
+        {
+            oids[i] = (ASN1ObjectIdentifier)oidVec.elementAt(i);
+        }
+        return oids;
+    }
 }
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509Name.java b/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
index ea221b6..89638dd 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
@@ -19,6 +19,7 @@
 import org.bouncycastle.asn1.DERString;
 import org.bouncycastle.asn1.DERUniversalString;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.encoders.Hex;
 
@@ -32,6 +33,7 @@
  *                                   type  OBJECT IDENTIFIER,
  *                                   value ANY }
  * </pre>
+ * @deprecated use org.bouncycastle.asn1.x500.X500Name.
  */
 public class X509Name
     extends ASN1Encodable
@@ -247,10 +249,10 @@
      */
     public static final Hashtable SymbolLookUp = DefaultLookUp;
 
-    // BEGIN android-removed
-    //private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility
-    //private static final Boolean FALSE = new Boolean(false);
-    // END android-removed
+    // BEGIN android-changed
+    private static final Boolean TRUE = Boolean.TRUE;
+    private static final Boolean FALSE = Boolean.FALSE;
+    // END android-changed
 
     static
     {
@@ -342,9 +344,9 @@
     }
 
     private X509NameEntryConverter  converter = null;
-    // BEGIN android-changed
-    private X509NameElementList     elems = new X509NameElementList();
-    // END android-changed
+    private Vector                  ordering = new Vector();
+    private Vector                  values = new Vector();
+    private Vector                  added = new Vector();
 
     private ASN1Sequence            seq;
 
@@ -372,14 +374,22 @@
         {
             return (X509Name)obj;
         }
-        else if (obj instanceof ASN1Sequence)
+        else if (obj instanceof X500Name)
         {
-            return new X509Name((ASN1Sequence)obj);
+            return new X509Name(ASN1Sequence.getInstance(((X500Name)obj).getDERObject()));
+        }
+        else if (obj != null)
+        {
+            return new X509Name(ASN1Sequence.getInstance(obj));
         }
 
-        throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName());
+        return null;
     }
 
+    protected X509Name()
+    {
+        // constructure use by new X500 Name class
+    }
     /**
      * Constructor from ASN1Sequence
      *
@@ -394,7 +404,7 @@
 
         while (e.hasMoreElements())
         {
-            ASN1Set         set = ASN1Set.getInstance(e.nextElement());
+            ASN1Set         set = ASN1Set.getInstance(((DEREncodable)e.nextElement()).getDERObject());
 
             for (int i = 0; i < set.size(); i++) 
             {
@@ -405,29 +415,27 @@
                        throw new IllegalArgumentException("badly sized pair");
                    }
 
-                   // BEGIN android-changed
-                   DERObjectIdentifier key = DERObjectIdentifier.getInstance(s.getObjectAt(0));
+                   ordering.addElement(DERObjectIdentifier.getInstance(s.getObjectAt(0)));
                    
                    DEREncodable value = s.getObjectAt(1);
-                   String valueStr;
                    if (value instanceof DERString && !(value instanceof DERUniversalString))
                    {
                        String v = ((DERString)value).getString();
                        if (v.length() > 0 && v.charAt(0) == '#')
                        {
-                           valueStr = "\\" + v;
+                           values.addElement("\\" + v);
                        }
                        else
                        {
-                           valueStr = v;
+                           values.addElement(v);
                        }
                    }
                    else
                    {
-                       valueStr = "#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded()));
+                       values.addElement("#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded())));
                    }
-                   boolean added = (i != 0);  // to allow earlier JDK compatibility
-                   elems.add(key, valueStr, added);
+                   // BEGIN android-changed
+                   added.addElement(Boolean.valueOf(i != 0));
                    // END android-changed
             }
         }
@@ -482,23 +490,14 @@
         Hashtable                attributes,
         X509NameEntryConverter   converter)
     {
-        // BEGIN android-changed
-        DERObjectIdentifier problem = null;
         this.converter = converter;
 
         if (ordering != null)
         {
             for (int i = 0; i != ordering.size(); i++)
             {
-                DERObjectIdentifier key =
-                    (DERObjectIdentifier) ordering.elementAt(i);
-                String value = (String) attributes.get(key);
-                if (value == null)
-                {
-                    problem = key;
-                    break;
-                }
-                elems.add(key, value);
+                this.ordering.addElement(ordering.elementAt(i));
+                this.added.addElement(FALSE);
             }
         }
         else
@@ -507,23 +506,22 @@
 
             while (e.hasMoreElements())
             {
-                DERObjectIdentifier key =
-                    (DERObjectIdentifier) e.nextElement();
-                String value = (String) attributes.get(key);
-                if (value == null)
-                {
-                    problem = key;
-                    break;
-                }
-                elems.add(key, value);
+                this.ordering.addElement(e.nextElement());
+                this.added.addElement(FALSE);
             }
         }
 
-        if (problem != null)
+        for (int i = 0; i != this.ordering.size(); i++)
         {
-            throw new IllegalArgumentException("No attribute for object id - " + problem.getId() + " - passed to distinguished name");
+            DERObjectIdentifier     oid = (DERObjectIdentifier)this.ordering.elementAt(i);
+
+            if (attributes.get(oid) == null)
+            {
+                throw new IllegalArgumentException("No attribute for object id - " + oid.getId() + " - passed to distinguished name");
+            }
+
+            this.values.addElement(attributes.get(oid)); // copy the hash table
         }
-        // END android-changed
     }
 
     /**
@@ -556,10 +554,9 @@
 
         for (int i = 0; i < oids.size(); i++)
         {
-            // BEGIN android-changed
-            elems.add((DERObjectIdentifier) oids.elementAt(i),
-                    (String) values.elementAt(i));
-            // END android-changed
+            this.ordering.addElement(oids.elementAt(i));
+            this.values.addElement(values.elementAt(i));
+            this.added.addElement(FALSE);
         }
     }
 
@@ -696,7 +693,9 @@
 
             if (index == -1)
             {
+                // BEGIN android-changed
                 throw new IllegalArgumentException("badly formatted directory string");
+                // END android-changed
             }
 
             String              name = token.substring(0, index);
@@ -708,9 +707,9 @@
                 X509NameTokenizer   vTok = new X509NameTokenizer(value, '+');
                 String  v = vTok.nextToken();
 
-                // BEGIN android-changed
-                this.elems.add(oid, v);
-                // END android-changed
+                this.ordering.addElement(oid);
+                this.values.addElement(v);
+                this.added.addElement(FALSE);
 
                 while (vTok.hasMoreTokens())
                 {
@@ -719,24 +718,48 @@
 
                     String  nm = sv.substring(0, ndx);
                     String  vl = sv.substring(ndx + 1);
-                    // BEGIN android-changed
-                    this.elems.add(decodeOID(nm, lookUp), vl, true);
-                    // END android-changed
+                    this.ordering.addElement(decodeOID(nm, lookUp));
+                    this.values.addElement(vl);
+                    this.added.addElement(TRUE);
                 }
             }
             else
             {
-                // BEGIN android-changed
-                this.elems.add(oid, value);
-                // END android-changed
+                this.ordering.addElement(oid);
+                this.values.addElement(value);
+                this.added.addElement(FALSE);
             }
         }
 
         if (reverse)
         {
-            // BEGIN android-changed
-            this.elems = this.elems.reverse();
-            // END android-changed
+            Vector  o = new Vector();
+            Vector  v = new Vector();
+            Vector  a = new Vector();
+
+            int count = 1;
+
+            for (int i = 0; i < this.ordering.size(); i++)
+            {
+                if (((Boolean)this.added.elementAt(i)).booleanValue())
+                {
+                    o.insertElementAt(this.ordering.elementAt(i), count);
+                    v.insertElementAt(this.values.elementAt(i), count);
+                    a.insertElementAt(this.added.elementAt(i), count);
+                    count++;
+                }
+                else
+                {
+                    o.insertElementAt(this.ordering.elementAt(i), 0);
+                    v.insertElementAt(this.values.elementAt(i), 0);
+                    a.insertElementAt(this.added.elementAt(i), 0);
+                    count = 1;
+                }
+            }
+
+            this.ordering = o;
+            this.values = v;
+            this.added = a;
         }
     }
 
@@ -745,17 +768,14 @@
      */
     public Vector getOIDs()
     {
-        // BEGIN android-changed
         Vector  v = new Vector();
-        int     size = elems.size();
 
-        for (int i = 0; i < size; i++)
+        for (int i = 0; i != ordering.size(); i++)
         {
-            v.addElement(elems.getKey(i));
+            v.addElement(ordering.elementAt(i));
         }
 
         return v;
-        // END android-changed
     }
 
     /**
@@ -765,14 +785,11 @@
     public Vector getValues()
     {
         Vector  v = new Vector();
-        // BEGIN android-changed
-        int     size = elems.size();
 
-        for (int i = 0; i != size; i++)
+        for (int i = 0; i != values.size(); i++)
         {
-            v.addElement(elems.getValue(i));
+            v.addElement(values.elementAt(i));
         }
-        // END android-changed
 
         return v;
     }
@@ -785,14 +802,12 @@
         DERObjectIdentifier oid)
     {
         Vector  v = new Vector();
-        int     size = elems.size();
-        // BEGIN android-changed
 
-        for (int i = 0; i != size; i++)
+        for (int i = 0; i != values.size(); i++)
         {
-            if (elems.getKey(i).equals(oid))
+            if (ordering.elementAt(i).equals(oid))
             {
-                String val = elems.getValue(i);
+                String val = (String)values.elementAt(i);
 
                 if (val.length() > 2 && val.charAt(0) == '\\' && val.charAt(1) == '#')
                 {
@@ -804,7 +819,6 @@
                 }
             }
         }
-        // END android-changed
 
         return v;
     }
@@ -816,23 +830,20 @@
             ASN1EncodableVector  vec = new ASN1EncodableVector();
             ASN1EncodableVector  sVec = new ASN1EncodableVector();
             DERObjectIdentifier  lstOid = null;
-            // BEGIN android-changed
-            int                  size = elems.size();
             
-            for (int i = 0; i != size; i++)
+            for (int i = 0; i != ordering.size(); i++)
             {
                 ASN1EncodableVector     v = new ASN1EncodableVector();
-                DERObjectIdentifier     oid = elems.getKey(i);
+                DERObjectIdentifier     oid = (DERObjectIdentifier)ordering.elementAt(i);
 
                 v.add(oid);
 
-                String  str = elems.getValue(i);
+                String  str = (String)values.elementAt(i);
 
                 v.add(converter.getConvertedValue(oid, str));
  
                 if (lstOid == null 
-                    || this.elems.getAdded(i))
-                // END android-changed
+                    || ((Boolean)this.added.elementAt(i)).booleanValue())
                 {
                     sVec.add(new DERSequence(v));
                 }
@@ -850,7 +861,6 @@
             vec.add(new DERSet(sVec));
             
             seq = new DERSequence(vec);
-            // END android-changed
         }
 
         return seq;
@@ -895,28 +905,22 @@
             return false;
         }
 
-        // BEGIN android-changed
-        int      orderingSize = elems.size();
+        int      orderingSize = ordering.size();
 
-        if (orderingSize != other.elems.size())
-        // END android-changed
+        if (orderingSize != other.ordering.size())
         {
             return false;
         }
 
         for (int i = 0; i < orderingSize; i++)
         {
-            // BEGIN android-changed
-            DERObjectIdentifier  oid = elems.getKey(i);
-            DERObjectIdentifier  oOid = other.elems.getKey(i);
-            // END android-changed
+            DERObjectIdentifier  oid = (DERObjectIdentifier)ordering.elementAt(i);
+            DERObjectIdentifier  oOid = (DERObjectIdentifier)other.ordering.elementAt(i);
 
             if (oid.equals(oOid))
             {
-                // BEGIN android-changed
-                String value = elems.getValue(i);
-                String oValue = other.elems.getValue(i);
-                // END android-changed
+                String value = (String)values.elementAt(i);
+                String oValue = (String)other.values.elementAt(i);
 
                 if (!equivalentStrings(value, oValue))
                 {
@@ -942,13 +946,14 @@
         isHashCodeCalculated = true;
 
         // this needs to be order independent, like equals
-        for (int i = 0; i != elems.size(); i += 1)
+        for (int i = 0; i != ordering.size(); i += 1)
         {
-            String value = (String)elems.getValue(i);
+            String value = (String)values.elementAt(i);
 
             value = canonicalize(value);
             value = stripInternalSpaces(value);
 
+            hashCodeValue ^= ordering.elementAt(i).hashCode();
             hashCodeValue ^= value.hashCode();
         }
 
@@ -988,11 +993,9 @@
             return false;
         }
 
-        // BEGIN android-changed
-        int      orderingSize = elems.size();
+        int      orderingSize = ordering.size();
 
-        if (orderingSize != other.elems.size())
-            // END android-changed
+        if (orderingSize != other.ordering.size())
         {
             return false;
         }
@@ -1000,9 +1003,7 @@
         boolean[] indexes = new boolean[orderingSize];
         int       start, end, delta;
 
-        // BEGIN android-changed
-        if (elems.getKey(0).equals(other.elems.getKey(0)))   // guess forward
-        // END android-changed
+        if (ordering.elementAt(0).equals(other.ordering.elementAt(0)))   // guess forward
         {
             start = 0;
             end = orderingSize;
@@ -1018,10 +1019,8 @@
         for (int i = start; i != end; i += delta)
         {
             boolean              found = false;
-            // BEGIN android-changed
-            DERObjectIdentifier  oid = elems.getKey(i);
-            String               value = elems.getValue(i);
-            // END android-changed
+            DERObjectIdentifier  oid = (DERObjectIdentifier)ordering.elementAt(i);
+            String               value = (String)values.elementAt(i);
 
             for (int j = 0; j < orderingSize; j++)
             {
@@ -1030,15 +1029,11 @@
                     continue;
                 }
 
-                // BEGIN android-changed
-                DERObjectIdentifier oOid = other.elems.getKey(j);
-                // END android-changed
+                DERObjectIdentifier oOid = (DERObjectIdentifier)other.ordering.elementAt(j);
 
                 if (oid.equals(oOid))
                 {
-                    // BEGIN android-changed
-                    String oValue = other.elems.getValue(j);
-                    // END android-changed
+                    String oValue = (String)other.values.elementAt(j);
 
                     if (equivalentStrings(value, oValue))
                     {
@@ -1203,36 +1198,28 @@
 
         StringBuffer ava = null;
 
-        // BEGIN android-changed
-        for (int i = 0; i < elems.size(); i++)
-        // END android-changed
+        for (int i = 0; i < ordering.size(); i++)
         {
-            if (elems.getAdded(i))
+            if (((Boolean)added.elementAt(i)).booleanValue())
             {
                 ava.append('+');
                 appendValue(ava, oidSymbols,
-                    // BEGIN android-changed
-                    elems.getKey(i),
-                    elems.getValue(i));
-                    // END android-changed
+                    (DERObjectIdentifier)ordering.elementAt(i),
+                    (String)values.elementAt(i));
             }
             else
             {
                 ava = new StringBuffer();
                 appendValue(ava, oidSymbols,
-                    // BEGIN android-changed
-                    elems.getKey(i),
-                    elems.getValue(i));
-                    // END android-changed
+                    (DERObjectIdentifier)ordering.elementAt(i),
+                    (String)values.elementAt(i));
                 components.addElement(ava);
             }
         }
 
         if (reverse)
         {
-            // BEGIN android-changed
-            for (int i = elems.size() - 1; i >= 0; i--)
-            // END android-changed
+            for (int i = components.size() - 1; i >= 0; i--)
             {
                 if (first)
                 {
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509NameElementList.java b/src/main/java/org/bouncycastle/asn1/x509/X509NameElementList.java
deleted file mode 100644
index 377fb8c..0000000
--- a/src/main/java/org/bouncycastle/asn1/x509/X509NameElementList.java
+++ /dev/null
@@ -1,206 +0,0 @@
-package org.bouncycastle.asn1.x509;
-
-import java.util.ArrayList;
-import java.util.BitSet;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-
-// BEGIN android-note
-// This class was extracted from X509Name as a way to keep the element
-// list in a more controlled fashion.
-// END android-note
-
-/**
- * List of elements of an X509 name. Each element has a key, a value, and
- * an "added" flag.
- */
-public class X509NameElementList {
-    /** null-ok; key #0 */
-    private DERObjectIdentifier key0;
-    
-    /** null-ok; key #1 */
-    private DERObjectIdentifier key1;
-
-    /** null-ok; key #2 */
-    private DERObjectIdentifier key2;
-
-    /** null-ok; key #3 */
-    private DERObjectIdentifier key3;
-    
-    /** null-ok; value #0 */
-    private String value0;
-    
-    /** null-ok; value #1 */
-    private String value1;
-
-    /** null-ok; value #2 */
-    private String value2;
-
-    /** null-ok; value #3 */
-    private String value3;
-    
-    /**
-     * null-ok; array of additional keys and values, alternating
-     * key then value, etc. 
-     */
-    private ArrayList<Object> rest;
-
-    /** bit vector for all the "added" bits */
-    private BitSet added = new BitSet();
-
-    /** &gt;= 0; number of elements in the list */
-    private int size;
-
-    // Note: Default public constructor.
-    
-    /**
-     * Adds an element. The "added" flag is set to false for the element.
-     * 
-     * @param key non-null; the key
-     * @param value non-null; the value
-     */
-    public void add(DERObjectIdentifier key, String value) {
-        add(key, value, false);
-    }
-
-    /**
-     * Adds an element.
-     * 
-     * @param key non-null; the key
-     * @param value non-null; the value
-     * @param added the added bit
-     */
-    public void add(DERObjectIdentifier key, String value, boolean added) {
-        if (key == null) {
-            throw new NullPointerException("key == null");
-        }
-
-        if (value == null) {
-            throw new NullPointerException("value == null");
-        }
-
-        int sz = size;
-
-        switch (sz) {
-            case 0: {
-                key0 = key;
-                value0 = value;
-                break;
-            }
-            case 1: {
-                key1 = key;
-                value1 = value;
-                break;
-            }
-            case 2: {
-                key2 = key;
-                value2 = value;
-                break;
-            }
-            case 3: {
-                key3 = key;
-                value3 = value;
-                break;
-            }
-            case 4: {
-                // Do initial allocation of rest.
-                rest = new ArrayList<Object>();
-                // Fall through...
-            }
-            default: {
-                rest.add(key);
-                rest.add(value);
-                break;
-            }
-        }
-
-        if (added) {
-            this.added.set(sz);
-        }
-        
-        size = sz + 1;
-    }
-
-    /**
-     * Sets the "added" flag on the most recently added element.
-     */
-    public void setLastAddedFlag() {
-        added.set(size - 1);
-    }
-
-    /**
-     * Gets the number of elements in this instance.
-     */
-    public int size() {
-        return size;
-    }
-    
-    /**
-     * Gets the nth key.
-     * 
-     * @param n index
-     * @return non-null; the nth key
-     */
-    public DERObjectIdentifier getKey(int n) {
-        if ((n < 0) || (n >= size)) {
-            throw new IndexOutOfBoundsException(Integer.toString(n));
-        }
-
-        switch (n) {
-            case 0: return key0;
-            case 1: return key1;
-            case 2: return key2;
-            case 3: return key3;
-            default: return (DERObjectIdentifier) rest.get((n - 4) * 2);
-        }
-    }
-
-    /**
-     * Gets the nth value.
-     * 
-     * @param n index
-     * @return non-null; the nth value
-     */
-    public String getValue(int n) {
-        if ((n < 0) || (n >= size)) {
-            throw new IndexOutOfBoundsException(Integer.toString(n));
-        }
-
-        switch (n) {
-            case 0: return value0;
-            case 1: return value1;
-            case 2: return value2;
-            case 3: return value3;
-            default: return (String) rest.get(((n - 4) * 2) + 1);
-        }
-    }
-
-    /**
-     * Gets the nth added flag bit.
-     * 
-     * @param n index
-     * @return the nth added flag bit
-     */
-    public boolean getAdded(int n) {
-        if ((n < 0) || (n >= size)) {
-            throw new IndexOutOfBoundsException(Integer.toString(n));
-        }
-
-        return added.get(n);
-    }
-
-    /**
-     * Constructs and returns a new instance which consists of the
-     * elements of this one in reverse order
-     * 
-     * @return non-null; the reversed instance
-     */
-    public X509NameElementList reverse() {
-        X509NameElementList result = new X509NameElementList();
-            
-        for (int i = size - 1; i >= 0; i--) {
-            result.add(getKey(i), getValue(i), getAdded(i));
-        }
-
-        return result;
-    }
-}
diff --git a/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java
index cbf7b76..b1e0ed1 100644
--- a/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java
@@ -1,6 +1,6 @@
 package org.bouncycastle.asn1.x509;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 public interface X509ObjectIdentifiers
 {
@@ -9,54 +9,54 @@
     //
     static final String                 id                      = "2.5.4";
 
-    static final DERObjectIdentifier    commonName              = new DERObjectIdentifier(id + ".3");
-    static final DERObjectIdentifier    countryName             = new DERObjectIdentifier(id + ".6");
-    static final DERObjectIdentifier    localityName            = new DERObjectIdentifier(id + ".7");
-    static final DERObjectIdentifier    stateOrProvinceName     = new DERObjectIdentifier(id + ".8");
-    static final DERObjectIdentifier    organization            = new DERObjectIdentifier(id + ".10");
-    static final DERObjectIdentifier    organizationalUnitName  = new DERObjectIdentifier(id + ".11");
+    static final ASN1ObjectIdentifier    commonName              = new ASN1ObjectIdentifier(id + ".3");
+    static final ASN1ObjectIdentifier    countryName             = new ASN1ObjectIdentifier(id + ".6");
+    static final ASN1ObjectIdentifier    localityName            = new ASN1ObjectIdentifier(id + ".7");
+    static final ASN1ObjectIdentifier    stateOrProvinceName     = new ASN1ObjectIdentifier(id + ".8");
+    static final ASN1ObjectIdentifier    organization            = new ASN1ObjectIdentifier(id + ".10");
+    static final ASN1ObjectIdentifier    organizationalUnitName  = new ASN1ObjectIdentifier(id + ".11");
 
-    static final DERObjectIdentifier    id_at_telephoneNumber   = new DERObjectIdentifier("2.5.4.20");
-    static final DERObjectIdentifier    id_at_name              = new DERObjectIdentifier(id + ".41");
+    static final ASN1ObjectIdentifier    id_at_telephoneNumber   = new ASN1ObjectIdentifier("2.5.4.20");
+    static final ASN1ObjectIdentifier    id_at_name              = new ASN1ObjectIdentifier(id + ".41");
 
     // id-SHA1 OBJECT IDENTIFIER ::=    
     //   {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 }    //
-    static final DERObjectIdentifier    id_SHA1                 = new DERObjectIdentifier("1.3.14.3.2.26");
+    static final ASN1ObjectIdentifier    id_SHA1                 = new ASN1ObjectIdentifier("1.3.14.3.2.26");
 
     //
     // ripemd160 OBJECT IDENTIFIER ::=
     //      {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) hashAlgorithm(2) RIPEMD-160(1)}
     //
-    static final DERObjectIdentifier    ripemd160               = new DERObjectIdentifier("1.3.36.3.2.1");
+    static final ASN1ObjectIdentifier    ripemd160               = new ASN1ObjectIdentifier("1.3.36.3.2.1");
 
     //
     // ripemd160WithRSAEncryption OBJECT IDENTIFIER ::=
     //      {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) rsaSignatureWithripemd160(2) }
     //
-    static final DERObjectIdentifier    ripemd160WithRSAEncryption = new DERObjectIdentifier("1.3.36.3.3.1.2");
+    static final ASN1ObjectIdentifier    ripemd160WithRSAEncryption = new ASN1ObjectIdentifier("1.3.36.3.3.1.2");
 
 
-    static final DERObjectIdentifier    id_ea_rsa = new DERObjectIdentifier("2.5.8.1.1");
+    static final ASN1ObjectIdentifier    id_ea_rsa = new ASN1ObjectIdentifier("2.5.8.1.1");
     
     // id-pkix
-    static final DERObjectIdentifier id_pkix = new DERObjectIdentifier("1.3.6.1.5.5.7");
+    static final ASN1ObjectIdentifier id_pkix = new ASN1ObjectIdentifier("1.3.6.1.5.5.7");
 
     //
     // private internet extensions
     //
-    static final DERObjectIdentifier  id_pe = new DERObjectIdentifier(id_pkix + ".1");
+    static final ASN1ObjectIdentifier  id_pe = new ASN1ObjectIdentifier(id_pkix + ".1");
 
     //
     // authority information access
     //
-    static final DERObjectIdentifier  id_ad = new DERObjectIdentifier(id_pkix + ".48");
-    static final DERObjectIdentifier  id_ad_caIssuers = new DERObjectIdentifier(id_ad + ".2");
-    static final DERObjectIdentifier  id_ad_ocsp = new DERObjectIdentifier(id_ad + ".1");
+    static final ASN1ObjectIdentifier  id_ad = new ASN1ObjectIdentifier(id_pkix + ".48");
+    static final ASN1ObjectIdentifier  id_ad_caIssuers = new ASN1ObjectIdentifier(id_ad + ".2");
+    static final ASN1ObjectIdentifier  id_ad_ocsp = new ASN1ObjectIdentifier(id_ad + ".1");
 
     //
     //    OID for ocsp and crl uri in AuthorityInformationAccess extension
     //
-    static final DERObjectIdentifier ocspAccessMethod = id_ad_ocsp;
-    static final DERObjectIdentifier crlAccessMethod = id_ad_caIssuers;
+    static final ASN1ObjectIdentifier ocspAccessMethod = id_ad_ocsp;
+    static final ASN1ObjectIdentifier crlAccessMethod = id_ad_caIssuers;
 }
 
diff --git a/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java b/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
new file mode 100644
index 0000000..7867090
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
@@ -0,0 +1,139 @@
+package org.bouncycastle.asn1.x9;
+
+import java.util.Enumeration;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+
+public class DHDomainParameters
+    extends ASN1Encodable
+{
+    private DERInteger p, g, q, j;
+    private DHValidationParms validationParms;
+
+    public static DHDomainParameters getInstance(ASN1TaggedObject obj, boolean explicit)
+    {
+        return getInstance(ASN1Sequence.getInstance(obj, explicit));
+    }
+
+    public static DHDomainParameters getInstance(Object obj)
+    {
+        if (obj == null || obj instanceof DHDomainParameters)
+        {
+            return (DHDomainParameters)obj;
+        }
+
+        if (obj instanceof ASN1Sequence)
+        {
+            return new DHDomainParameters((ASN1Sequence)obj);
+        }
+
+        throw new IllegalArgumentException("Invalid DHDomainParameters: "
+            + obj.getClass().getName());
+    }
+
+    public DHDomainParameters(DERInteger p, DERInteger g, DERInteger q, DERInteger j,
+        DHValidationParms validationParms)
+    {
+        if (p == null)
+        {
+            throw new IllegalArgumentException("'p' cannot be null");
+        }
+        if (g == null)
+        {
+            throw new IllegalArgumentException("'g' cannot be null");
+        }
+        if (q == null)
+        {
+            throw new IllegalArgumentException("'q' cannot be null");
+        }
+
+        this.p = p;
+        this.g = g;
+        this.q = q;
+        this.j = j;
+        this.validationParms = validationParms;
+    }
+
+    private DHDomainParameters(ASN1Sequence seq)
+    {
+        if (seq.size() < 3 || seq.size() > 5)
+        {
+            throw new IllegalArgumentException("Bad sequence size: " + seq.size());
+        }
+
+        Enumeration e = seq.getObjects();
+        this.p = DERInteger.getInstance(e.nextElement());
+        this.g = DERInteger.getInstance(e.nextElement());
+        this.q = DERInteger.getInstance(e.nextElement());
+
+        DEREncodable next = getNext(e);
+
+        if (next != null && next instanceof DERInteger)
+        {
+            this.j = DERInteger.getInstance(next);
+            next = getNext(e);
+        }
+
+        if (next != null)
+        {
+            this.validationParms = DHValidationParms.getInstance(next.getDERObject());
+        }
+    }
+
+    private static DEREncodable getNext(Enumeration e)
+    {
+        return e.hasMoreElements() ? (DEREncodable)e.nextElement() : null;
+    }
+
+    public DERInteger getP()
+    {
+        return this.p;
+    }
+
+    public DERInteger getG()
+    {
+        return this.g;
+    }
+
+    public DERInteger getQ()
+    {
+        return this.q;
+    }
+
+    public DERInteger getJ()
+    {
+        return this.j;
+    }
+
+    public DHValidationParms getValidationParms()
+    {
+        return this.validationParms;
+    }
+
+    public DERObject toASN1Object()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+        v.add(this.p);
+        v.add(this.g);
+        v.add(this.q);
+
+        if (this.j != null)
+        {
+            v.add(this.j);
+        }
+
+        if (this.validationParms != null)
+        {
+            v.add(this.validationParms);
+        }
+
+        return new DERSequence(v);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java b/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java
new file mode 100644
index 0000000..daafbeb
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/DHPublicKey.java
@@ -0,0 +1,52 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+
+public class DHPublicKey
+    extends ASN1Encodable
+{
+    private DERInteger y;
+
+    public static DHPublicKey getInstance(ASN1TaggedObject obj, boolean explicit)
+    {
+        return getInstance(DERInteger.getInstance(obj, explicit));
+    }
+
+    public static DHPublicKey getInstance(Object obj)
+    {
+        if (obj == null || obj instanceof DHPublicKey)
+        {
+            return (DHPublicKey)obj;
+        }
+
+        if (obj instanceof DERInteger)
+        {
+            return new DHPublicKey((DERInteger)obj);
+        }
+
+        throw new IllegalArgumentException("Invalid DHPublicKey: " + obj.getClass().getName());
+    }
+
+    public DHPublicKey(DERInteger y)
+    {
+        if (y == null)
+        {
+            throw new IllegalArgumentException("'y' cannot be null");
+        }
+
+        this.y = y;
+    }
+
+    public DERInteger getY()
+    {
+        return this.y;
+    }
+
+    public DERObject toASN1Object()
+    {
+        return this.y;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java b/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java
new file mode 100644
index 0000000..e801e1c
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/DHValidationParms.java
@@ -0,0 +1,80 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+
+public class DHValidationParms extends ASN1Encodable
+{
+    private DERBitString seed;
+    private DERInteger pgenCounter;
+
+    public static DHValidationParms getInstance(ASN1TaggedObject obj, boolean explicit)
+    {
+        return getInstance(ASN1Sequence.getInstance(obj, explicit));
+    }
+
+    public static DHValidationParms getInstance(Object obj)
+    {
+        if (obj == null || obj instanceof DHDomainParameters)
+        {
+            return (DHValidationParms)obj;
+        }
+
+        if (obj instanceof ASN1Sequence)
+        {
+            return new DHValidationParms((ASN1Sequence)obj);
+        }
+
+        throw new IllegalArgumentException("Invalid DHValidationParms: " + obj.getClass().getName());
+    }
+
+    public DHValidationParms(DERBitString seed, DERInteger pgenCounter)
+    {
+        if (seed == null)
+        {
+            throw new IllegalArgumentException("'seed' cannot be null");
+        }
+        if (pgenCounter == null)
+        {
+            throw new IllegalArgumentException("'pgenCounter' cannot be null");
+        }
+
+        this.seed = seed;
+        this.pgenCounter = pgenCounter;
+    }
+
+    private DHValidationParms(ASN1Sequence seq)
+    {
+        if (seq.size() != 2)
+        {
+            throw new IllegalArgumentException("Bad sequence size: " + seq.size());
+        }
+
+        this.seed = DERBitString.getInstance(seq.getObjectAt(0));
+        this.pgenCounter = DERInteger.getInstance(seq.getObjectAt(1));
+    }
+
+    public DERBitString getSeed()
+    {
+        return this.seed;
+    }
+
+    public DERInteger getPgenCounter()
+    {
+        return this.pgenCounter;
+    }
+
+    public DERObject toASN1Object()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+        v.add(this.seed);
+        v.add(this.pgenCounter);
+        return new DERSequence(v);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java b/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java
new file mode 100644
index 0000000..bda8dad
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java
@@ -0,0 +1,621 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+
+import java.math.BigInteger;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+
+/**
+ * table of the current named curves defined in X.962 EC-DSA.
+ */
+public class X962NamedCurves
+{
+    static X9ECParametersHolder prime192v1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            ECCurve cFp192v1 = new ECCurve.Fp(
+                new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
+                new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
+                new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16));
+
+            return new X9ECParameters(
+                cFp192v1,
+                cFp192v1.decodePoint(
+                    Hex.decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")),
+                new BigInteger("ffffffffffffffffffffffff99def836146bc9b1b4d22831", 16),
+                BigInteger.valueOf(1),
+                Hex.decode("3045AE6FC8422f64ED579528D38120EAE12196D5"));
+        }
+    };
+
+    static X9ECParametersHolder prime192v2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            ECCurve cFp192v2 = new ECCurve.Fp(
+                new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
+                new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
+                new BigInteger("cc22d6dfb95c6b25e49c0d6364a4e5980c393aa21668d953", 16));
+
+            return new X9ECParameters(
+                cFp192v2,
+                cFp192v2.decodePoint(
+                    Hex.decode("03eea2bae7e1497842f2de7769cfe9c989c072ad696f48034a")),
+                new BigInteger("fffffffffffffffffffffffe5fb1a724dc80418648d8dd31", 16),
+                BigInteger.valueOf(1),
+                Hex.decode("31a92ee2029fd10d901b113e990710f0d21ac6b6"));
+        }
+    };
+
+    static X9ECParametersHolder prime192v3 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            ECCurve cFp192v3 = new ECCurve.Fp(
+                new BigInteger("6277101735386680763835789423207666416083908700390324961279"),
+                new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16),
+                new BigInteger("22123dc2395a05caa7423daeccc94760a7d462256bd56916", 16));
+
+            return new X9ECParameters(
+                cFp192v3,
+                cFp192v3.decodePoint(
+                    Hex.decode("027d29778100c65a1da1783716588dce2b8b4aee8e228f1896")),
+                new BigInteger("ffffffffffffffffffffffff7a62d031c83f4294f640ec13", 16),
+                BigInteger.valueOf(1),
+                Hex.decode("c469684435deb378c4b65ca9591e2a5763059a2e"));
+        }
+    };
+
+    static X9ECParametersHolder prime239v1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            ECCurve cFp239v1 = new ECCurve.Fp(
+                new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
+                new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
+                new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16));
+
+            return new X9ECParameters(
+                cFp239v1,
+                cFp239v1.decodePoint(
+                    Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")),
+                new BigInteger("7fffffffffffffffffffffff7fffff9e5e9a9f5d9071fbd1522688909d0b", 16),
+                BigInteger.valueOf(1),
+                Hex.decode("e43bb460f0b80cc0c0b075798e948060f8321b7d"));
+        }
+    };
+
+    static X9ECParametersHolder prime239v2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            ECCurve cFp239v2 = new ECCurve.Fp(
+                new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
+                new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
+                new BigInteger("617fab6832576cbbfed50d99f0249c3fee58b94ba0038c7ae84c8c832f2c", 16));
+
+            return new X9ECParameters(
+                cFp239v2,
+                cFp239v2.decodePoint(
+                    Hex.decode("0238af09d98727705120c921bb5e9e26296a3cdcf2f35757a0eafd87b830e7")),
+                new BigInteger("7fffffffffffffffffffffff800000cfa7e8594377d414c03821bc582063", 16),
+                BigInteger.valueOf(1),
+                Hex.decode("e8b4011604095303ca3b8099982be09fcb9ae616"));
+        }
+    };
+
+    static X9ECParametersHolder prime239v3 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            ECCurve cFp239v3 = new ECCurve.Fp(
+                new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"),
+                new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16),
+                new BigInteger("255705fa2a306654b1f4cb03d6a750a30c250102d4988717d9ba15ab6d3e", 16));
+
+            return new X9ECParameters(
+                cFp239v3,
+                cFp239v3.decodePoint(
+                    Hex.decode("036768ae8e18bb92cfcf005c949aa2c6d94853d0e660bbf854b1c9505fe95a")),
+                new BigInteger("7fffffffffffffffffffffff7fffff975deb41b3a6057c3c432146526551", 16),
+                BigInteger.valueOf(1),
+                Hex.decode("7d7374168ffe3471b60a857686a19475d3bfa2ff"));
+        }
+    };
+
+    static X9ECParametersHolder prime256v1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            ECCurve cFp256v1 = new ECCurve.Fp(
+                new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853951"),
+                new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16),
+                new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16));
+
+            return new X9ECParameters(
+                cFp256v1,
+                cFp256v1.decodePoint(
+                    Hex.decode("036b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296")),
+                new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16),
+                BigInteger.valueOf(1),
+                Hex.decode("c49d360886e704936a6678e1139d26b7819f7e90"));
+        }
+    };
+
+    /*
+     * F2m Curves
+     */
+    static X9ECParametersHolder c2pnb163v1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m163v1n = new BigInteger("0400000000000000000001E60FC8821CC74DAEAFC1", 16);
+            BigInteger c2m163v1h = BigInteger.valueOf(2);
+
+            ECCurve c2m163v1 = new ECCurve.F2m(
+                163,
+                1, 2, 8,
+                new BigInteger("072546B5435234A422E0789675F432C89435DE5242", 16),
+                new BigInteger("00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", 16),
+                c2m163v1n, c2m163v1h);
+
+            return new X9ECParameters(
+                c2m163v1,
+                c2m163v1.decodePoint(
+                    Hex.decode("0307AF69989546103D79329FCC3D74880F33BBE803CB")),
+                c2m163v1n, c2m163v1h,
+                Hex.decode("D2COFB15760860DEF1EEF4D696E6768756151754"));
+        }
+    };
+
+    static X9ECParametersHolder c2pnb163v2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m163v2n = new BigInteger("03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 16);
+            BigInteger c2m163v2h = BigInteger.valueOf(2);
+
+            ECCurve c2m163v2 = new ECCurve.F2m(
+                163,
+                1, 2, 8,
+                new BigInteger("0108B39E77C4B108BED981ED0E890E117C511CF072", 16),
+                new BigInteger("0667ACEB38AF4E488C407433FFAE4F1C811638DF20", 16),
+                c2m163v2n, c2m163v2h);
+
+            return new X9ECParameters(
+                c2m163v2,
+                c2m163v2.decodePoint(
+                    Hex.decode("030024266E4EB5106D0A964D92C4860E2671DB9B6CC5")),
+                c2m163v2n, c2m163v2h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2pnb163v3 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m163v3n = new BigInteger("03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 16);
+            BigInteger c2m163v3h = BigInteger.valueOf(2);
+
+            ECCurve c2m163v3 = new ECCurve.F2m(
+                163,
+                1, 2, 8,
+                new BigInteger("07A526C63D3E25A256A007699F5447E32AE456B50E", 16),
+                new BigInteger("03F7061798EB99E238FD6F1BF95B48FEEB4854252B", 16),
+                c2m163v3n, c2m163v3h);
+
+            return new X9ECParameters(
+                c2m163v3,
+                c2m163v3.decodePoint(
+                    Hex.decode("0202F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB")),
+                c2m163v3n, c2m163v3h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2pnb176w1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m176w1n = new BigInteger("010092537397ECA4F6145799D62B0A19CE06FE26AD", 16);
+            BigInteger c2m176w1h = BigInteger.valueOf(0xFF6E);
+
+            ECCurve c2m176w1 = new ECCurve.F2m(
+                176,
+                1, 2, 43,
+                new BigInteger("00E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", 16),
+                new BigInteger("005DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", 16),
+                c2m176w1n, c2m176w1h);
+
+            return new X9ECParameters(
+                c2m176w1,
+                c2m176w1.decodePoint(
+                    Hex.decode("038D16C2866798B600F9F08BB4A8E860F3298CE04A5798")),
+                c2m176w1n, c2m176w1h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2tnb191v1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m191v1n = new BigInteger("40000000000000000000000004A20E90C39067C893BBB9A5", 16);
+            BigInteger c2m191v1h = BigInteger.valueOf(2);
+
+            ECCurve c2m191v1 = new ECCurve.F2m(
+                191,
+                9,
+                new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16),
+                new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16),
+                c2m191v1n, c2m191v1h);
+
+            return new X9ECParameters(
+                c2m191v1,
+                c2m191v1.decodePoint(
+                    Hex.decode("0236B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D")),
+                c2m191v1n, c2m191v1h,
+                Hex.decode("4E13CA542744D696E67687561517552F279A8C84"));
+        }
+    };
+
+    static X9ECParametersHolder c2tnb191v2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m191v2n = new BigInteger("20000000000000000000000050508CB89F652824E06B8173", 16);
+            BigInteger c2m191v2h = BigInteger.valueOf(4);
+
+            ECCurve c2m191v2 = new ECCurve.F2m(
+                191,
+                9,
+                new BigInteger("401028774D7777C7B7666D1366EA432071274F89FF01E718", 16),
+                new BigInteger("0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", 16),
+                c2m191v2n, c2m191v2h);
+
+            return new X9ECParameters(
+                c2m191v2,
+                c2m191v2.decodePoint(
+                    Hex.decode("023809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10")),
+                c2m191v2n, c2m191v2h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2tnb191v3 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m191v3n = new BigInteger("155555555555555555555555610C0B196812BFB6288A3EA3", 16);
+            BigInteger c2m191v3h = BigInteger.valueOf(6);
+
+            ECCurve c2m191v3 = new ECCurve.F2m(
+                191,
+                9,
+                new BigInteger("6C01074756099122221056911C77D77E77A777E7E7E77FCB", 16),
+                new BigInteger("71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", 16),
+                c2m191v3n, c2m191v3h);
+
+            return new X9ECParameters(
+                c2m191v3,
+                c2m191v3.decodePoint(
+                    Hex.decode("03375D4CE24FDE434489DE8746E71786015009E66E38A926DD")),
+                c2m191v3n, c2m191v3h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2pnb208w1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m208w1n = new BigInteger("0101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 16);
+            BigInteger c2m208w1h = BigInteger.valueOf(0xFE48);
+
+            ECCurve c2m208w1 = new ECCurve.F2m(
+                208,
+                1, 2, 83,
+                new BigInteger("0", 16),
+                new BigInteger("00C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", 16),
+                c2m208w1n, c2m208w1h);
+
+            return new X9ECParameters(
+                c2m208w1,
+                c2m208w1.decodePoint(
+                    Hex.decode("0289FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A")),
+                c2m208w1n, c2m208w1h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2tnb239v1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m239v1n = new BigInteger("2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 16);
+            BigInteger c2m239v1h = BigInteger.valueOf(4);
+
+            ECCurve c2m239v1 = new ECCurve.F2m(
+                239,
+                36,
+                new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16),
+                new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16),
+                c2m239v1n, c2m239v1h);
+
+            return new X9ECParameters(
+                c2m239v1,
+                c2m239v1.decodePoint(
+                    Hex.decode("0257927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D")),
+                c2m239v1n, c2m239v1h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2tnb239v2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m239v2n = new BigInteger("1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 16);
+            BigInteger c2m239v2h = BigInteger.valueOf(6);
+
+            ECCurve c2m239v2 = new ECCurve.F2m(
+                239,
+                36,
+                new BigInteger("4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", 16),
+                new BigInteger("5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", 16),
+                c2m239v2n, c2m239v2h);
+
+            return new X9ECParameters(
+                c2m239v2,
+                c2m239v2.decodePoint(
+                    Hex.decode("0228F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205")),
+                c2m239v2n, c2m239v2h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2tnb239v3 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m239v3n = new BigInteger("0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 16);
+            BigInteger c2m239v3h = BigInteger.valueOf(10);
+
+            ECCurve c2m239v3 = new ECCurve.F2m(
+                239,
+                36,
+                new BigInteger("01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", 16),
+                new BigInteger("6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", 16),
+                c2m239v3n, c2m239v3h);
+
+            return new X9ECParameters(
+                c2m239v3,
+                c2m239v3.decodePoint(
+                    Hex.decode("0370F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92")),
+                c2m239v3n, c2m239v3h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2pnb272w1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m272w1n = new BigInteger("0100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", 16);
+            BigInteger c2m272w1h = BigInteger.valueOf(0xFF06);
+
+            ECCurve c2m272w1 = new ECCurve.F2m(
+                272,
+                1, 3, 56,
+                new BigInteger("0091A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", 16),
+                new BigInteger("7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", 16),
+                c2m272w1n, c2m272w1h);
+
+            return new X9ECParameters(
+                c2m272w1,
+                c2m272w1.decodePoint(
+                    Hex.decode("026108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D")),
+                c2m272w1n, c2m272w1h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2pnb304w1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m304w1n = new BigInteger("0101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", 16);
+            BigInteger c2m304w1h = BigInteger.valueOf(0xFE2E);
+
+            ECCurve c2m304w1 = new ECCurve.F2m(
+                304,
+                1, 2, 11,
+                new BigInteger("00FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", 16),
+                new BigInteger("00BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", 16),
+                c2m304w1n, c2m304w1h);
+
+            return new X9ECParameters(
+                c2m304w1,
+                c2m304w1.decodePoint(
+                    Hex.decode("02197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F740A2614")),
+                c2m304w1n, c2m304w1h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2tnb359v1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m359v1n = new BigInteger("01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", 16);
+            BigInteger c2m359v1h = BigInteger.valueOf(0x4C);
+
+            ECCurve c2m359v1 = new ECCurve.F2m(
+                359,
+                68,
+                new BigInteger("5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", 16),
+                new BigInteger("2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", 16),
+                c2m359v1n, c2m359v1h);
+
+            return new X9ECParameters(
+                c2m359v1,
+                c2m359v1.decodePoint(
+                    Hex.decode("033C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE98E8E707C07A2239B1B097")),
+                c2m359v1n, c2m359v1h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2pnb368w1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m368w1n = new BigInteger("010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", 16);
+            BigInteger c2m368w1h = BigInteger.valueOf(0xFF70);
+
+            ECCurve c2m368w1 = new ECCurve.F2m(
+                368,
+                1, 2, 85,
+                new BigInteger("00E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", 16),
+                new BigInteger("00FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", 16),
+                c2m368w1n, c2m368w1h);
+
+            return new X9ECParameters(
+                c2m368w1,
+                c2m368w1.decodePoint(
+                    Hex.decode("021085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E789E927BE216F02E1FB136A5F")),
+                c2m368w1n, c2m368w1h,
+                null);
+        }
+    };
+
+    static X9ECParametersHolder c2tnb431r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            BigInteger c2m431r1n = new BigInteger("0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", 16);
+            BigInteger c2m431r1h = BigInteger.valueOf(0x2760);
+
+            ECCurve c2m431r1 = new ECCurve.F2m(
+                431,
+                120,
+                new BigInteger("1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", 16),
+                new BigInteger("10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", 16),
+                c2m431r1n, c2m431r1h);
+
+            return new X9ECParameters(
+                c2m431r1,
+                c2m431r1.decodePoint(
+                    Hex.decode("02120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C21E7C5EFE965361F6C2999C0C247B0DBD70CE6B7")),
+                c2m431r1n, c2m431r1h,
+                null);
+        }
+    };
+
+    static final Hashtable objIds = new Hashtable();
+    static final Hashtable curves = new Hashtable();
+    static final Hashtable names = new Hashtable();
+
+    static void defineCurve(String name, DERObjectIdentifier oid, X9ECParametersHolder holder)
+    {
+        objIds.put(name, oid);
+        names.put(oid, name);
+        curves.put(oid, holder);
+    }
+
+    static
+    {
+        defineCurve("prime192v1", X9ObjectIdentifiers.prime192v1, prime192v1);
+        defineCurve("prime192v2", X9ObjectIdentifiers.prime192v2, prime192v2);
+        defineCurve("prime192v3", X9ObjectIdentifiers.prime192v3, prime192v3);
+        defineCurve("prime239v1", X9ObjectIdentifiers.prime239v1, prime239v1);
+        defineCurve("prime239v2", X9ObjectIdentifiers.prime239v2, prime239v2);
+        defineCurve("prime239v3", X9ObjectIdentifiers.prime239v3, prime239v3);
+        defineCurve("prime256v1", X9ObjectIdentifiers.prime256v1, prime256v1);
+        defineCurve("c2pnb163v1", X9ObjectIdentifiers.c2pnb163v1, c2pnb163v1);
+        defineCurve("c2pnb163v2", X9ObjectIdentifiers.c2pnb163v2, c2pnb163v2);
+        defineCurve("c2pnb163v3", X9ObjectIdentifiers.c2pnb163v3, c2pnb163v3);
+        defineCurve("c2pnb176w1", X9ObjectIdentifiers.c2pnb176w1, c2pnb176w1);
+        defineCurve("c2tnb191v1", X9ObjectIdentifiers.c2tnb191v1, c2tnb191v1);
+        defineCurve("c2tnb191v2", X9ObjectIdentifiers.c2tnb191v2, c2tnb191v2);
+        defineCurve("c2tnb191v3", X9ObjectIdentifiers.c2tnb191v3, c2tnb191v3);
+        defineCurve("c2pnb208w1", X9ObjectIdentifiers.c2pnb208w1, c2pnb208w1);
+        defineCurve("c2tnb239v1", X9ObjectIdentifiers.c2tnb239v1, c2tnb239v1);
+        defineCurve("c2tnb239v2", X9ObjectIdentifiers.c2tnb239v2, c2tnb239v2);
+        defineCurve("c2tnb239v3", X9ObjectIdentifiers.c2tnb239v3, c2tnb239v3);
+        defineCurve("c2pnb272w1", X9ObjectIdentifiers.c2pnb272w1, c2pnb272w1);
+        defineCurve("c2pnb304w1", X9ObjectIdentifiers.c2pnb304w1, c2pnb304w1);
+        defineCurve("c2tnb359v1", X9ObjectIdentifiers.c2tnb359v1, c2tnb359v1);
+        defineCurve("c2pnb368w1", X9ObjectIdentifiers.c2pnb368w1, c2pnb368w1);
+        defineCurve("c2tnb431r1", X9ObjectIdentifiers.c2tnb431r1, c2tnb431r1);
+    }
+
+    public static X9ECParameters getByName(
+        String name)
+    {
+        DERObjectIdentifier oid = (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name));
+
+        if (oid != null)
+        {
+            return getByOID(oid);
+        }
+
+        return null;
+    }
+
+    /**
+     * return the X9ECParameters object for the named curve represented by
+     * the passed in object identifier. Null if the curve isn't present.
+     *
+     * @param oid an object identifier representing a named curve, if present.
+     */
+    public static X9ECParameters getByOID(
+        DERObjectIdentifier oid)
+    {
+        X9ECParametersHolder holder = (X9ECParametersHolder)curves.get(oid);
+
+        if (holder != null)
+        {
+            return holder.getParameters();
+        }
+
+        return null;
+    }
+
+    /**
+     * return the object identifier signified by the passed in name. Null
+     * if there is no object identifier associated with name.
+     *
+     * @return the object identifier associated with name, if present.
+     */
+    public static DERObjectIdentifier getOID(
+        String name)
+    {
+        return (DERObjectIdentifier)objIds.get(Strings.toLowerCase(name));
+    }
+
+    /**
+     * return the named curve name represented by the given object identifier.
+     */
+    public static String getName(
+        DERObjectIdentifier oid)
+    {
+        return (String)names.get(oid);
+    }
+
+    /**
+     * returns an enumeration containing the name strings for curves
+     * contained in this structure.
+     */
+    public static Enumeration getNames()
+    {
+        return objIds.keys();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java b/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
new file mode 100644
index 0000000..de35186
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
@@ -0,0 +1,86 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.ASN1Choice;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Null;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+
+public class X962Parameters
+    extends ASN1Encodable
+    implements ASN1Choice
+{
+    private DERObject           params = null;
+
+    public static X962Parameters getInstance(
+        Object obj)
+    {
+        if (obj == null || obj instanceof X962Parameters) 
+        {
+            return (X962Parameters)obj;
+        }
+        
+        if (obj instanceof DERObject) 
+        {
+            return new X962Parameters((DERObject)obj);
+        }
+        
+        throw new IllegalArgumentException("unknown object in getInstance()");
+    }
+    
+    public static X962Parameters getInstance(
+        ASN1TaggedObject obj,
+        boolean          explicit)
+    {
+        return getInstance(obj.getObject()); // must be explicitly tagged
+    }
+    
+    public X962Parameters(
+        X9ECParameters      ecParameters)
+    {
+        this.params = ecParameters.getDERObject();
+    }
+
+    public X962Parameters(
+        DERObjectIdentifier  namedCurve)
+    {
+        this.params = namedCurve;
+    }
+
+    public X962Parameters(
+        DERObject           obj)
+    {
+        this.params = obj;
+    }
+
+    public boolean isNamedCurve()
+    {
+        return (params instanceof DERObjectIdentifier);
+    }
+
+    public boolean isImplicitlyCA()
+    {
+        return (params instanceof ASN1Null);
+    }
+
+    public DERObject getParameters()
+    {
+        return params;
+    }
+
+    /**
+     * Produce an object suitable for an ASN1OutputStream.
+     * <pre>
+     * Parameters ::= CHOICE {
+     *    ecParameters ECParameters,
+     *    namedCurve   CURVES.&id({CurveNames}),
+     *    implicitlyCA NULL
+     * }
+     * </pre>
+     */
+    public DERObject toASN1Object()
+    {
+        return params;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java b/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java
new file mode 100644
index 0000000..8f46c07
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9Curve.java
@@ -0,0 +1,161 @@
+package org.bouncycastle.asn1.x9;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.math.ec.ECCurve;
+
+/**
+ * ASN.1 def for Elliptic-Curve Curve structure. See
+ * X9.62, for further details.
+ */
+public class X9Curve
+    extends ASN1Encodable
+    implements X9ObjectIdentifiers
+{
+    private ECCurve     curve;
+    private byte[]      seed;
+    private DERObjectIdentifier fieldIdentifier = null;
+
+    public X9Curve(
+        ECCurve     curve)
+    {
+        this.curve = curve;
+        this.seed = null;
+        setFieldIdentifier();
+    }
+
+    public X9Curve(
+        ECCurve     curve,
+        byte[]      seed)
+    {
+        this.curve = curve;
+        this.seed = seed;
+        setFieldIdentifier();
+    }
+
+    public X9Curve(
+        X9FieldID     fieldID,
+        ASN1Sequence  seq)
+    {
+        fieldIdentifier = fieldID.getIdentifier();
+        if (fieldIdentifier.equals(prime_field))
+        {
+            BigInteger      p = ((DERInteger)fieldID.getParameters()).getValue();
+            X9FieldElement  x9A = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(0));
+            X9FieldElement  x9B = new X9FieldElement(p, (ASN1OctetString)seq.getObjectAt(1));
+            curve = new ECCurve.Fp(p, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger());
+        }
+        else
+        {
+            if (fieldIdentifier.equals(characteristic_two_field)) 
+            {
+                // Characteristic two field
+                DERSequence parameters = (DERSequence)fieldID.getParameters();
+                int m = ((DERInteger)parameters.getObjectAt(0)).getValue().
+                    intValue();
+                DERObjectIdentifier representation
+                    = (DERObjectIdentifier)parameters.getObjectAt(1);
+
+                int k1 = 0;
+                int k2 = 0;
+                int k3 = 0;
+                if (representation.equals(tpBasis)) 
+                {
+                    // Trinomial basis representation
+                    k1 = ((DERInteger)parameters.getObjectAt(2)).getValue().
+                        intValue();
+                }
+                else 
+                {
+                    // Pentanomial basis representation
+                    DERSequence pentanomial
+                        = (DERSequence)parameters.getObjectAt(2);
+                    k1 = ((DERInteger)pentanomial.getObjectAt(0)).getValue().
+                        intValue();
+                    k2 = ((DERInteger)pentanomial.getObjectAt(1)).getValue().
+                        intValue();
+                    k3 = ((DERInteger)pentanomial.getObjectAt(2)).getValue().
+                        intValue();
+                }
+                X9FieldElement x9A = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(0));
+                X9FieldElement x9B = new X9FieldElement(m, k1, k2, k3, (ASN1OctetString)seq.getObjectAt(1));
+                // TODO Is it possible to get the order (n) and cofactor(h) too?
+                curve = new ECCurve.F2m(m, k1, k2, k3, x9A.getValue().toBigInteger(), x9B.getValue().toBigInteger());
+            }
+        }
+
+        if (seq.size() == 3)
+        {
+            seed = ((DERBitString)seq.getObjectAt(2)).getBytes();
+        }
+    }
+
+    private void setFieldIdentifier()
+    {
+        if (curve instanceof ECCurve.Fp)
+        {
+            fieldIdentifier = prime_field;
+        }
+        else if (curve instanceof ECCurve.F2m)
+        {
+            fieldIdentifier = characteristic_two_field;
+        }
+        else
+        {
+            throw new IllegalArgumentException("This type of ECCurve is not "
+                    + "implemented");
+        }
+    }
+
+    public ECCurve  getCurve()
+    {
+        return curve;
+    }
+
+    public byte[]   getSeed()
+    {
+        return seed;
+    }
+
+    /**
+     * Produce an object suitable for an ASN1OutputStream.
+     * <pre>
+     *  Curve ::= SEQUENCE {
+     *      a               FieldElement,
+     *      b               FieldElement,
+     *      seed            BIT STRING      OPTIONAL
+     *  }
+     * </pre>
+     */
+    public DERObject toASN1Object()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+
+        if (fieldIdentifier.equals(prime_field)) 
+        { 
+            v.add(new X9FieldElement(curve.getA()).getDERObject());
+            v.add(new X9FieldElement(curve.getB()).getDERObject());
+        } 
+        else if (fieldIdentifier.equals(characteristic_two_field)) 
+        {
+            v.add(new X9FieldElement(curve.getA()).getDERObject());
+            v.add(new X9FieldElement(curve.getB()).getDERObject());
+        }
+
+        if (seed != null)
+        {
+            v.add(new DERBitString(seed));
+        }
+
+        return new DERSequence(v);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java b/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java
new file mode 100644
index 0000000..c3b0d66
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9ECParameters.java
@@ -0,0 +1,161 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+import java.math.BigInteger;
+
+/**
+ * ASN.1 def for Elliptic-Curve ECParameters structure. See
+ * X9.62, for further details.
+ */
+public class X9ECParameters
+    extends ASN1Encodable
+    implements X9ObjectIdentifiers
+{
+    private static final BigInteger   ONE = BigInteger.valueOf(1);
+
+    private X9FieldID           fieldID;
+    private ECCurve             curve;
+    private ECPoint             g;
+    private BigInteger          n;
+    private BigInteger          h;
+    private byte[]              seed;
+
+    public X9ECParameters(
+        ASN1Sequence  seq)
+    {
+        if (!(seq.getObjectAt(0) instanceof DERInteger)
+           || !((DERInteger)seq.getObjectAt(0)).getValue().equals(ONE))
+        {
+            throw new IllegalArgumentException("bad version in X9ECParameters");
+        }
+
+        X9Curve     x9c = new X9Curve(
+                        new X9FieldID((ASN1Sequence)seq.getObjectAt(1)),
+                        (ASN1Sequence)seq.getObjectAt(2));
+
+        this.curve = x9c.getCurve();
+        this.g = new X9ECPoint(curve, (ASN1OctetString)seq.getObjectAt(3)).getPoint();
+        this.n = ((DERInteger)seq.getObjectAt(4)).getValue();
+        this.seed = x9c.getSeed();
+
+        if (seq.size() == 6)
+        {
+            this.h = ((DERInteger)seq.getObjectAt(5)).getValue();
+        }
+    }
+
+    public X9ECParameters(
+        ECCurve     curve,
+        ECPoint     g,
+        BigInteger  n)
+    {
+        this(curve, g, n, ONE, null);
+    }
+
+    public X9ECParameters(
+        ECCurve     curve,
+        ECPoint     g,
+        BigInteger  n,
+        BigInteger  h)
+    {
+        this(curve, g, n, h, null);
+    }
+
+    public X9ECParameters(
+        ECCurve     curve,
+        ECPoint     g,
+        BigInteger  n,
+        BigInteger  h,
+        byte[]      seed)
+    {
+        this.curve = curve;
+        this.g = g;
+        this.n = n;
+        this.h = h;
+        this.seed = seed;
+
+        if (curve instanceof ECCurve.Fp)
+        {
+            this.fieldID = new X9FieldID(((ECCurve.Fp)curve).getQ());
+        }
+        else
+        {
+            if (curve instanceof ECCurve.F2m)
+            {
+                ECCurve.F2m curveF2m = (ECCurve.F2m)curve;
+                this.fieldID = new X9FieldID(curveF2m.getM(), curveF2m.getK1(),
+                    curveF2m.getK2(), curveF2m.getK3());
+            }
+        }
+    }
+
+    public ECCurve getCurve()
+    {
+        return curve;
+    }
+
+    public ECPoint getG()
+    {
+        return g;
+    }
+
+    public BigInteger getN()
+    {
+        return n;
+    }
+
+    public BigInteger getH()
+    {
+        if (h == null)
+        {
+            return ONE;        // TODO - this should be calculated, it will cause issues with custom curves.
+        }
+
+        return h;
+    }
+
+    public byte[] getSeed()
+    {
+        return seed;
+    }
+
+    /**
+     * Produce an object suitable for an ASN1OutputStream.
+     * <pre>
+     *  ECParameters ::= SEQUENCE {
+     *      version         INTEGER { ecpVer1(1) } (ecpVer1),
+     *      fieldID         FieldID {{FieldTypes}},
+     *      curve           X9Curve,
+     *      base            X9ECPoint,
+     *      order           INTEGER,
+     *      cofactor        INTEGER OPTIONAL
+     *  }
+     * </pre>
+     */
+    public DERObject toASN1Object()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+
+        v.add(new DERInteger(1));
+        v.add(fieldID);
+        v.add(new X9Curve(curve, seed));
+        v.add(new X9ECPoint(g));
+        v.add(new DERInteger(n));
+
+        if (h != null)
+        {
+            v.add(new DERInteger(h));
+        }
+
+        return new DERSequence(v);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9ECParametersHolder.java b/src/main/java/org/bouncycastle/asn1/x9/X9ECParametersHolder.java
new file mode 100644
index 0000000..47361f8
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9ECParametersHolder.java
@@ -0,0 +1,18 @@
+package org.bouncycastle.asn1.x9;
+
+public abstract class X9ECParametersHolder
+{
+    private X9ECParameters params;
+
+    public X9ECParameters getParameters()
+    {
+        if (params == null)
+        {
+            params = createParameters();
+        }
+
+        return params;
+    }
+
+    protected abstract X9ECParameters createParameters();
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java b/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java
new file mode 100644
index 0000000..470b3d6
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java
@@ -0,0 +1,48 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+/**
+ * class for describing an ECPoint as a DER object.
+ */
+public class X9ECPoint
+    extends ASN1Encodable
+{
+    ECPoint p;
+
+    public X9ECPoint(
+        ECPoint p)
+    {
+        this.p = p;
+    }
+
+    public X9ECPoint(
+        ECCurve          c,
+        ASN1OctetString  s)
+    {
+        this.p = c.decodePoint(s.getOctets());
+    }
+
+    public ECPoint getPoint()
+    {
+        return p;
+    }
+
+    /**
+     * Produce an object suitable for an ASN1OutputStream.
+     * <pre>
+     *  ECPoint ::= OCTET STRING
+     * </pre>
+     * <p>
+     * Octet string produced using ECPoint.getEncoded().
+     */
+    public DERObject toASN1Object()
+    {
+        return new DEROctetString(p.getEncoded());
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java b/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java
new file mode 100644
index 0000000..2173d2a
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9FieldElement.java
@@ -0,0 +1,64 @@
+package org.bouncycastle.asn1.x9;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.math.ec.ECFieldElement;
+
+/**
+ * class for processing an FieldElement as a DER object.
+ */
+public class X9FieldElement
+    extends ASN1Encodable
+{
+    protected ECFieldElement  f;
+    
+    private static X9IntegerConverter converter = new X9IntegerConverter();
+
+    public X9FieldElement(ECFieldElement f)
+    {
+        this.f = f;
+    }
+    
+    public X9FieldElement(BigInteger p, ASN1OctetString s)
+    {
+        this(new ECFieldElement.Fp(p, new BigInteger(1, s.getOctets())));
+    }
+    
+    public X9FieldElement(int m, int k1, int k2, int k3, ASN1OctetString s)
+    {
+        this(new ECFieldElement.F2m(m, k1, k2, k3, new BigInteger(1, s.getOctets())));
+    }
+    
+    public ECFieldElement getValue()
+    {
+        return f;
+    }
+    
+    /**
+     * Produce an object suitable for an ASN1OutputStream.
+     * <pre>
+     *  FieldElement ::= OCTET STRING
+     * </pre>
+     * <p>
+     * <ol>
+     * <li> if <i>q</i> is an odd prime then the field element is
+     * processed as an Integer and converted to an octet string
+     * according to x 9.62 4.3.1.</li>
+     * <li> if <i>q</i> is 2<sup>m</sup> then the bit string
+     * contained in the field element is converted into an octet
+     * string with the same ordering padded at the front if necessary.
+     * </li>
+     * </ol>
+     */
+    public DERObject toASN1Object()
+    {
+        int byteCount = converter.getByteLength(f);
+        byte[] paddedBigInteger = converter.integerToBytes(f.toBigInteger(), byteCount);
+
+        return new DEROctetString(paddedBigInteger);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java b/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java
new file mode 100644
index 0000000..c2c2ef9
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9FieldID.java
@@ -0,0 +1,109 @@
+package org.bouncycastle.asn1.x9;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
+
+/**
+ * ASN.1 def for Elliptic-Curve Field ID structure. See
+ * X9.62, for further details.
+ */
+public class X9FieldID
+    extends ASN1Encodable
+    implements X9ObjectIdentifiers
+{
+    private DERObjectIdentifier     id;
+    private DERObject               parameters;
+
+    /**
+     * Constructor for elliptic curves over prime fields
+     * <code>F<sub>2</sub></code>.
+     * @param primeP The prime <code>p</code> defining the prime field.
+     */
+    public X9FieldID(BigInteger primeP)
+    {
+        this.id = prime_field;
+        this.parameters = new DERInteger(primeP);
+    }
+
+    /**
+     * Constructor for elliptic curves over binary fields
+     * <code>F<sub>2<sup>m</sup></sub></code>.
+     * @param m  The exponent <code>m</code> of
+     * <code>F<sub>2<sup>m</sup></sub></code>.
+     * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+     * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+     * represents the reduction polynomial <code>f(z)</code>.
+     * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
+     * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+     * represents the reduction polynomial <code>f(z)</code>.
+     * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
+     * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+     * represents the reduction polynomial <code>f(z)</code>..
+     */
+    public X9FieldID(int m, int k1, int k2, int k3)
+    {
+        this.id = characteristic_two_field;
+        ASN1EncodableVector fieldIdParams = new ASN1EncodableVector();
+        fieldIdParams.add(new DERInteger(m));
+        
+        if (k2 == 0) 
+        {
+            fieldIdParams.add(tpBasis);
+            fieldIdParams.add(new DERInteger(k1));
+        } 
+        else 
+        {
+            fieldIdParams.add(ppBasis);
+            ASN1EncodableVector pentanomialParams = new ASN1EncodableVector();
+            pentanomialParams.add(new DERInteger(k1));
+            pentanomialParams.add(new DERInteger(k2));
+            pentanomialParams.add(new DERInteger(k3));
+            fieldIdParams.add(new DERSequence(pentanomialParams));
+        }
+        
+        this.parameters = new DERSequence(fieldIdParams);
+    }
+
+    public X9FieldID(
+        ASN1Sequence  seq)
+    {
+        this.id = (DERObjectIdentifier)seq.getObjectAt(0);
+        this.parameters = (DERObject)seq.getObjectAt(1);
+    }
+
+    public DERObjectIdentifier getIdentifier()
+    {
+        return id;
+    }
+
+    public DERObject getParameters()
+    {
+        return parameters;
+    }
+
+    /**
+     * Produce a DER encoding of the following structure.
+     * <pre>
+     *  FieldID ::= SEQUENCE {
+     *      fieldType       FIELD-ID.&amp;id({IOSet}),
+     *      parameters      FIELD-ID.&amp;Type({IOSet}{&#64;fieldType})
+     *  }
+     * </pre>
+     */
+    public DERObject toASN1Object()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+
+        v.add(this.id);
+        v.add(this.parameters);
+
+        return new DERSequence(v);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java b/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java
new file mode 100644
index 0000000..ae820ab
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java
@@ -0,0 +1,47 @@
+package org.bouncycastle.asn1.x9;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECFieldElement;
+
+import java.math.BigInteger;
+
+public class X9IntegerConverter
+{
+    public int getByteLength(
+        ECCurve c)
+    {
+        return (c.getFieldSize() + 7) / 8;
+    }
+
+    public int getByteLength(
+        ECFieldElement fe)
+    {
+        return (fe.getFieldSize() + 7) / 8;
+    }
+
+    public byte[] integerToBytes(
+        BigInteger s,
+        int        qLength)
+    {
+        byte[] bytes = s.toByteArray();
+        
+        if (qLength < bytes.length)
+        {
+            byte[] tmp = new byte[qLength];
+        
+            System.arraycopy(bytes, bytes.length - tmp.length, tmp, 0, tmp.length);
+            
+            return tmp;
+        }
+        else if (qLength > bytes.length)
+        {
+            byte[] tmp = new byte[qLength];
+        
+            System.arraycopy(bytes, 0, tmp, tmp.length - bytes.length, bytes.length);
+            
+            return tmp; 
+        }
+    
+        return bytes;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java b/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
index 5473d48..6c1fcd7 100644
--- a/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
+++ b/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java
@@ -1,6 +1,6 @@
 package org.bouncycastle.asn1.x9;
 
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
 public interface X9ObjectIdentifiers
 {
@@ -10,92 +10,107 @@
     // ansi-X9-62 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     //            us(840) ansi-x962(10045) }
     //
-    static final String    ansi_X9_62 = "1.2.840.10045";
-    static final String    id_fieldType = ansi_X9_62 + ".1";
+    static final ASN1ObjectIdentifier ansi_X9_62 = new ASN1ObjectIdentifier("1.2.840.10045");
+    static final ASN1ObjectIdentifier id_fieldType = ansi_X9_62.branch("1");
 
-    static final DERObjectIdentifier    prime_field
-                    = new DERObjectIdentifier(id_fieldType + ".1");
+    static final ASN1ObjectIdentifier prime_field = id_fieldType.branch("1");
 
-    static final DERObjectIdentifier    characteristic_two_field
-                    = new DERObjectIdentifier(id_fieldType + ".2");
+    static final ASN1ObjectIdentifier characteristic_two_field = id_fieldType.branch("2");
 
-    static final DERObjectIdentifier    gnBasis
-                    = new DERObjectIdentifier(id_fieldType + ".2.3.1");
+    static final ASN1ObjectIdentifier gnBasis = id_fieldType.branch("2.3.1");
 
-    static final DERObjectIdentifier    tpBasis
-                    = new DERObjectIdentifier(id_fieldType + ".2.3.2");
+    static final ASN1ObjectIdentifier tpBasis = id_fieldType.branch("2.3.2");
 
-    static final DERObjectIdentifier    ppBasis
-                    = new DERObjectIdentifier(id_fieldType + ".2.3.3");
+    static final ASN1ObjectIdentifier ppBasis = id_fieldType.branch("2.3.3");
 
-    static final String    id_ecSigType = ansi_X9_62 + ".4";
+    static final ASN1ObjectIdentifier id_ecSigType = ansi_X9_62.branch("4");
 
-    static final DERObjectIdentifier    ecdsa_with_SHA1
-                    = new DERObjectIdentifier(id_ecSigType + ".1");
+    static final ASN1ObjectIdentifier ecdsa_with_SHA1 = new ASN1ObjectIdentifier(id_ecSigType + ".1");
 
-    static final String    id_publicKeyType = ansi_X9_62 + ".2";
+    static final ASN1ObjectIdentifier id_publicKeyType = ansi_X9_62.branch("2");
 
-    static final DERObjectIdentifier    id_ecPublicKey
-                    = new DERObjectIdentifier(id_publicKeyType + ".1");
+    static final ASN1ObjectIdentifier id_ecPublicKey = id_publicKeyType.branch("1");
 
-    static final DERObjectIdentifier    ecdsa_with_SHA2
-                    = new DERObjectIdentifier(id_ecSigType + ".3");
+    static final ASN1ObjectIdentifier ecdsa_with_SHA2 = id_ecSigType.branch("3");
 
-    static final DERObjectIdentifier    ecdsa_with_SHA224
-                    = new DERObjectIdentifier(ecdsa_with_SHA2 + ".1");
+    static final ASN1ObjectIdentifier ecdsa_with_SHA224 = ecdsa_with_SHA2.branch("1");
 
-    static final DERObjectIdentifier    ecdsa_with_SHA256
-                    = new DERObjectIdentifier(ecdsa_with_SHA2 + ".2");
+    static final ASN1ObjectIdentifier ecdsa_with_SHA256 = ecdsa_with_SHA2.branch("2");
 
-    static final DERObjectIdentifier    ecdsa_with_SHA384
-                    = new DERObjectIdentifier(ecdsa_with_SHA2 + ".3");
+    static final ASN1ObjectIdentifier ecdsa_with_SHA384 = ecdsa_with_SHA2.branch("3");
 
-    static final DERObjectIdentifier    ecdsa_with_SHA512
-                    = new DERObjectIdentifier(ecdsa_with_SHA2 + ".4");
+    static final ASN1ObjectIdentifier ecdsa_with_SHA512 = ecdsa_with_SHA2.branch("4");
 
     //
     // named curves
     //
-    static final String     ellipticCurve = ansi_X9_62 + ".3";
+    static final ASN1ObjectIdentifier ellipticCurve = ansi_X9_62.branch("3");
 
     //
     // Two Curves
     //
-    static final String     cTwoCurve = ellipticCurve + ".0";
-    
-    static final DERObjectIdentifier    c2pnb163v1 = new DERObjectIdentifier(cTwoCurve + ".1");
-    static final DERObjectIdentifier    c2pnb163v2 = new DERObjectIdentifier(cTwoCurve + ".2");
-    static final DERObjectIdentifier    c2pnb163v3 = new DERObjectIdentifier(cTwoCurve + ".3");
-    static final DERObjectIdentifier    c2pnb176w1 = new DERObjectIdentifier(cTwoCurve + ".4");
-    static final DERObjectIdentifier    c2tnb191v1 = new DERObjectIdentifier(cTwoCurve + ".5");
-    static final DERObjectIdentifier    c2tnb191v2 = new DERObjectIdentifier(cTwoCurve + ".6");
-    static final DERObjectIdentifier    c2tnb191v3 = new DERObjectIdentifier(cTwoCurve + ".7");
-    static final DERObjectIdentifier    c2onb191v4 = new DERObjectIdentifier(cTwoCurve + ".8");
-    static final DERObjectIdentifier    c2onb191v5 = new DERObjectIdentifier(cTwoCurve + ".9");
-    static final DERObjectIdentifier    c2pnb208w1 = new DERObjectIdentifier(cTwoCurve + ".10");
-    static final DERObjectIdentifier    c2tnb239v1 = new DERObjectIdentifier(cTwoCurve + ".11");
-    static final DERObjectIdentifier    c2tnb239v2 = new DERObjectIdentifier(cTwoCurve + ".12");
-    static final DERObjectIdentifier    c2tnb239v3 = new DERObjectIdentifier(cTwoCurve + ".13");
-    static final DERObjectIdentifier    c2onb239v4 = new DERObjectIdentifier(cTwoCurve + ".14");
-    static final DERObjectIdentifier    c2onb239v5 = new DERObjectIdentifier(cTwoCurve + ".15");
-    static final DERObjectIdentifier    c2pnb272w1 = new DERObjectIdentifier(cTwoCurve + ".16");
-    static final DERObjectIdentifier    c2pnb304w1 = new DERObjectIdentifier(cTwoCurve + ".17");
-    static final DERObjectIdentifier    c2tnb359v1 = new DERObjectIdentifier(cTwoCurve + ".18");
-    static final DERObjectIdentifier    c2pnb368w1 = new DERObjectIdentifier(cTwoCurve + ".19");
-    static final DERObjectIdentifier    c2tnb431r1 = new DERObjectIdentifier(cTwoCurve + ".20");
-    
+    static final ASN1ObjectIdentifier  cTwoCurve = ellipticCurve.branch("0");
+
+    static final ASN1ObjectIdentifier c2pnb163v1 = cTwoCurve.branch("1");
+    static final ASN1ObjectIdentifier c2pnb163v2 = cTwoCurve.branch("2");
+    static final ASN1ObjectIdentifier c2pnb163v3 = cTwoCurve.branch("3");
+    static final ASN1ObjectIdentifier c2pnb176w1 = cTwoCurve.branch("4");
+    static final ASN1ObjectIdentifier c2tnb191v1 = cTwoCurve.branch("5");
+    static final ASN1ObjectIdentifier c2tnb191v2 = cTwoCurve.branch("6");
+    static final ASN1ObjectIdentifier c2tnb191v3 = cTwoCurve.branch("7");
+    static final ASN1ObjectIdentifier c2onb191v4 = cTwoCurve.branch("8");
+    static final ASN1ObjectIdentifier c2onb191v5 = cTwoCurve.branch("9");
+    static final ASN1ObjectIdentifier c2pnb208w1 = cTwoCurve.branch("10");
+    static final ASN1ObjectIdentifier c2tnb239v1 = cTwoCurve.branch("11");
+    static final ASN1ObjectIdentifier c2tnb239v2 = cTwoCurve.branch("12");
+    static final ASN1ObjectIdentifier c2tnb239v3 = cTwoCurve.branch("13");
+    static final ASN1ObjectIdentifier c2onb239v4 = cTwoCurve.branch("14");
+    static final ASN1ObjectIdentifier c2onb239v5 = cTwoCurve.branch("15");
+    static final ASN1ObjectIdentifier c2pnb272w1 = cTwoCurve.branch("16");
+    static final ASN1ObjectIdentifier c2pnb304w1 = cTwoCurve.branch("17");
+    static final ASN1ObjectIdentifier c2tnb359v1 = cTwoCurve.branch("18");
+    static final ASN1ObjectIdentifier c2pnb368w1 = cTwoCurve.branch("19");
+    static final ASN1ObjectIdentifier c2tnb431r1 = cTwoCurve.branch("20");
+
     //
     // Prime
     //
-    static final String     primeCurve = ellipticCurve + ".1";
+    static final ASN1ObjectIdentifier primeCurve = ellipticCurve.branch("1");
 
-    static final DERObjectIdentifier    prime192v1 = new DERObjectIdentifier(primeCurve + ".1");
-    static final DERObjectIdentifier    prime192v2 = new DERObjectIdentifier(primeCurve + ".2");
-    static final DERObjectIdentifier    prime192v3 = new DERObjectIdentifier(primeCurve + ".3");
-    static final DERObjectIdentifier    prime239v1 = new DERObjectIdentifier(primeCurve + ".4");
-    static final DERObjectIdentifier    prime239v2 = new DERObjectIdentifier(primeCurve + ".5");
-    static final DERObjectIdentifier    prime239v3 = new DERObjectIdentifier(primeCurve + ".6");
-    static final DERObjectIdentifier    prime256v1 = new DERObjectIdentifier(primeCurve + ".7");
+    static final ASN1ObjectIdentifier prime192v1 = primeCurve.branch("1");
+    static final ASN1ObjectIdentifier prime192v2 = primeCurve.branch("2");
+    static final ASN1ObjectIdentifier prime192v3 = primeCurve.branch("3");
+    static final ASN1ObjectIdentifier prime239v1 = primeCurve.branch("4");
+    static final ASN1ObjectIdentifier prime239v2 = primeCurve.branch("5");
+    static final ASN1ObjectIdentifier prime239v3 = primeCurve.branch("6");
+    static final ASN1ObjectIdentifier prime256v1 = primeCurve.branch("7");
+
+    //
+    // DSA
+    //
+    // dsapublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    //            us(840) ansi-x957(10040) number-type(4) 1 }
+    static final ASN1ObjectIdentifier id_dsa = new ASN1ObjectIdentifier("1.2.840.10040.4.1");
+
+    /**
+     * id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) x9-57
+     * (10040) x9cm(4) 3 }
+     */
+    public static final ASN1ObjectIdentifier id_dsa_with_sha1 = new ASN1ObjectIdentifier("1.2.840.10040.4.3");
+
+    /**
+     * X9.63
+     */
+    public static final ASN1ObjectIdentifier x9_63_scheme = new ASN1ObjectIdentifier("1.3.133.16.840.63.0");
+    public static final ASN1ObjectIdentifier dhSinglePass_stdDH_sha1kdf_scheme = x9_63_scheme.branch("2");
+    public static final ASN1ObjectIdentifier dhSinglePass_cofactorDH_sha1kdf_scheme = x9_63_scheme.branch("3");
+    public static final ASN1ObjectIdentifier mqvSinglePass_sha1kdf_scheme = x9_63_scheme.branch("16");
+
+    /**
+     * X9.42
+     */
+
+    static final ASN1ObjectIdentifier ansi_X9_42 = new ASN1ObjectIdentifier("1.2.840.10046");
 
     //
     // Diffie-Hellman
@@ -103,40 +118,15 @@
     // dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     //            us(840) ansi-x942(10046) number-type(2) 1 }
     //
-    static final DERObjectIdentifier    dhpublicnumber = new DERObjectIdentifier("1.2.840.10046.2.1");
+    public static final ASN1ObjectIdentifier dhpublicnumber = ansi_X9_42.branch("2.1");
 
-    //
-    // DSA
-    //
-    // dsapublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
-    //            us(840) ansi-x957(10040) number-type(4) 1 }
-    static final DERObjectIdentifier    id_dsa = new DERObjectIdentifier("1.2.840.10040.4.1");
-
-    /**
-     *   id-dsa-with-sha1 OBJECT IDENTIFIER ::=  { iso(1) member-body(2)
-     *         us(840) x9-57 (10040) x9cm(4) 3 }
-     */
-    public static final DERObjectIdentifier id_dsa_with_sha1 = new DERObjectIdentifier("1.2.840.10040.4.3");
-
-    /**
-     * X9.63
-     */
-    public static final DERObjectIdentifier x9_63_scheme = new DERObjectIdentifier("1.3.133.16.840.63.0");
-    public static final DERObjectIdentifier dhSinglePass_stdDH_sha1kdf_scheme = new DERObjectIdentifier(x9_63_scheme + ".2");
-    public static final DERObjectIdentifier dhSinglePass_cofactorDH_sha1kdf_scheme = new DERObjectIdentifier(x9_63_scheme + ".3");
-    public static final DERObjectIdentifier mqvSinglePass_sha1kdf_scheme = new DERObjectIdentifier(x9_63_scheme + ".16");
-
-    /**
-     * X9.42
-     */
-    public static final DERObjectIdentifier x9_42_schemes = new DERObjectIdentifier("1.2.840.10046.3");
-    public static final DERObjectIdentifier dhStatic = new DERObjectIdentifier(x9_42_schemes + ".1");
-    public static final DERObjectIdentifier dhEphem = new DERObjectIdentifier(x9_42_schemes + ".2");
-    public static final DERObjectIdentifier dhOneFlow = new DERObjectIdentifier(x9_42_schemes + ".3");
-    public static final DERObjectIdentifier dhHybrid1 = new DERObjectIdentifier(x9_42_schemes + ".4");
-    public static final DERObjectIdentifier dhHybrid2 = new DERObjectIdentifier(x9_42_schemes + ".5");
-    public static final DERObjectIdentifier dhHybridOneFlow = new DERObjectIdentifier(x9_42_schemes + ".6");
-    public static final DERObjectIdentifier mqv2 = new DERObjectIdentifier(x9_42_schemes + ".7");
-    public static final DERObjectIdentifier mqv1 = new DERObjectIdentifier(x9_42_schemes + ".8");
+    public static final ASN1ObjectIdentifier x9_42_schemes = ansi_X9_42.branch("3");
+    public static final ASN1ObjectIdentifier dhStatic = x9_42_schemes.branch("1");
+    public static final ASN1ObjectIdentifier dhEphem = x9_42_schemes.branch("2");
+    public static final ASN1ObjectIdentifier dhOneFlow = x9_42_schemes.branch("3");
+    public static final ASN1ObjectIdentifier dhHybrid1 = x9_42_schemes.branch("4");
+    public static final ASN1ObjectIdentifier dhHybrid2 = x9_42_schemes.branch("5");
+    public static final ASN1ObjectIdentifier dhHybridOneFlow = x9_42_schemes.branch("6");
+    public static final ASN1ObjectIdentifier mqv2 = x9_42_schemes.branch("7");
+    public static final ASN1ObjectIdentifier mqv1 = x9_42_schemes.branch("8");
 }
-
diff --git a/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java b/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
index 7f8adec..4878786 100644
--- a/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
+++ b/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java
@@ -259,28 +259,34 @@
         int     outOff)
         throws DataLengthException, IllegalStateException, InvalidCipherTextException
     {
-        int resultLen = 0;
-
-        if (outOff + bufOff > out.length)
+        try
         {
-            throw new DataLengthException("output buffer too short for doFinal()");
-        }
+            int resultLen = 0;
 
-        if (bufOff != 0 && partialBlockOkay)
+            if (outOff + bufOff > out.length)
+            {
+                throw new DataLengthException("output buffer too short for doFinal()");
+            }
+
+            if (bufOff != 0)
+            {
+                if (!partialBlockOkay)
+                {
+                    throw new DataLengthException("data not block size aligned");
+                }
+
+                cipher.processBlock(buf, 0, buf, 0);
+                resultLen = bufOff;
+                bufOff = 0;
+                System.arraycopy(buf, 0, out, outOff, resultLen);
+            }
+
+            return resultLen;
+        }
+        finally
         {
-            cipher.processBlock(buf, 0, buf, 0);
-            resultLen = bufOff;
-            bufOff = 0;
-            System.arraycopy(buf, 0, out, outOff, resultLen);
+            reset();
         }
-        else if (bufOff != 0)
-        {
-            throw new DataLengthException("data not block size aligned");
-        }
-
-        reset();
-
-        return resultLen;
     }
 
     /**
diff --git a/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java b/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java
index 5a1e204..452b367 100644
--- a/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java
+++ b/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java
@@ -20,4 +20,15 @@
      * @return full/partial message, null if nothing.
      */
     public byte[] getRecoveredMessage();
+
+    /**
+     * Perform an update with the recovered message before adding any other data. This must
+     * be the first update method called, and calling it will result in the signer assuming
+     * that further calls to update will include message content past what is recoverable.
+     *
+     * @param signature the signature that we are in the process of verifying.
+     * @throws IllegalStateException
+     */
+    public void updateWithRecoveredMessage(byte[] signature)
+        throws InvalidCipherTextException;
 }
diff --git a/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java b/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java
new file mode 100644
index 0000000..3ad3e1c
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java
@@ -0,0 +1,47 @@
+package org.bouncycastle.crypto.agreement;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECPoint;
+
+import org.bouncycastle.crypto.BasicAgreement;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+
+/**
+ * P1363 7.2.1 ECSVDP-DH
+ *
+ * ECSVDP-DH is Elliptic Curve Secret Value Derivation Primitive,
+ * Diffie-Hellman version. It is based on the work of [DH76], [Mil86],
+ * and [Kob87]. This primitive derives a shared secret value from one
+ * party's private key and another party's public key, where both have
+ * the same set of EC domain parameters. If two parties correctly
+ * execute this primitive, they will produce the same output. This
+ * primitive can be invoked by a scheme to derive a shared secret key;
+ * specifically, it may be used with the schemes ECKAS-DH1 and
+ * DL/ECKAS-DH2. It assumes that the input keys are valid (see also
+ * Section 7.2.2).
+ */
+public class ECDHBasicAgreement
+    implements BasicAgreement
+{
+    private ECPrivateKeyParameters key;
+
+    public void init(
+        CipherParameters key)
+    {
+        this.key = (ECPrivateKeyParameters)key;
+    }
+
+    public BigInteger calculateAgreement(
+        CipherParameters pubKey)
+    {
+        ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey;
+        ECPoint P = pub.getQ().multiply(key.getD());
+
+        // if (p.isInfinity()) throw new RuntimeException("d*Q == infinity");
+
+        return P.getX().toBigInteger();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/util/NullDigest.java b/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java
similarity index 94%
rename from src/main/java/org/bouncycastle/jce/provider/util/NullDigest.java
rename to src/main/java/org/bouncycastle/crypto/digests/NullDigest.java
index 820ad1b..6cb0d4a 100644
--- a/src/main/java/org/bouncycastle/jce/provider/util/NullDigest.java
+++ b/src/main/java/org/bouncycastle/crypto/digests/NullDigest.java
@@ -1,4 +1,4 @@
-package org.bouncycastle.jce.provider.util;
+package org.bouncycastle.crypto.digests;
 
 import java.io.ByteArrayOutputStream;
 
diff --git a/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java b/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java
index ba76577..d2f9f25 100644
--- a/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java
+++ b/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java
@@ -30,12 +30,24 @@
     private final String algorithm;
 
     /**
-     * Holds the OpenSSL name of the hashing algorithm, e.g. "sha1";
+     * Holds the EVP_MD for the hashing algorithm, e.g. EVP_get_digestbyname("sha1");
      */
-    private final String openssl;
+    private final int evp_md;
 
     /**
-     * Holds a pointer to the native message digest context.
+     * Holds the output size of the message digest.
+     */
+    private final int size;
+
+    /**
+     * Holds the block size of the message digest.
+     */
+    private final int blockSize;
+
+    /**
+     * Holds a pointer to the native message digest context. It is
+     * lazily initialized to avoid having to reallocate on reset when
+     * its unlikely to be reused.
      */
     private int ctx;
 
@@ -47,25 +59,12 @@
     /**
      * Creates a new OpenSSLMessageDigest instance for the given algorithm
      * name.
-     *
-     * @param algorithm The standard name of the algorithm, e.g. "SHA-1".
-     * @param algorithm The name of the openssl algorithm, e.g. "sha1".
      */
-    private OpenSSLDigest(String algorithm, String openssl) {
+    private OpenSSLDigest(String algorithm, int evp_md, int size, int blockSize) {
         this.algorithm = algorithm;
-        this.openssl = openssl;
-        ctx = NativeCrypto.EVP_MD_CTX_create();
-        try {
-            NativeCrypto.EVP_DigestInit(ctx, openssl);
-        } catch (Exception ex) {
-            throw new RuntimeException(ex.getMessage() + " (" + algorithm + ")");
-        }
-    }
-
-    public int doFinal(byte[] out, int outOff) {
-        int i = NativeCrypto.EVP_DigestFinal(ctx, out, outOff);
-        reset();
-        return i;
+        this.evp_md = evp_md;
+        this.size = size;
+        this.blockSize = blockSize;
     }
 
     public String getAlgorithmName() {
@@ -73,50 +72,88 @@
     }
 
     public int getDigestSize() {
-        return NativeCrypto.EVP_MD_CTX_size(ctx);
+        return size;
     }
 
     public int getByteLength() {
-        return NativeCrypto.EVP_MD_CTX_block_size(ctx);
+        return blockSize;
     }
 
     public void reset() {
-        NativeCrypto.EVP_DigestInit(ctx, openssl);
+        free();
     }
 
     public void update(byte in) {
         singleByte[0] = in;
-        NativeCrypto.EVP_DigestUpdate(ctx, singleByte, 0, 1);
+        update(singleByte, 0, 1);
     }
 
     public void update(byte[] in, int inOff, int len) {
-        NativeCrypto.EVP_DigestUpdate(ctx, in, inOff, len);
+        NativeCrypto.EVP_DigestUpdate(getCtx(), in, inOff, len);
+    }
+
+    public int doFinal(byte[] out, int outOff) {
+        int i = NativeCrypto.EVP_DigestFinal(getCtx(), out, outOff);
+        ctx = 0; // EVP_DigestFinal frees the context as a side effect
+        reset();
+        return i;
+    }
+
+    private int getCtx() {
+        if (ctx == 0) {
+            ctx = NativeCrypto.EVP_DigestInit(evp_md);
+        }
+        return ctx;
+    }
+
+    private void free() {
+        if (ctx != 0) {
+            NativeCrypto.EVP_MD_CTX_destroy(ctx);
+            ctx = 0;
+        }
     }
 
     @Override
     protected void finalize() throws Throwable {
-        super.finalize();
-        NativeCrypto.EVP_MD_CTX_destroy(ctx);
-        ctx = 0;
+        try {
+            free();
+        } finally {
+            super.finalize();
+        }
     }
 
     public static class MD5 extends OpenSSLDigest {
-        public MD5() { super("MD5", "md5"); }
+        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("md5");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public MD5() { super("MD5", EVP_MD, SIZE, BLOCK_SIZE); }
     }
 
     public static class SHA1 extends OpenSSLDigest {
-        public SHA1() { super("SHA-1", "sha1"); }
+        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha1");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA1() { super("SHA-1", EVP_MD, SIZE, BLOCK_SIZE); }
     }
 
     public static class SHA256 extends OpenSSLDigest {
-        public SHA256() { super("SHA-256", "sha256"); }
+        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha256");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA256() { super("SHA-256", EVP_MD, SIZE, BLOCK_SIZE); }
     }
 
     public static class SHA384 extends OpenSSLDigest {
-        public SHA384() { super("SHA-384", "sha384"); }
+        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha384");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA384() { super("SHA-384", EVP_MD, SIZE, BLOCK_SIZE); }
     }
 
     public static class SHA512 extends OpenSSLDigest {
-        public SHA512() { super("SHA-512", "sha512"); }
+        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha512");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA512() { super("SHA-512", EVP_MD, SIZE, BLOCK_SIZE); }
     }
 }
diff --git a/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java b/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java
index b4d84c6..ec91e1a 100644
--- a/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java
+++ b/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java
@@ -1,5 +1,7 @@
 package org.bouncycastle.crypto.encodings;
 
+import java.math.BigInteger;
+
 import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.InvalidCipherTextException;
@@ -9,13 +11,16 @@
 /**
  * ISO 9796-1 padding. Note in the light of recent results you should
  * only use this with RSA (rather than the "simpler" Rabin keys) and you
- * should never use it with anything other than a hash (ie. even if the 
+ * should never use it with anything other than a hash (ie. even if the
  * message is small don't sign the message, sign it's hash) or some "random"
  * value. See your favorite search engine for details.
  */
 public class ISO9796d1Encoding
     implements AsymmetricBlockCipher
 {
+    private static final BigInteger SIXTEEN = BigInteger.valueOf(16L);
+    private static final BigInteger SIX     = BigInteger.valueOf(6L);
+
     private static byte[]    shadows = { 0xe, 0x3, 0x5, 0x8, 0x9, 0x4, 0x2, 0xf,
                                     0x0, 0xd, 0xb, 0x6, 0x7, 0xa, 0xc, 0x1 };
     private static byte[]    inverse = { 0x8, 0xf, 0x6, 0x1, 0x5, 0x2, 0xb, 0xc,
@@ -25,12 +30,13 @@
     private boolean                 forEncryption;
     private int                     bitSize;
     private int                     padBits = 0;
+    private BigInteger              modulus;
 
     public ISO9796d1Encoding(
         AsymmetricBlockCipher   cipher)
     {
         this.engine = cipher;
-    }   
+    }
 
     public AsymmetricBlockCipher getUnderlyingCipher()
     {
@@ -56,14 +62,15 @@
 
         engine.init(forEncryption, param);
 
-        bitSize = kParam.getModulus().bitLength();
+        modulus = kParam.getModulus();
+        bitSize = modulus.bitLength();
 
         this.forEncryption = forEncryption;
     }
 
     /**
      * return the input block size. The largest message we can process
-     * is (key_size_in_bits + 3)/16, which in our world comes to 
+     * is (key_size_in_bits + 3)/16, which in our world comes to
      * key_size_in_bytes / 2.
      */
     public int getInputBlockSize()
@@ -98,7 +105,7 @@
     }
 
     /**
-     * set the number of bits in the next message to be treated as 
+     * set the number of bits in the next message to be treated as
      * pad bits.
      */
     public void setPadBits(
@@ -163,7 +170,7 @@
         for (int i = block.length - 2 * t; i != block.length; i += 2)
         {
             byte    val = block[block.length - t + i / 2];
-            
+
             block[i] = (byte)((shadows[(val & 0xff) >>> 4] << 4)
                                                 | shadows[val & 0x0f]);
             block[i + 1] = val;
@@ -203,7 +210,24 @@
         int     r = 1;
         int     t = (bitSize + 13) / 16;
 
-        if ((block[block.length - 1] & 0x0f) != 0x6)
+        BigInteger iS = new BigInteger(1, block);
+        BigInteger iR;
+        if (iS.mod(SIXTEEN).equals(SIX))
+        {
+            iR = iS;
+        }
+        else if ((modulus.subtract(iS)).mod(SIXTEEN).equals(SIX))
+        {
+            iR = modulus.subtract(iS);
+        }
+        else
+        {
+            throw new InvalidCipherTextException("resulting integer iS or (modulus - iS) is not congruent to 6 mod 16");
+        }
+
+        block = convertOutputDecryptOnly(iR);
+
+        if ((block[block.length - 1] & 0x0f) != 0x6 )
         {
             throw new InvalidCipherTextException("invalid forcing byte in block");
         }
@@ -214,12 +238,12 @@
 
         boolean boundaryFound = false;
         int     boundary = 0;
-        
+
         for (int i = block.length - 1; i >= block.length - 2 * t; i -= 2)
         {
             int val = ((shadows[(block[i] & 0xff) >>> 4] << 4)
                                         | shadows[block[i] & 0x0f]);
-            
+
             if (((block[i - 1] ^ val) & 0xff) != 0)
             {
                 if (!boundaryFound)
@@ -248,4 +272,16 @@
 
         return nblock;
     }
+
+    private static byte[] convertOutputDecryptOnly(BigInteger result)
+    {
+        byte[] output = result.toByteArray();
+        if (output[0] == 0) // have ended up with an extra zero byte, copy down.
+        {
+            byte[] tmp = new byte[output.length - 1];
+            System.arraycopy(output, 1, tmp, 0, tmp.length);
+            return tmp;
+        }
+        return output;
+    }
 }
diff --git a/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java b/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
index 2554c30..05c7839 100644
--- a/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
+++ b/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
@@ -3,67 +3,90 @@
 import java.math.BigInteger;
 import java.security.SecureRandom;
 
+// BEGIN android-added
+import java.util.logging.Logger;
+// END android-added
 import org.bouncycastle.util.BigIntegers;
 
 class DHParametersHelper
 {
+    // BEGIN android-added
+    private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName());
+    // END android-added
+
     private static final BigInteger ONE = BigInteger.valueOf(1);
     private static final BigInteger TWO = BigInteger.valueOf(2);
 
-    // Finds a pair of prime BigInteger's {p, q: p = 2q + 1}
-    static BigInteger[] generateSafePrimes(
-        int             size,
-        int             certainty,
-        SecureRandom    random)
+    /*
+     * Finds a pair of prime BigInteger's {p, q: p = 2q + 1}
+     * 
+     * (see: Handbook of Applied Cryptography 4.86)
+     */
+    static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
     {
+        // BEGIN android-added
+        logger.info("Generating safe primes. This may take a long time.");
+        long start = System.currentTimeMillis();
+        int tries = 0;
+        // END android-added
         BigInteger p, q;
         int qLength = size - 1;
 
         for (;;)
         {
+            // BEGIN android-added
+            tries++;
+            // END android-added
             q = new BigInteger(qLength, 2, random);
 
             // p <- 2q + 1
             p = q.shiftLeft(1).add(ONE);
 
-            if (p.isProbablePrime(certainty)
-                && (certainty <= 2 || q.isProbablePrime(certainty)))
+            if (p.isProbablePrime(certainty) && (certainty <= 2 || q.isProbablePrime(certainty)))
             {
-                    break;
+                break;
             }
         }
+        // BEGIN android-added
+        long end = System.currentTimeMillis();
+        long duration = end - start;
+        logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms");
+        // END android-added
 
         return new BigInteger[] { p, q };
     }
 
-    // Select a high order element of the multiplicative group Zp*
-    // p and q must be s.t. p = 2*q + 1, where p and q are prime
-    static BigInteger selectGenerator(
-        BigInteger      p,
-        BigInteger      q,
-        SecureRandom    random)
+    /*
+     * Select a high order element of the multiplicative group Zp*
+     * 
+     * p and q must be s.t. p = 2*q + 1, where p and q are prime (see generateSafePrimes)
+     */
+    static BigInteger selectGenerator(BigInteger p, BigInteger q, SecureRandom random)
     {
         BigInteger pMinusTwo = p.subtract(TWO);
         BigInteger g;
 
-        // Handbook of Applied Cryptography 4.86
-        do
-        {
-            g = BigIntegers.createRandomInRange(TWO, pMinusTwo, random);
-        }
-        while (g.modPow(TWO, p).equals(ONE)
-            || g.modPow(q, p).equals(ONE));
+        /*
+         * (see: Handbook of Applied Cryptography 4.80)
+         */
+//        do
+//        {
+//            g = BigIntegers.createRandomInRange(TWO, pMinusTwo, random);
+//        }
+//        while (g.modPow(TWO, p).equals(ONE) || g.modPow(q, p).equals(ONE));
 
-/*
-        // RFC 2631 2.1.1 (and see Handbook of Applied Cryptography 4.81)
+
+        /*
+         * RFC 2631 2.2.1.2 (and see: Handbook of Applied Cryptography 4.81)
+         */
         do
         {
-            BigInteger h = createInRange(TWO, pMinusTwo, random);
+            BigInteger h = BigIntegers.createRandomInRange(TWO, pMinusTwo, random);
 
             g = h.modPow(TWO, p);
         }
         while (g.equals(ONE));
-*/
+
 
         return g;
     }
diff --git a/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
index aa8a4cc..be977d7 100644
--- a/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
+++ b/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
@@ -178,7 +178,7 @@
         int seedlen = N;
         byte[] seed = new byte[seedlen / 8];
 
-// 3. n = ⎡L ⁄ outlen⎤ – 1.
+// 3. n = ceiling(L ⁄ outlen) – 1.
         int n = (L - 1) / outlen;
 
 // 4. b = L – 1 – (n ∗ outlen).
@@ -288,7 +288,7 @@
 //        BigInteger e = p.subtract(ONE).divide(q);
 //        byte[] ggen = Hex.decode("6767656E");
 //
-//        // 7. U = domain_parameter_seed || “ggen” || index || count.
+//        // 7. U = domain_parameter_seed || "ggen" || index || count.
 //        byte[] U = new byte[seed.length + ggen.length + 1 + 2];
 //        System.arraycopy(seed, 0, U, 0, seed.length);
 //        System.arraycopy(ggen, 0, U, seed.length, ggen.length);
diff --git a/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java b/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java
new file mode 100644
index 0000000..d77bd74
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java
@@ -0,0 +1,53 @@
+package org.bouncycastle.crypto.generators;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECPoint;
+
+public class ECKeyPairGenerator
+    implements AsymmetricCipherKeyPairGenerator, ECConstants
+{
+    ECDomainParameters  params;
+    SecureRandom        random;
+
+    public void init(
+        KeyGenerationParameters param)
+    {
+        ECKeyGenerationParameters  ecP = (ECKeyGenerationParameters)param;
+
+        this.random = ecP.getRandom();
+        this.params = ecP.getDomainParameters();
+    }
+
+    /**
+     * Given the domain parameters this routine generates an EC key
+     * pair in accordance with X9.62 section 5.2.1 pages 26, 27.
+     */
+    public AsymmetricCipherKeyPair generateKeyPair()
+    {
+        BigInteger n = params.getN();
+        int        nBitLength = n.bitLength();
+        BigInteger d;
+
+        do
+        {
+            d = new BigInteger(nBitLength, random);
+        }
+        while (d.equals(ZERO)  || (d.compareTo(n) >= 0));
+
+        ECPoint Q = params.getG().multiply(d);
+
+        return new AsymmetricCipherKeyPair(
+            new ECPublicKeyParameters(Q, params),
+            new ECPrivateKeyParameters(d, params));
+    }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/macs/CMac.java b/src/main/java/org/bouncycastle/crypto/macs/CMac.java
deleted file mode 100644
index c5bc504..0000000
--- a/src/main/java/org/bouncycastle/crypto/macs/CMac.java
+++ /dev/null
@@ -1,237 +0,0 @@
-package org.bouncycastle.crypto.macs;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
-
-/**
- * CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
- * <p>
- * CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC
- * </p><p>
- * CMAC is a NIST recomendation - see 
- * csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
- * </p><p>
- * CMAC/OMAC1 is a blockcipher-based message authentication code designed and
- * analyzed by Tetsu Iwata and Kaoru Kurosawa.
- * </p><p>
- * CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message 
- * Authentication Code). OMAC stands for One-Key CBC MAC.
- * </p><p>
- * It supports 128- or 64-bits block ciphers, with any key size, and returns
- * a MAC with dimension less or equal to the block size of the underlying 
- * cipher.
- * </p>
- */
-public class CMac implements Mac
-{
-    private static final byte CONSTANT_128 = (byte)0x87;
-    private static final byte CONSTANT_64 = (byte)0x1b;
-
-    private byte[] ZEROES;
-
-    private byte[] mac;
-
-    private byte[] buf;
-    private int bufOff;
-    private BlockCipher cipher;
-
-    private int macSize;
-
-    private byte[] L, Lu, Lu2;
-
-    /**
-     * create a standard MAC based on a CBC block cipher (64 or 128 bit block).
-     * This will produce an authentication code the length of the block size
-     * of the cipher.
-     *
-     * @param cipher the cipher to be used as the basis of the MAC generation.
-     */
-    public CMac(BlockCipher cipher)
-    {
-        this(cipher, cipher.getBlockSize() * 8);
-    }
-
-    /**
-     * create a standard MAC based on a block cipher with the size of the
-     * MAC been given in bits.
-     * <p/>
-     * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
-     * or 16 bits if being used as a data authenticator (FIPS Publication 113),
-     * and in general should be less than the size of the block cipher as it reduces
-     * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
-     *
-     * @param cipher        the cipher to be used as the basis of the MAC generation.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and <= 128.
-     */
-    public CMac(BlockCipher cipher, int macSizeInBits)
-    {
-        if ((macSizeInBits % 8) != 0)
-        {
-            throw new IllegalArgumentException("MAC size must be multiple of 8");
-        }
-
-        if (macSizeInBits > (cipher.getBlockSize() * 8))
-        {
-            throw new IllegalArgumentException(
-                "MAC size must be less or equal to "
-                    + (cipher.getBlockSize() * 8));
-        }
-
-        if (cipher.getBlockSize() != 8 && cipher.getBlockSize() != 16)
-        {
-            throw new IllegalArgumentException(
-                "Block size must be either 64 or 128 bits");
-        }
-
-        this.cipher = new CBCBlockCipher(cipher);
-        this.macSize = macSizeInBits / 8;
-
-        mac = new byte[cipher.getBlockSize()];
-
-        buf = new byte[cipher.getBlockSize()];
-
-        ZEROES = new byte[cipher.getBlockSize()];
-
-        bufOff = 0;
-    }
-
-    public String getAlgorithmName()
-    {
-        return cipher.getAlgorithmName();
-    }
-
-    private byte[] doubleLu(byte[] in)
-    {
-        int FirstBit = (in[0] & 0xFF) >> 7;
-        byte[] ret = new byte[in.length];
-        for (int i = 0; i < in.length - 1; i++)
-        {
-            ret[i] = (byte)((in[i] << 1) + ((in[i + 1] & 0xFF) >> 7));
-        }
-        ret[in.length - 1] = (byte)(in[in.length - 1] << 1);
-        if (FirstBit == 1)
-        {
-            ret[in.length - 1] ^= in.length == 16 ? CONSTANT_128 : CONSTANT_64;
-        }
-        return ret;
-    }
-
-    public void init(CipherParameters params)
-    {
-        reset();
-
-        cipher.init(true, params);
-
-        //initializes the L, Lu, Lu2 numbers
-        L = new byte[ZEROES.length];
-        cipher.processBlock(ZEROES, 0, L, 0);
-        Lu = doubleLu(L);
-        Lu2 = doubleLu(Lu);
-
-        cipher.init(true, params);
-    }
-
-    public int getMacSize()
-    {
-        return macSize;
-    }
-
-    public void update(byte in)
-    {
-        if (bufOff == buf.length)
-        {
-            cipher.processBlock(buf, 0, mac, 0);
-            bufOff = 0;
-        }
-
-        buf[bufOff++] = in;
-    }
-
-    public void update(byte[] in, int inOff, int len)
-    {
-        if (len < 0)
-        {
-            throw new IllegalArgumentException(
-                "Can't have a negative input length!");
-        }
-
-        int blockSize = cipher.getBlockSize();
-        int gapLen = blockSize - bufOff;
-
-        if (len > gapLen)
-        {
-            System.arraycopy(in, inOff, buf, bufOff, gapLen);
-
-            cipher.processBlock(buf, 0, mac, 0);
-
-            bufOff = 0;
-            len -= gapLen;
-            inOff += gapLen;
-
-            while (len > blockSize)
-            {
-                cipher.processBlock(in, inOff, mac, 0);
-
-                len -= blockSize;
-                inOff += blockSize;
-            }
-        }
-
-        System.arraycopy(in, inOff, buf, bufOff, len);
-
-        bufOff += len;
-    }
-
-    public int doFinal(byte[] out, int outOff)
-    {
-        int blockSize = cipher.getBlockSize();
-
-        byte[] lu;
-        if (bufOff == blockSize)
-        {
-            lu = Lu;
-        }
-        else
-        {
-            new ISO7816d4Padding().addPadding(buf, bufOff);
-            lu = Lu2;
-        }
-
-        for (int i = 0; i < mac.length; i++)
-        {
-            buf[i] ^= lu[i];
-        }
-
-        cipher.processBlock(buf, 0, mac, 0);
-
-        System.arraycopy(mac, 0, out, outOff, macSize);
-
-        reset();
-
-        return macSize;
-    }
-
-    /**
-     * Reset the mac generator.
-     */
-    public void reset()
-    {
-        /*
-         * clean the buffer.
-         */
-        for (int i = 0; i < buf.length; i++)
-        {
-            buf[i] = 0;
-        }
-
-        bufOff = 0;
-
-        /*
-         * reset the underlying cipher.
-         */
-        cipher.reset();
-    }
-}
diff --git a/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java b/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
deleted file mode 100644
index 327026e..0000000
--- a/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
+++ /dev/null
@@ -1,304 +0,0 @@
-package org.bouncycastle.crypto.modes;
-
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.macs.CMac;
-import org.bouncycastle.crypto.params.AEADParameters;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.util.Arrays;
-
-/**
- * A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and 
- * Efficiency - by M. Bellare, P. Rogaway, D. Wagner.
- * 
- * http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf
- * 
- * EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block 
- * cipher to encrypt and authenticate data. It's on-line (the length of a 
- * message isn't needed to begin processing it), has good performances, it's
- * simple and provably secure (provided the underlying block cipher is secure).
- * 
- * Of course, this implementations is NOT thread-safe.
- */
-public class EAXBlockCipher
-    implements AEADBlockCipher
-{
-    private static final byte nTAG = 0x0;
-
-    private static final byte hTAG = 0x1;
-
-    private static final byte cTAG = 0x2;
-
-    private SICBlockCipher cipher;
-
-    private boolean forEncryption;
-
-    private int blockSize;
-
-    private Mac mac;
-
-    private byte[] nonceMac;
-    private byte[] associatedTextMac;
-    private byte[] macBlock;
-    
-    private int macSize;
-    private byte[] bufBlock;
-    private int bufOff;
-
-    /**
-     * Constructor that accepts an instance of a block cipher engine.
-     *
-     * @param cipher the engine to use
-     */
-    public EAXBlockCipher(BlockCipher cipher)
-    {
-        blockSize = cipher.getBlockSize();
-        mac = new CMac(cipher);
-        macBlock = new byte[blockSize];
-        bufBlock = new byte[blockSize * 2];
-        associatedTextMac = new byte[mac.getMacSize()];
-        nonceMac = new byte[mac.getMacSize()];
-        this.cipher = new SICBlockCipher(cipher);
-    }
-
-    public String getAlgorithmName()
-    {
-        return cipher.getUnderlyingCipher().getAlgorithmName() + "/EAX";
-    }
-
-    public BlockCipher getUnderlyingCipher()
-    {
-        return cipher.getUnderlyingCipher();
-    }
-
-    public int getBlockSize()
-    {
-        return cipher.getBlockSize();
-    }
-
-    public void init(boolean forEncryption, CipherParameters params)
-        throws IllegalArgumentException
-    {
-        this.forEncryption = forEncryption;
-
-        byte[] nonce, associatedText;
-        CipherParameters keyParam;
-
-        if (params instanceof AEADParameters)
-        {
-            AEADParameters param = (AEADParameters)params;
-
-            nonce = param.getNonce();
-            associatedText = param.getAssociatedText();
-            macSize = param.getMacSize() / 8;
-            keyParam = param.getKey();
-        }
-        else if (params instanceof ParametersWithIV)
-        {
-            ParametersWithIV param = (ParametersWithIV)params;
-
-            nonce = param.getIV();
-            associatedText = new byte[0];
-            macSize = mac.getMacSize() / 2;
-            keyParam = param.getParameters();
-        }
-        else
-        {
-            throw new IllegalArgumentException("invalid parameters passed to EAX");
-        }
-
-        byte[] tag = new byte[blockSize];
-
-        mac.init(keyParam);
-        tag[blockSize - 1] = hTAG;
-        mac.update(tag, 0, blockSize);
-        mac.update(associatedText, 0, associatedText.length);
-        mac.doFinal(associatedTextMac, 0);
-
-        tag[blockSize - 1] = nTAG;
-        mac.update(tag, 0, blockSize);
-        mac.update(nonce, 0, nonce.length);
-        mac.doFinal(nonceMac, 0);
-
-        tag[blockSize - 1] = cTAG;
-        mac.update(tag, 0, blockSize);
-
-        cipher.init(true, new ParametersWithIV(keyParam, nonceMac));
-    }
-
-    private void calculateMac()
-    {
-        byte[] outC = new byte[blockSize];
-        mac.doFinal(outC, 0);
-
-        for (int i = 0; i < macBlock.length; i++)
-        {
-            macBlock[i] = (byte)(nonceMac[i] ^ associatedTextMac[i] ^ outC[i]);
-        }
-    }
-
-    public void reset()
-    {
-        reset(true);
-    }
-
-    private void reset(
-        boolean clearMac)
-    {
-        cipher.reset();
-        mac.reset();
-
-        bufOff = 0;
-        Arrays.fill(bufBlock, (byte)0);
-
-        if (clearMac)
-        {
-            Arrays.fill(macBlock, (byte)0);
-        }
-
-        byte[] tag = new byte[blockSize];
-        tag[blockSize - 1] = cTAG;
-        mac.update(tag, 0, blockSize);
-    }
-
-    public int processByte(byte in, byte[] out, int outOff)
-        throws DataLengthException
-    {
-        return process(in, out, outOff);
-    }
-
-    public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
-        throws DataLengthException
-    {
-        int resultLen = 0;
-
-        for (int i = 0; i != len; i++)
-        {
-            resultLen += process(in[inOff + i], out, outOff + resultLen);
-        }
-
-        return resultLen;
-    }
-
-    public int doFinal(byte[] out, int outOff)
-        throws IllegalStateException, InvalidCipherTextException
-    {
-        int extra = bufOff;
-        byte[] tmp = new byte[bufBlock.length];
-
-        bufOff = 0;
-
-        if (forEncryption)
-        {
-            cipher.processBlock(bufBlock, 0, tmp, 0);
-            cipher.processBlock(bufBlock, blockSize, tmp, blockSize);
-
-            System.arraycopy(tmp, 0, out, outOff, extra);
-
-            mac.update(tmp, 0, extra);
-
-            calculateMac();
-
-            System.arraycopy(macBlock, 0, out, outOff + extra, macSize);
-
-            reset(false);
-
-            return extra + macSize;
-        }
-        else
-        {
-            if (extra > macSize)
-            {
-                mac.update(bufBlock, 0, extra - macSize);
-
-                cipher.processBlock(bufBlock, 0, tmp, 0);
-                cipher.processBlock(bufBlock, blockSize, tmp, blockSize);
-
-                System.arraycopy(tmp, 0, out, outOff, extra - macSize);
-            }
-
-            calculateMac();
-
-            if (!verifyMac(bufBlock, extra - macSize))
-            {
-                throw new InvalidCipherTextException("mac check in EAX failed");
-            }
-
-            reset(false);
-
-            return extra - macSize;
-        }
-    }
-
-    public byte[] getMac()
-    {
-        byte[] mac = new byte[macSize];
-
-        System.arraycopy(macBlock, 0, mac, 0, macSize);
-
-        return mac;
-    }
-
-    public int getUpdateOutputSize(int len)
-    {
-        return ((len + bufOff) / blockSize) * blockSize;
-    }
-
-    public int getOutputSize(int len)
-    {
-        if (forEncryption)
-        {
-             return len + bufOff + macSize;
-        }
-        else
-        {
-             return len + bufOff - macSize;
-        }
-    }
-
-    private int process(byte b, byte[] out, int outOff)
-    {
-        bufBlock[bufOff++] = b;
-
-        if (bufOff == bufBlock.length)
-        {
-            int size;
-
-            if (forEncryption)
-            {
-                size = cipher.processBlock(bufBlock, 0, out, outOff);
-
-                mac.update(out, outOff, blockSize);
-            }
-            else
-            {
-                mac.update(bufBlock, 0, blockSize);
-
-                size = cipher.processBlock(bufBlock, 0, out, outOff);
-            }
-
-            bufOff = blockSize;
-            System.arraycopy(bufBlock, blockSize, bufBlock, 0, blockSize);
-
-            return size;
-        }
-
-        return 0;
-    }
-
-    private boolean verifyMac(byte[] mac, int off)
-    {
-        for (int i = 0; i < macSize; i++)
-        {
-            if (macBlock[i] != mac[off + i])
-            {
-                return false;
-            }
-        }
-
-        return true;
-    }
-}
diff --git a/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java b/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
index e866b34..e1949dc 100644
--- a/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
+++ b/src/main/java/org/bouncycastle/crypto/modes/gcm/GCMUtil.java
@@ -1,9 +1,24 @@
 package org.bouncycastle.crypto.modes.gcm;
 
 import org.bouncycastle.crypto.util.Pack;
+import org.bouncycastle.util.Arrays;
 
 abstract class GCMUtil
 {
+    static byte[] oneAsBytes()
+    {
+        byte[] tmp = new byte[16];
+        tmp[0] = (byte)0x80;
+        return tmp;
+    }
+
+    static int[] oneAsInts()
+    {
+        int[] tmp = new int[4];
+        tmp[0] = 0x80000000;
+        return tmp;
+    }
+
     static int[] asInts(byte[] bs)
     {
         int[] us = new int[4];
@@ -14,6 +29,35 @@
         return us;
     }
 
+    static void multiply(byte[] block, byte[] val)
+    {
+        byte[] tmp = Arrays.clone(block);
+        byte[] c = new byte[16];
+
+        for (int i = 0; i < 16; ++i)
+        {
+            byte bits = val[i];
+            for (int j = 7; j >= 0; --j)
+            {
+                if ((bits & (1 << j)) != 0)
+                {
+                    xor(c, tmp);
+                }
+
+                boolean lsb = (tmp[15] & 1) != 0;
+                shiftRight(tmp);
+                if (lsb)
+                {
+                    // R = new byte[]{ 0xe1, ... };
+//                    GCMUtil.xor(v, R);
+                    tmp[0] ^= (byte)0xe1;
+                }
+            }
+        }
+
+        System.arraycopy(c, 0, block, 0, 16);
+    }
+
     // P is the value with only bit i=1 set
     static void multiplyP(int[] x)
     {
diff --git a/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java b/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java
new file mode 100644
index 0000000..95a3ec9
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/params/ECDomainParameters.java
@@ -0,0 +1,81 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+public class ECDomainParameters
+    implements ECConstants
+{
+    ECCurve     curve;
+    byte[]      seed;
+    ECPoint     G;
+    BigInteger  n;
+    BigInteger  h;
+
+    public ECDomainParameters(
+        ECCurve     curve,
+        ECPoint     G,
+        BigInteger  n)
+    {
+        this.curve = curve;
+        this.G = G;
+        this.n = n;
+        this.h = ONE;
+        this.seed = null;
+    }
+
+    public ECDomainParameters(
+        ECCurve     curve,
+        ECPoint     G,
+        BigInteger  n,
+        BigInteger  h)
+    {
+        this.curve = curve;
+        this.G = G;
+        this.n = n;
+        this.h = h;
+        this.seed = null;
+    }
+
+    public ECDomainParameters(
+        ECCurve     curve,
+        ECPoint     G,
+        BigInteger  n,
+        BigInteger  h,
+        byte[]      seed)
+    {
+        this.curve = curve;
+        this.G = G;
+        this.n = n;
+        this.h = h;
+        this.seed = seed;
+    }
+
+    public ECCurve getCurve()
+    {
+        return curve;
+    }
+
+    public ECPoint getG()
+    {
+        return G;
+    }
+
+    public BigInteger getN()
+    {
+        return n;
+    }
+
+    public BigInteger getH()
+    {
+        return h;
+    }
+
+    public byte[] getSeed()
+    {
+        return seed;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/params/ECKeyGenerationParameters.java b/src/main/java/org/bouncycastle/crypto/params/ECKeyGenerationParameters.java
new file mode 100644
index 0000000..be3f20f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/params/ECKeyGenerationParameters.java
@@ -0,0 +1,25 @@
+package org.bouncycastle.crypto.params;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.KeyGenerationParameters;
+
+public class ECKeyGenerationParameters
+    extends KeyGenerationParameters
+{
+    private ECDomainParameters  domainParams;
+
+    public ECKeyGenerationParameters(
+        ECDomainParameters      domainParams,
+        SecureRandom            random)
+    {
+        super(random, domainParams.getN().bitLength());
+
+        this.domainParams = domainParams;
+    }
+
+    public ECDomainParameters getDomainParameters()
+    {
+        return domainParams;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/params/ECKeyParameters.java b/src/main/java/org/bouncycastle/crypto/params/ECKeyParameters.java
new file mode 100644
index 0000000..19825c5
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/params/ECKeyParameters.java
@@ -0,0 +1,21 @@
+package org.bouncycastle.crypto.params;
+
+public class ECKeyParameters
+    extends AsymmetricKeyParameter
+{
+    ECDomainParameters params;
+
+    protected ECKeyParameters(
+        boolean             isPrivate,
+        ECDomainParameters  params)
+    {
+        super(isPrivate);
+
+        this.params = params;
+    }
+
+    public ECDomainParameters getParameters()
+    {
+        return params;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/params/ECPrivateKeyParameters.java b/src/main/java/org/bouncycastle/crypto/params/ECPrivateKeyParameters.java
new file mode 100644
index 0000000..3e49983
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/params/ECPrivateKeyParameters.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.crypto.params;
+
+import java.math.BigInteger;
+
+public class ECPrivateKeyParameters
+    extends ECKeyParameters
+{
+    BigInteger d;
+
+    public ECPrivateKeyParameters(
+        BigInteger          d,
+        ECDomainParameters  params)
+    {
+        super(true, params);
+        this.d = d;
+    }
+
+    public BigInteger getD()
+    {
+        return d;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/params/ECPublicKeyParameters.java b/src/main/java/org/bouncycastle/crypto/params/ECPublicKeyParameters.java
new file mode 100644
index 0000000..5fbea19
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/params/ECPublicKeyParameters.java
@@ -0,0 +1,22 @@
+package org.bouncycastle.crypto.params;
+
+import org.bouncycastle.math.ec.ECPoint;
+
+public class ECPublicKeyParameters
+    extends ECKeyParameters
+{
+    ECPoint Q;
+
+    public ECPublicKeyParameters(
+        ECPoint             Q,
+        ECDomainParameters  params)
+    {
+        super(false, params);
+        this.Q = Q;
+    }
+
+    public ECPoint getQ()
+    {
+        return Q;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
new file mode 100644
index 0000000..99217b0
--- /dev/null
+++ b/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
@@ -0,0 +1,164 @@
+package org.bouncycastle.crypto.signers;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DSA;
+import org.bouncycastle.crypto.params.ECKeyParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.math.ec.ECAlgorithms;
+import org.bouncycastle.math.ec.ECConstants;
+import org.bouncycastle.math.ec.ECPoint;
+
+/**
+ * EC-DSA as described in X9.62
+ */
+public class ECDSASigner
+    implements ECConstants, DSA
+{
+    ECKeyParameters key;
+
+    SecureRandom    random;
+
+    public void init(
+        boolean                 forSigning,
+        CipherParameters        param)
+    {
+        if (forSigning)
+        {
+            if (param instanceof ParametersWithRandom)
+            {
+                ParametersWithRandom    rParam = (ParametersWithRandom)param;
+
+                this.random = rParam.getRandom();
+                this.key = (ECPrivateKeyParameters)rParam.getParameters();
+            }
+            else
+            {
+                this.random = new SecureRandom();
+                this.key = (ECPrivateKeyParameters)param;
+            }
+        }
+        else
+        {
+            this.key = (ECPublicKeyParameters)param;
+        }
+    }
+
+    // 5.3 pg 28
+    /**
+     * generate a signature for the given message using the key we were
+     * initialised with. For conventional DSA the message should be a SHA-1
+     * hash of the message of interest.
+     *
+     * @param message the message that will be verified later.
+     */
+    public BigInteger[] generateSignature(
+        byte[] message)
+    {
+        BigInteger n = key.getParameters().getN();
+        BigInteger e = calculateE(n, message);
+        BigInteger r = null;
+        BigInteger s = null;
+
+        // 5.3.2
+        do // generate s
+        {
+            BigInteger k = null;
+            int        nBitLength = n.bitLength();
+
+            do // generate r
+            {
+                do
+                {
+                    k = new BigInteger(nBitLength, random);
+                }
+                while (k.equals(ZERO) || k.compareTo(n) >= 0);
+
+                ECPoint p = key.getParameters().getG().multiply(k);
+
+                // 5.3.3
+                BigInteger x = p.getX().toBigInteger();
+
+                r = x.mod(n);
+            }
+            while (r.equals(ZERO));
+
+            BigInteger d = ((ECPrivateKeyParameters)key).getD();
+
+            s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n);
+        }
+        while (s.equals(ZERO));
+
+        BigInteger[]  res = new BigInteger[2];
+
+        res[0] = r;
+        res[1] = s;
+
+        return res;
+    }
+
+    // 5.4 pg 29
+    /**
+     * return true if the value r and s represent a DSA signature for
+     * the passed in message (for standard DSA the message should be
+     * a SHA-1 hash of the real message to be verified).
+     */
+    public boolean verifySignature(
+        byte[]      message,
+        BigInteger  r,
+        BigInteger  s)
+    {
+        BigInteger n = key.getParameters().getN();
+        BigInteger e = calculateE(n, message);
+
+        // r in the range [1,n-1]
+        if (r.compareTo(ONE) < 0 || r.compareTo(n) >= 0)
+        {
+            return false;
+        }
+
+        // s in the range [1,n-1]
+        if (s.compareTo(ONE) < 0 || s.compareTo(n) >= 0)
+        {
+            return false;
+        }
+
+        BigInteger c = s.modInverse(n);
+
+        BigInteger u1 = e.multiply(c).mod(n);
+        BigInteger u2 = r.multiply(c).mod(n);
+
+        ECPoint G = key.getParameters().getG();
+        ECPoint Q = ((ECPublicKeyParameters)key).getQ();
+
+        ECPoint point = ECAlgorithms.sumOfTwoMultiplies(G, u1, Q, u2);
+
+        BigInteger v = point.getX().toBigInteger().mod(n);
+
+        return v.equals(r);
+    }
+
+    private BigInteger calculateE(BigInteger n, byte[] message)
+    {  
+        if (n.bitLength() > message.length * 8)
+        {
+            return new BigInteger(1, message);
+        }
+        else
+        {
+            int messageBitLength = message.length * 8;
+            BigInteger trunc = new BigInteger(1, message);
+
+            if (messageBitLength - n.bitLength() > 0)
+            {
+                trunc = trunc.shiftRight(messageBitLength - n.bitLength());
+            }
+
+            return trunc;
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/crypto/util/Pack.java b/src/main/java/org/bouncycastle/crypto/util/Pack.java
index 12b5999..cdea3af 100644
--- a/src/main/java/org/bouncycastle/crypto/util/Pack.java
+++ b/src/main/java/org/bouncycastle/crypto/util/Pack.java
@@ -31,4 +31,34 @@
         intToBigEndian((int)(n >>> 32), bs, off);
         intToBigEndian((int)(n & 0xffffffffL), bs, off + 4);
     }
+
+    public static int littleEndianToInt(byte[] bs, int off)
+    {
+        int n = bs[  off];
+        n |= (bs[++off] & 0xff) << 8;
+        n |= (bs[++off] & 0xff) << 16;
+        n |= (bs[++off] & 0xff) << 24;
+        return n;
+    }
+
+    public static void intToLittleEndian(int n, byte[] bs, int off)
+    {
+        bs[  off] = (byte)(n       );
+        bs[++off] = (byte)(n >>>  8);
+        bs[++off] = (byte)(n >>> 16);
+        bs[++off] = (byte)(n >>> 24);
+    }
+
+    public static long littleEndianToLong(byte[] bs, int off)
+    {
+        int lo = littleEndianToInt(bs, off);
+        int hi = littleEndianToInt(bs, off + 4);
+        return ((long)(hi & 0xffffffffL) << 32) | (long)(lo & 0xffffffffL);
+    }
+
+    public static void longToLittleEndian(long n, byte[] bs, int off)
+    {
+        intToLittleEndian((int)(n & 0xffffffffL), bs, off);
+        intToLittleEndian((int)(n >>> 32), bs, off + 4);
+    }
 }
diff --git a/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java b/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
index 8f78e08..a352884 100644
--- a/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
+++ b/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
@@ -1,5 +1,9 @@
 package org.bouncycastle.crypto.util;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Sequence;
@@ -7,8 +11,8 @@
 import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DERObject;
 import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
 // BEGIN android-removed
-// import org.bouncycastle.asn1.nist.NISTNamedCurves;
 // import org.bouncycastle.asn1.oiw.ElGamalParameter;
 // END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -16,36 +20,30 @@
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
+import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
 // BEGIN android-removed
-// import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
-// import org.bouncycastle.asn1.sec.SECNamedCurves;
 // import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
 // END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DSAParameter;
-// BEGIN android-removed
-// import org.bouncycastle.asn1.x9.X962NamedCurves;
-// import org.bouncycastle.asn1.x9.X962Parameters;
-// import org.bouncycastle.asn1.x9.X9ECParameters;
-// import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-// END android-removed
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.DHParameters;
 import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 // BEGIN android-removed
-// import org.bouncycastle.crypto.params.ECDomainParameters;
-// import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 // import org.bouncycastle.crypto.params.ElGamalParameters;
 // import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
 // END android-removed
 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-
 /**
  * Factory for creating private key objects from PKCS8 PrivateKeyInfo objects.
  */
@@ -58,29 +56,22 @@
      * @return a suitable private key parameter
      * @throws IOException on an error decoding the key
      */
-    public static AsymmetricKeyParameter createKey(
-        byte[] privateKeyInfoData)
-        throws IOException
+    public static AsymmetricKeyParameter createKey(byte[] privateKeyInfoData) throws IOException
     {
-        return createKey(
-            PrivateKeyInfo.getInstance(
-                ASN1Object.fromByteArray(privateKeyInfoData)));
+        return createKey(PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(privateKeyInfoData)));
     }
 
     /**
-     * Create a private key parameter from a PKCS8 PrivateKeyInfo encoding read from a stream.
+     * Create a private key parameter from a PKCS8 PrivateKeyInfo encoding read from a
+     * stream.
      * 
      * @param inStr the stream to read the PrivateKeyInfo encoding from
      * @return a suitable private key parameter
      * @throws IOException on an error decoding the key
      */
-    public static AsymmetricKeyParameter createKey(
-        InputStream inStr)
-        throws IOException
+    public static AsymmetricKeyParameter createKey(InputStream inStr) throws IOException
     {
-        return createKey(
-            PrivateKeyInfo.getInstance(
-                new ASN1InputStream(inStr).readObject()));
+        return createKey(PrivateKeyInfo.getInstance(new ASN1InputStream(inStr).readObject()));
     }
 
     /**
@@ -90,30 +81,27 @@
      * @return a suitable private key parameter
      * @throws IOException on an error decoding the key
      */
-    public static AsymmetricKeyParameter createKey(
-        PrivateKeyInfo    keyInfo)
-        throws IOException
+    public static AsymmetricKeyParameter createKey(PrivateKeyInfo keyInfo) throws IOException
     {
-        AlgorithmIdentifier     algId = keyInfo.getAlgorithmId();
-        
-        if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption))
-        {
-            RSAPrivateKeyStructure  keyStructure = new RSAPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey());
+        AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
 
-            return new RSAPrivateCrtKeyParameters(
-                                        keyStructure.getModulus(),
-                                        keyStructure.getPublicExponent(),
-                                        keyStructure.getPrivateExponent(),
-                                        keyStructure.getPrime1(),
-                                        keyStructure.getPrime2(),
-                                        keyStructure.getExponent1(),
-                                        keyStructure.getExponent2(),
-                                        keyStructure.getCoefficient());
+        if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption))
+        {
+            RSAPrivateKeyStructure keyStructure = new RSAPrivateKeyStructure(
+                (ASN1Sequence)keyInfo.getPrivateKey());
+
+            return new RSAPrivateCrtKeyParameters(keyStructure.getModulus(),
+                keyStructure.getPublicExponent(), keyStructure.getPrivateExponent(),
+                keyStructure.getPrime1(), keyStructure.getPrime2(), keyStructure.getExponent1(),
+                keyStructure.getExponent2(), keyStructure.getCoefficient());
         }
+        // TODO?
+//      else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
         else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement))
         {
-            DHParameter     params = new DHParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-            DERInteger      derX = (DERInteger)keyInfo.getPrivateKey();
+            DHParameter params = new DHParameter(
+                (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
+            DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
 
             BigInteger lVal = params.getL();
             int l = lVal == null ? 0 : lVal.intValue();
@@ -124,74 +112,71 @@
         // BEGIN android-removed
         // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
         // {
-        //     ElGamalParameter    params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-        //     DERInteger          derX = (DERInteger)keyInfo.getPrivateKey();
-        //
-        //     return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(params.getP(), params.getG()));
-        // }
-        // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
-        // {
+        //     ElGamalParameter params = new ElGamalParameter(
+        //         (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
         //     DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
-        //     DEREncodable de = keyInfo.getAlgorithmId().getParameters();
         //
-        //     DSAParameters parameters = null;
-        //     if (de != null)
-        //     {
-        //         DSAParameter params = DSAParameter.getInstance(de.getDERObject());
-        //         parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
-        //     }
-        //
-        //     return new DSAPrivateKeyParameters(derX.getValue(), parameters);
-        // }
-        // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
-        // {
-        //     X962Parameters      params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
-        //     ECDomainParameters  dParams = null;
-        //
-        //     if (params.isNamedCurve())
-        //     {
-        //         DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-        //         X9ECParameters      ecP = X962NamedCurves.getByOID(oid);
-        //
-        //         if (ecP == null)
-        //         {
-        //             ecP = SECNamedCurves.getByOID(oid);
-        //
-        //             if (ecP == null)
-        //             {
-        //                 ecP = NISTNamedCurves.getByOID(oid);
-        //
-        //                 if (ecP == null)
-        //                 {
-        //                     ecP = TeleTrusTNamedCurves.getByOID(oid);
-        //                 }
-        //             }
-        //         }
-        //
-        //         dParams = new ECDomainParameters(
-        //                                     ecP.getCurve(),
-        //                                     ecP.getG(),
-        //                                     ecP.getN(),
-        //                                     ecP.getH(),
-        //                                     ecP.getSeed());
-        //     }
-        //     else
-        //     {
-        //         X9ECParameters ecP = new X9ECParameters(
-        //                     (ASN1Sequence)params.getParameters());
-        //         dParams = new ECDomainParameters(
-        //                                     ecP.getCurve(),
-        //                                     ecP.getG(),
-        //                                     ecP.getN(),
-        //                                     ecP.getH(),
-        //                                     ecP.getSeed());
-        //     }
-        //
-        //     ECPrivateKeyStructure   ec = new ECPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey());
-        //
-        //     return new ECPrivateKeyParameters(ec.getKey(), dParams);
+        //     return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
+        //         params.getP(), params.getG()));
         // }
         // END android-removed
+        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
+        {
+            DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
+            DEREncodable de = keyInfo.getAlgorithmId().getParameters();
+
+            DSAParameters parameters = null;
+            if (de != null)
+            {
+                DSAParameter params = DSAParameter.getInstance(de.getDERObject());
+                parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
+            }
+
+            return new DSAPrivateKeyParameters(derX.getValue(), parameters);
+        }
+        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
+        {
+            X962Parameters params = new X962Parameters(
+                (DERObject)keyInfo.getAlgorithmId().getParameters());
+            ECDomainParameters dParams = null;
+
+            if (params.isNamedCurve())
+            {
+                DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+                X9ECParameters ecP = X962NamedCurves.getByOID(oid);
+
+                if (ecP == null)
+                {
+                    ecP = SECNamedCurves.getByOID(oid);
+
+                    if (ecP == null)
+                    {
+                        ecP = NISTNamedCurves.getByOID(oid);
+
+                        // BEGIN android-removed
+                        // if (ecP == null)
+                        // {
+                        //     ecP = TeleTrusTNamedCurves.getByOID(oid);
+                        // }
+                        // END android-removed
+                    }
+                }
+
+                dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
+                    ecP.getH(), ecP.getSeed());
+            }
+            else
+            {
+                X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
+                dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
+                    ecP.getH(), ecP.getSeed());
+            }
+
+            ECPrivateKeyStructure ec = new ECPrivateKeyStructure(
+                (ASN1Sequence)keyInfo.getPrivateKey());
+
+            return new ECPrivateKeyParameters(ec.getKey(), dParams);
+        }
         else
         {
             throw new RuntimeException("algorithm identifier in key not recognised");
diff --git a/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java b/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
index c0672b5..5e93a36 100644
--- a/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
+++ b/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
@@ -1,5 +1,9 @@
 package org.bouncycastle.crypto.util;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1OctetString;
@@ -10,15 +14,15 @@
 import org.bouncycastle.asn1.DERObject;
 import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
 // BEGIN android-removed
-// import org.bouncycastle.asn1.nist.NISTNamedCurves;
 // import org.bouncycastle.asn1.oiw.ElGamalParameter;
 // END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
 // BEGIN android-removed
-// import org.bouncycastle.asn1.sec.SECNamedCurves;
 // import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
 // END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -26,33 +30,31 @@
 import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
-// BEGIN android-removed
-// import org.bouncycastle.asn1.x9.X962NamedCurves;
-// import org.bouncycastle.asn1.x9.X962Parameters;
-// import org.bouncycastle.asn1.x9.X9ECParameters;
-// import org.bouncycastle.asn1.x9.X9ECPoint;
-// END android-removed
+import org.bouncycastle.asn1.x9.DHDomainParameters;
+import org.bouncycastle.asn1.x9.DHPublicKey;
+import org.bouncycastle.asn1.x9.DHValidationParms;
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ECPoint;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.DHParameters;
 import org.bouncycastle.crypto.params.DHPublicKeyParameters;
+import org.bouncycastle.crypto.params.DHValidationParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 // BEGIN android-removed
-// import org.bouncycastle.crypto.params.ECDomainParameters;
-// import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 // import org.bouncycastle.crypto.params.ElGamalParameters;
 // import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
 // END android-removed
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-
 /**
- * Factory to create asymmetric public key parameters for asymmetric ciphers
- * from range of ASN.1 encoded SubjectPublicKeyInfo objects.
+ * Factory to create asymmetric public key parameters for asymmetric ciphers from range of
+ * ASN.1 encoded SubjectPublicKeyInfo objects.
  */
 public class PublicKeyFactory
 {
@@ -63,13 +65,9 @@
      * @return the appropriate key parameter
      * @throws IOException on an error decoding the key
      */
-    public static AsymmetricKeyParameter createKey(
-        byte[] keyInfoData)
-        throws IOException
+    public static AsymmetricKeyParameter createKey(byte[] keyInfoData) throws IOException
     {
-        return createKey(
-            SubjectPublicKeyInfo.getInstance(
-                ASN1Object.fromByteArray(keyInfoData)));
+        return createKey(SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(keyInfoData)));
     }
 
     /**
@@ -79,13 +77,9 @@
      * @return the appropriate key parameter
      * @throws IOException on an error decoding the key
      */
-    public static AsymmetricKeyParameter createKey(
-        InputStream inStr)
-        throws IOException
+    public static AsymmetricKeyParameter createKey(InputStream inStr) throws IOException
     {
-        return createKey(
-            SubjectPublicKeyInfo.getInstance(
-                new ASN1InputStream(inStr).readObject()));
+        return createKey(SubjectPublicKeyInfo.getInstance(new ASN1InputStream(inStr).readObject()));
     }
 
     /**
@@ -95,25 +89,56 @@
      * @return the appropriate key parameter
      * @throws IOException on an error decoding the key
      */
-    public static AsymmetricKeyParameter createKey(
-        SubjectPublicKeyInfo    keyInfo)
-        throws IOException
+    public static AsymmetricKeyParameter createKey(SubjectPublicKeyInfo keyInfo) throws IOException
     {
-        AlgorithmIdentifier     algId = keyInfo.getAlgorithmId();
-        
+        AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
+
         if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption)
             || algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa))
         {
-            RSAPublicKeyStructure   pubKey = new RSAPublicKeyStructure((ASN1Sequence)keyInfo.getPublicKey());
+            RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure(
+                (ASN1Sequence)keyInfo.getPublicKey());
 
             return new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent());
         }
-        else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)
-                 || algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
+        else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
         {
-            DHParameter params = new DHParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-            DERInteger  derY = (DERInteger)keyInfo.getPublicKey();
-            
+            DHPublicKey dhPublicKey = DHPublicKey.getInstance(keyInfo.getPublicKey());
+
+            BigInteger y = dhPublicKey.getY().getValue();
+
+            DHDomainParameters dhParams = DHDomainParameters.getInstance(keyInfo.getAlgorithmId().getParameters());
+
+            BigInteger p = dhParams.getP().getValue();
+            BigInteger g = dhParams.getG().getValue();
+            BigInteger q = dhParams.getQ().getValue();
+
+            BigInteger j = null;
+            if (dhParams.getJ() != null)
+            {
+                j = dhParams.getJ().getValue();
+            }
+
+            DHValidationParameters validation = null;
+            DHValidationParms dhValidationParms = dhParams.getValidationParms();
+            if (dhValidationParms != null)
+            {
+                byte[] seed = dhValidationParms.getSeed().getBytes();
+                BigInteger pgenCounter = dhValidationParms.getPgenCounter().getValue();
+
+                // TODO Check pgenCounter size?
+
+                validation = new DHValidationParameters(seed, pgenCounter.intValue());
+            }
+
+            return new DHPublicKeyParameters(y, new DHParameters(p, g, q, j, validation));
+        }
+        else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement))
+        {
+            DHParameter params = new DHParameter(
+                (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
+            DERInteger derY = (DERInteger)keyInfo.getPublicKey();
+
             BigInteger lVal = params.getL();
             int l = lVal == null ? 0 : lVal.intValue();
             DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
@@ -123,14 +148,16 @@
         // BEGIN android-removed
         // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
         // {
-        //     ElGamalParameter    params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-        //     DERInteger          derY = (DERInteger)keyInfo.getPublicKey();
+        //     ElGamalParameter params = new ElGamalParameter(
+        //         (ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
+        //     DERInteger derY = (DERInteger)keyInfo.getPublicKey();
         //
-        //     return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(params.getP(), params.getG()));
+        //     return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
+        //         params.getP(), params.getG()));
         // }
         // END android-removed
         else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)
-                 || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1))
+            || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1))
         {
             DERInteger derY = (DERInteger)keyInfo.getPublicKey();
             DEREncodable de = keyInfo.getAlgorithmId().getParameters();
@@ -144,60 +171,52 @@
 
             return new DSAPublicKeyParameters(derY.getValue(), parameters);
         }
-        // BEGIN android-removed
-        // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
-        // {
-        //     X962Parameters      params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
-        //     ECDomainParameters  dParams = null;
-        //
-        //     if (params.isNamedCurve())
-        //     {
-        //         DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
-        //         X9ECParameters      ecP = X962NamedCurves.getByOID(oid);
-        //
-        //         if (ecP == null)
-        //         {
-        //             ecP = SECNamedCurves.getByOID(oid);
-        //
-        //             if (ecP == null)
-        //             {
-        //                 ecP = NISTNamedCurves.getByOID(oid);
-        //
-        //                 if (ecP == null)
-        //                 {
-        //                     ecP = TeleTrusTNamedCurves.getByOID(oid);
-        //                 }
-        //             }
-        //         }
-        //
-        //         dParams = new ECDomainParameters(
-        //                                     ecP.getCurve(),
-        //                                     ecP.getG(),
-        //                                     ecP.getN(),
-        //                                     ecP.getH(),
-        //                                     ecP.getSeed());
-        //     }
-        //     else
-        //     {
-        //         X9ECParameters ecP = new X9ECParameters(
-        //                     (ASN1Sequence)params.getParameters());
-        //         dParams = new ECDomainParameters(
-        //                                     ecP.getCurve(),
-        //                                     ecP.getG(),
-        //                                     ecP.getN(),
-        //                                     ecP.getH(),
-        //                                     ecP.getSeed());
-        //     }
-        //
-        //     DERBitString    bits = keyInfo.getPublicKeyData();
-        //     byte[]          data = bits.getBytes();
-        //     ASN1OctetString key = new DEROctetString(data);
-        //
-        //     X9ECPoint       derQ = new X9ECPoint(dParams.getCurve(), key);
-        //
-        //     return new ECPublicKeyParameters(derQ.getPoint(), dParams);
-        // }
-        // END android-removed
+        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
+        {
+            X962Parameters params = new X962Parameters(
+                (DERObject)keyInfo.getAlgorithmId().getParameters());
+            ECDomainParameters dParams = null;
+
+            if (params.isNamedCurve())
+            {
+                DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+                X9ECParameters ecP = X962NamedCurves.getByOID(oid);
+
+                if (ecP == null)
+                {
+                    ecP = SECNamedCurves.getByOID(oid);
+
+                    if (ecP == null)
+                    {
+                        ecP = NISTNamedCurves.getByOID(oid);
+
+                        // BEGIN android-removed
+                        // if (ecP == null)
+                        // {
+                        //     ecP = TeleTrusTNamedCurves.getByOID(oid);
+                        // }
+                        // END android-removed
+                    }
+                }
+
+                dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
+                    ecP.getH(), ecP.getSeed());
+            }
+            else
+            {
+                X9ECParameters ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
+                dParams = new ECDomainParameters(ecP.getCurve(), ecP.getG(), ecP.getN(),
+                    ecP.getH(), ecP.getSeed());
+            }
+
+            DERBitString bits = keyInfo.getPublicKeyData();
+            byte[] data = bits.getBytes();
+            ASN1OctetString key = new DEROctetString(data);
+
+            X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key);
+
+            return new ECPublicKeyParameters(derQ.getPoint(), dParams);
+        }
         else
         {
             throw new RuntimeException("algorithm identifier in key not recognised");
diff --git a/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java b/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java
new file mode 100644
index 0000000..5c0fe7d
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java
@@ -0,0 +1,125 @@
+package org.bouncycastle.jce;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+
+import java.util.Enumeration;
+import java.util.Vector;
+
+/**
+ * a table of locally supported named curves.
+ */
+public class ECNamedCurveTable
+{
+    /**
+     * return a parameter spec representing the passed in named
+     * curve. The routine returns null if the curve is not present.
+     * 
+     * @param name the name of the curve requested
+     * @return a parameter spec for the curve, null if it is not available.
+     */
+    public static ECNamedCurveParameterSpec getParameterSpec(
+        String  name)
+    {
+        X9ECParameters  ecP = X962NamedCurves.getByName(name);
+        if (ecP == null)
+        {
+            try
+            {
+                ecP = X962NamedCurves.getByOID(new DERObjectIdentifier(name));
+            }
+            catch (IllegalArgumentException e)
+            {
+                // ignore - not an oid
+            }
+        }
+        
+        if (ecP == null)
+        {
+            ecP = SECNamedCurves.getByName(name);
+            if (ecP == null)
+            {
+                try
+                {
+                    ecP = SECNamedCurves.getByOID(new DERObjectIdentifier(name));
+                }
+                catch (IllegalArgumentException e)
+                {
+                    // ignore - not an oid
+                }
+            }
+        }
+
+        // BEGIN android-removed
+        // if (ecP == null)
+        // {
+        //     ecP = TeleTrusTNamedCurves.getByName(name);
+        //     if (ecP == null)
+        //     {
+        //         try
+        //         {
+        //             ecP = TeleTrusTNamedCurves.getByOID(new DERObjectIdentifier(name));
+        //         }
+        //         catch (IllegalArgumentException e)
+        //         {
+        //             // ignore - not an oid
+        //         }
+        //     }
+        // }
+        // END android-removed
+
+        if (ecP == null)
+        {
+            ecP = NISTNamedCurves.getByName(name);
+        }
+        
+        if (ecP == null)
+        {
+            return null;
+        }
+
+        return new ECNamedCurveParameterSpec(
+                                        name,
+                                        ecP.getCurve(),
+                                        ecP.getG(),
+                                        ecP.getN(),
+                                        ecP.getH(),
+                                        ecP.getSeed());
+    }
+
+    /**
+     * return an enumeration of the names of the available curves.
+     *
+     * @return an enumeration of the names of the available curves.
+     */
+    public static Enumeration getNames()
+    {
+        Vector v = new Vector();
+        
+        addEnumeration(v, X962NamedCurves.getNames());
+        addEnumeration(v, SECNamedCurves.getNames());
+        addEnumeration(v, NISTNamedCurves.getNames());
+        // BEGIN android-removed
+        // addEnumeration(v, TeleTrusTNamedCurves.getNames());
+        // END android-removed
+
+        return v.elements();
+    }
+
+    private static void addEnumeration(
+        Vector v, 
+        Enumeration e)
+    {
+        while (e.hasMoreElements())
+        {
+            v.addElement(e.nextElement());
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
index cdca7a9..ad1cfb2 100644
--- a/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
+++ b/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
@@ -1,5 +1,25 @@
 package org.bouncycastle.jce;
 
+import java.io.IOException;
+import java.security.AlgorithmParameters;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PSSParameterSpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Object;
@@ -22,27 +42,9 @@
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509Name;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Strings;
 
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.security.AlgorithmParameters;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PSSParameterSpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.Set;
-
 /**
  * A class for verifying and creating PKCS10 Certification requests. 
  * <pre>
@@ -88,8 +90,10 @@
         algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
         algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // END android-removed
         algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
@@ -97,39 +101,59 @@
         algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // END android-removed
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2"));
-        algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2"));
+        // BEGIN android-removed
+        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // END android-removed
         algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
         algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
+        algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
+        algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
         algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
 
         //
         // reverse mappings
         //
         oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
+        // BEGIN android-removed
+        // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
+        // END android-removed
         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
+        // BEGIN android-removed
+        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
+        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
+        // END android-removed
         
         oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
         // BEGIN android-removed
@@ -138,13 +162,17 @@
         // END android-removed
         oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
+        // BEGIN android-removed
+        // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
+        // END android-removed
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
         oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
         oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
+        // BEGIN android-removed
+        // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
+        // END android-removed
         oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
         
         //
@@ -158,19 +186,25 @@
         // The parameters field SHALL be NULL for RSA based signature algorithms.
         //
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
         noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
 
         //
         // RFC 4491
         //
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
         //
         // explicit params
         //
@@ -179,10 +213,12 @@
         // END android-changed
         params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
 
-        // BEGIN android-changed
-        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
-        // END android-changed
-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+        // BEGIN android-removed
+        // // BEGIN android-changed
+        // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
+        // // END android-changed
+        // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+        // END android-removed
 
         // BEGIN android-changed
         AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
@@ -252,7 +288,7 @@
         throws NoSuchAlgorithmException, NoSuchProviderException,
                 InvalidKeyException, SignatureException
     {
-        this(signatureAlgorithm, subject, key, attributes, signingKey, "BC");
+        this(signatureAlgorithm, subject, key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME);
     }
 
     private static X509Name convertName(
@@ -280,7 +316,7 @@
         throws NoSuchAlgorithmException, NoSuchProviderException,
                 InvalidKeyException, SignatureException
     {
-        this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, "BC");
+        this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME);
     }
     
     /**
@@ -317,7 +353,14 @@
 
         if (sigOID == null)
         {
-            throw new IllegalArgumentException("Unknown signature type requested");
+            try
+            {
+                sigOID = new DERObjectIdentifier(algorithmName);
+            }
+            catch (Exception e)
+            {
+                throw new IllegalArgumentException("Unknown signature type requested");
+            }
         }
 
         if (subject == null)
@@ -340,7 +383,7 @@
         }
         else
         {
-            this.sigAlgId = new AlgorithmIdentifier(sigOID, null);
+            this.sigAlgId = new AlgorithmIdentifier(sigOID, DERNull.INSTANCE);
         }
 
         try
@@ -384,7 +427,7 @@
     public PublicKey getPublicKey()
         throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException
     {
-        return getPublicKey("BC");
+        return getPublicKey(BouncyCastleProvider.PROVIDER_NAME);
     }
 
     public PublicKey getPublicKey(
@@ -444,7 +487,7 @@
         throws NoSuchAlgorithmException, NoSuchProviderException,
                 InvalidKeyException, SignatureException
     {
-        return verify("BC");
+        return verify(BouncyCastleProvider.PROVIDER_NAME);
     }
 
     /**
@@ -595,10 +638,12 @@
         {
             return "SHA1";
         }
-        else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
-        {
-            return "SHA224";
-        }
+        // BEGIN android-removed
+        // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
+        // {
+        //     return "SHA224";
+        // }
+        // END android-removed
         else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
         {
             return "SHA256";
@@ -611,22 +656,24 @@
         {
             return "SHA512";
         }
-        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        {
-            return "RIPEMD128";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        {
-            return "RIPEMD160";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        {
-            return "RIPEMD256";
-        }
-        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        {
-            return "GOST3411";
-        }
+        // BEGIN android-removed
+        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD128";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD160";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD256";
+        // }
+        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        // {
+        //     return "GOST3411";
+        // }
+        // END android-removed
         else
         {
             return digestAlgOID.getId();            
diff --git a/src/main/java/org/bouncycastle/jce/X509Principal.java b/src/main/java/org/bouncycastle/jce/X509Principal.java
index 1d867e7..9cc5538 100644
--- a/src/main/java/org/bouncycastle/jce/X509Principal.java
+++ b/src/main/java/org/bouncycastle/jce/X509Principal.java
@@ -1,15 +1,15 @@
 package org.bouncycastle.jce;
 
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.x509.X509Name;
-
 import java.io.IOException;
 import java.security.Principal;
 import java.util.Hashtable;
 import java.util.Vector;
 
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.x509.X509Name;
+
 /**
  * a general extension of X509Name with a couple of extra methods and
  * constructors.
diff --git a/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java b/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java
new file mode 100644
index 0000000..0812c12
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java
@@ -0,0 +1,15 @@
+package org.bouncycastle.jce.interfaces;
+
+import org.bouncycastle.jce.spec.ECParameterSpec;
+
+/**
+ * generic interface for an Elliptic Curve Key.
+ */
+public interface ECKey
+{
+    /**
+     * return a parameter specification representing the EC domain parameters
+     * for the key.
+     */
+    public ECParameterSpec getParameters();
+}
diff --git a/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java b/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java
new file mode 100644
index 0000000..001dab3
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java
@@ -0,0 +1,20 @@
+package org.bouncycastle.jce.interfaces;
+
+/**
+ * All BC elliptic curve keys implement this interface. You need to
+ * cast the key to get access to it.
+ * <p>
+ * By default BC keys produce encodings without point compression,
+ * to turn this on call setPointFormat() with "COMPRESSED".
+ */
+public interface ECPointEncoder
+{
+    /**
+     * Set the formatting for encoding of points. If the String "UNCOMPRESSED" is passed
+     * in point compression will not be used. If the String "COMPRESSED" is passed point
+     * compression will be used. The default is "UNCOMPRESSED".
+     * 
+     * @param style the style to use.
+     */
+    public void setPointFormat(String style);
+}
diff --git a/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java b/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java
new file mode 100644
index 0000000..39d80c3
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java
@@ -0,0 +1,16 @@
+package org.bouncycastle.jce.interfaces;
+
+import java.math.BigInteger;
+import java.security.PrivateKey;
+
+/**
+ * interface for Elliptic Curve Private keys.
+ */
+public interface ECPrivateKey
+    extends ECKey, PrivateKey
+{
+    /**
+     * return the private value D.
+     */
+    public BigInteger getD();
+}
diff --git a/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java b/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java
new file mode 100644
index 0000000..db2ecdc
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java
@@ -0,0 +1,17 @@
+package org.bouncycastle.jce.interfaces;
+
+import java.security.PublicKey;
+
+import org.bouncycastle.math.ec.ECPoint;
+
+/**
+ * interface for elliptic curve public keys.
+ */
+public interface ECPublicKey
+    extends ECKey, PublicKey
+{
+    /**
+     * return the public point Q
+     */
+    public ECPoint getQ();
+}
diff --git a/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
index e34d7ed..5179298 100644
--- a/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
+++ b/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
@@ -22,7 +22,6 @@
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERIA5String;
 import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
diff --git a/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index f839a59..f712938 100644
--- a/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -43,9 +43,12 @@
 public final class BouncyCastleProvider extends Provider
     implements ConfigurableProvider
 {
-    private static String info = "BouncyCastle Security Provider v1.45";
+    private static String info = "BouncyCastle Security Provider v1.46";
 
-    public static String PROVIDER_NAME = "BC";
+    // BEGIN android-changed
+    //     this constant should be final
+    public static final String PROVIDER_NAME = "BC";
+    // END android-changed
 
     /*
      * Configurable symmetric ciphers
@@ -54,11 +57,13 @@
     private static final String[] SYMMETRIC_CIPHERS =
     {
         // BEGIN android-removed
-        // "AES", "Camellia", "CAST5", "Grainv1", "Grain128", "IDEA", "Noekeon", "SEED"
+        // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DESede", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
+        // "Noekeon", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
         // END android-removed
         // BEGIN android-added
-        "AES",
+        "AES", "ARC4", "Blowfish", "DESede",
         // END android-added
+
     };
 
     /*
@@ -67,9 +72,7 @@
     private static final String ASYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jce.provider.asymmetric.";
     private static final String[] ASYMMETRIC_CIPHERS =
     {
-        // BEGIN android-removed
-        // "EC"
-        // END android-removed
+        "EC"
     };
 
     /**
@@ -79,7 +82,7 @@
      */
     public BouncyCastleProvider()
     {
-        super(PROVIDER_NAME, 1.45, info);
+        super(PROVIDER_NAME, 1.46, info);
 
         AccessController.doPrivileged(new PrivilegedAction()
         {
@@ -293,50 +296,16 @@
         // cipher engines
         //
         put("Cipher.DES", "org.bouncycastle.jce.provider.JCEBlockCipher$DES");
-        put("Cipher.DESEDE", "org.bouncycastle.jce.provider.JCEBlockCipher$DESede");
         // BEGIN android-removed
-        // put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESedeCBC");
         // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC");
-        // END android-removed
-        put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$DESEDEWrap");
-        // BEGIN android-changed
-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
-        // END android-changed
-        // BEGIN android-removed
-        // put("Cipher.SKIPJACK", "org.bouncycastle.jce.provider.JCEBlockCipher$Skipjack");
-        // END android-removed
-        put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Blowfish");
-        // BEGIN android-removed
-        // put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.JCEBlockCipher$BlowfishCBC");
-        // put("Cipher.TWOFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Twofish");
+        //
         // put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2");
         // put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
         // put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap");
-        // END android-removed
-        put("Cipher.ARC4", "org.bouncycastle.jce.provider.JCEStreamCipher$RC4");
-        put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4");
-        put("Alg.Alias.Cipher.ARCFOUR", "ARC4");
-        put("Alg.Alias.Cipher.RC4", "ARC4");
-        // BEGIN android-removed
-        // put("Cipher.SALSA20", "org.bouncycastle.jce.provider.JCEStreamCipher$Salsa20");
-        // put("Cipher.HC128", "org.bouncycastle.jce.provider.JCEStreamCipher$HC128");
-        // put("Cipher.HC256", "org.bouncycastle.jce.provider.JCEStreamCipher$HC256");
-        // put("Cipher.VMPC", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPC");
-        // put("Cipher.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEStreamCipher$VMPCKSA3");
-        // put("Cipher.RC5", "org.bouncycastle.jce.provider.JCEBlockCipher$RC5");
+        //
         // put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC");
-        // put("Alg.Alias.Cipher.RC5-32", "RC5");
-        // put("Cipher.RC5-64", "org.bouncycastle.jce.provider.JCEBlockCipher$RC564");
-        // put("Cipher.RC6", "org.bouncycastle.jce.provider.JCEBlockCipher$RC6");
-        // put("Cipher.RIJNDAEL", "org.bouncycastle.jce.provider.JCEBlockCipher$Rijndael");
-        // put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RFC3211DESedeWrap");
-        // put("Cipher.SERPENT", "org.bouncycastle.jce.provider.JCEBlockCipher$Serpent");
         // END android-removed
-
-
-        // BEGIN android-removed
-        // put("Cipher.CAST6", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST6");
-        // END android-removed
+        
         put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES",  "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
         
         // BEGIN android-removed
@@ -344,9 +313,6 @@
         // put("Alg.Alias.Cipher.GOST", "GOST28147");
         // put("Alg.Alias.Cipher.GOST-28147", "GOST28147");
         // put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc");
-        //
-        // put("Cipher.TEA", "org.bouncycastle.jce.provider.JCEBlockCipher$TEA");
-        // put("Cipher.XTEA", "org.bouncycastle.jce.provider.JCEBlockCipher$XTEA");
         // END android-removed
 
         put("Cipher.RSA", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding");
@@ -362,9 +328,7 @@
         // put("Cipher.RSA/OAEP", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding");
         // put("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding");
         // put("Cipher.RSA/ISO9796-1", "org.bouncycastle.jce.provider.JCERSACipher$ISO9796d1Padding");
-        // END android-removed
-
-        // BEGIN android-removed
+        //
         // put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES");
         // put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES");
         // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES");
@@ -379,9 +343,7 @@
         // put("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
         // put("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
         // put("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
-        // END android-removed
-        
-        // BEGIN android-removed
+        //
         // put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1");
         // put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1");
         // put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL");
@@ -411,12 +373,14 @@
         put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4");
         put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4");
 
+        // BEGIN android-changed
         put("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
         put("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
         put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC");
         put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC");
         put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4");
         put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4");
+        // END android-changed
 
         put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC");
         put("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC");
@@ -448,7 +412,14 @@
         put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish");
         // BEGIN android-removed
         // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+        //
+        // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+        // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
         // END android-removed
+        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
+        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
+        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
+        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2");
 
         put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4");
         put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4");
@@ -462,44 +433,10 @@
         //
         put("KeyGenerator.DES", "org.bouncycastle.jce.provider.JCEKeyGenerator$DES");
         put("Alg.Alias.KeyGenerator." + OIWObjectIdentifiers.desCBC, "DES");
-        put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede");
-        // BEGIN android-removed
-        // put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede3");
-        // put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede");
-        // put("KeyGenerator.SKIPJACK", "org.bouncycastle.jce.provider.JCEKeyGenerator$Skipjack");
-        // END android-removed
-        put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Blowfish");
-        put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
-        // BEGIN android-removed
-        // put("KeyGenerator.TWOFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Twofish");
-        // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
-        // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
-        // END android-removed
-        put("KeyGenerator.RC4", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC4");
-        put("Alg.Alias.KeyGenerator.ARC4", "RC4");
-        // BEGIN android-added
-        put("Alg.Alias.KeyGenerator.ARCFOUR", "RC4");
-        // END android-added
-        // BEGIN android-removed
-        // put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "RC4");
-        // put("KeyGenerator.RC5", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC5");
-        // put("Alg.Alias.KeyGenerator.RC5-32", "RC5");
-        // put("KeyGenerator.RC5-64", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC564");
-        // put("KeyGenerator.RC6", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC6");
-        // put("KeyGenerator.RIJNDAEL", "org.bouncycastle.jce.provider.JCEKeyGenerator$Rijndael");
-        //
-        // put("KeyGenerator.SERPENT", "org.bouncycastle.jce.provider.JCEKeyGenerator$Serpent");
-        // put("KeyGenerator.SALSA20", "org.bouncycastle.jce.provider.JCEKeyGenerator$Salsa20");
-        // put("KeyGenerator.HC128", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC128");
-        // put("KeyGenerator.HC256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HC256");
-        // put("KeyGenerator.VMPC", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPC");
-        // put("KeyGenerator.VMPC-KSA3", "org.bouncycastle.jce.provider.JCEKeyGenerator$VMPCKSA3");
-        // END android-removed
 
         // BEGIN android-removed
-        // put("KeyGenerator.CAST6", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST6");
-        // put("KeyGenerator.TEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$TEA");
-        // put("KeyGenerator.XTEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$XTEA");
+        // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
+        // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2");
         //
         // put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147");
         // put("Alg.Alias.KeyGenerator.GOST", "GOST28147");
@@ -563,25 +500,26 @@
         // BEGIN android-removed
         // put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
         // put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters");
-        // put("AlgorithmParameters.RC5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-        // put("AlgorithmParameters.RC6", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
         // END android-removed
-        put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-        put("Alg.Alias.AlgorithmParameters.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
-        // BEGIN android-removed
-        // put("AlgorithmParameters.TWOFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-        // put("AlgorithmParameters.SKIPJACK", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-        // put("AlgorithmParameters.RIJNDAEL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters");
-        // END android-removed
-
         
         //
         // secret key factories.
         //
         put("SecretKeyFactory.DES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DES");
-        put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DESede");
         // BEGIN android-removed
         // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES");
+        // END android-removed
+
+        // BEGIN android-removed
+        // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+        // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+        // END android-removed
+        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
+        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
+        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
+        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2");
+
+        // BEGIN android-removed
         // put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
         // END android-removed
         put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES");
@@ -708,11 +646,11 @@
 
                 if (loader != null)
                 {
-                    clazz = loader.loadClass(packageName + names[i] + "Mappings");
+                    clazz = loader.loadClass(packageName + names[i] + "$Mappings");
                 }
                 else
                 {
-                    clazz = Class.forName(packageName + names[i] + "Mappings");
+                    clazz = Class.forName(packageName + names[i] + "$Mappings");
                 }
             }
             catch (ClassNotFoundException e)
@@ -729,7 +667,7 @@
                 catch (Exception e)
                 {   // this should never ever happen!!
                     throw new InternalError("cannot create instance of "
-                        + packageName + names[i] + "Mappings : " + e);
+                        + packageName + names[i] + "$Mappings : " + e);
                 }
             }
         }
@@ -761,49 +699,23 @@
         // put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8");
         // put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
         //
-        // put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.JCEMac$DESede");
-        // put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
-        // put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESedeCFB8");
-        // put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
-        //
         // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
         // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
         //
-        // put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.JCEMac$DESede64");
-        // put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
-        //
-        // put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DESede64with7816d4");
-        // put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-        // put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-        // put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-        //
         // put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
         // put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
         // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4");
         // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
         //
-        // put("Mac.SKIPJACKMAC", "org.bouncycastle.jce.provider.JCEMac$Skipjack");
-        // put("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC");
-        // put("Mac.SKIPJACKMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$SkipjackCFB8");
-        // put("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8");
-        //
         // put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2");
         // put("Alg.Alias.Mac.RC2", "RC2MAC");
         // put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8");
         // put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
         //
-        // put("Mac.RC5MAC", "org.bouncycastle.jce.provider.JCEMac$RC5");
-        // put("Alg.Alias.Mac.RC5", "RC5MAC");
-        // put("Mac.RC5MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC5CFB8");
-        // put("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8");
         //
         // put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147");
         // put("Alg.Alias.Mac.GOST28147", "GOST28147MAC");
         //
-        // put("Mac.VMPCMAC", "org.bouncycastle.jce.provider.JCEMac$VMPC");
-        // put("Alg.Alias.Mac.VMPC", "VMPCMAC");
-        // put("Alg.Alias.Mac.VMPC-MAC", "VMPCMAC");
-        //
         // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384");
         //
         // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512");
diff --git a/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
index d675024..f9dbe89 100644
--- a/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
+++ b/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
@@ -36,10 +36,6 @@
 
 import javax.security.auth.x500.X500Principal;
 
-// BEGIN android-added
-import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters;
-
-// END android-added
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1OctetString;
@@ -82,6 +78,8 @@
 
 public class CertPathValidatorUtilities
 {
+    protected static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil();
+
     protected static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId();
     protected static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId();
     protected static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId();
@@ -119,40 +117,13 @@
         "privilegeWithdrawn",
         "aACompromise" };
     
-    // BEGIN android-removed
-    // /**
-    //  * Search the given Set of TrustAnchor's for one that is the
-    //  * issuer of the given X509 certificate. Uses the default provider
-    //  * for signature verification.
-    //  *
-    //  * @param cert the X509 certificate
-    //  * @param trustAnchors a Set of TrustAnchor's
-    //  *
-    //  * @return the <code>TrustAnchor</code> object if found or
-    //  * <code>null</code> if not.
-    //  *
-    //  * @exception AnnotatedException
-    //  *                if a TrustAnchor was found but the signature verification
-    //  *                on the given certificate has thrown an exception.
-    //  */
-    // protected static TrustAnchor findTrustAnchor(
-    //     X509Certificate cert,
-    //     Set             trustAnchors)
-    //         throws AnnotatedException
-    // {
-    //     return findTrustAnchor(cert, trustAnchors, null);
-    // }
-    // END android-removed
-    
-    // BEGIN android-changed
     /**
      * Search the given Set of TrustAnchor's for one that is the
-     * issuer of the given X509 certificate. Uses the specified
-     * provider for signature verification, or the default provider
-     * if null.
+     * issuer of the given X509 certificate. Uses the default provider
+     * for signature verification.
      *
      * @param cert the X509 certificate
-     * @param params used to find the trust anchors and signature provider
+     * @param trustAnchors a Set of TrustAnchor's
      *
      * @return the <code>TrustAnchor</code> object if found or
      * <code>null</code> if not.
@@ -163,21 +134,35 @@
      */
     protected static TrustAnchor findTrustAnchor(
         X509Certificate cert,
-        PKIXParameters  params)
+        Set             trustAnchors)
             throws AnnotatedException
-    // END android-changed
     {
-        // BEGIN android-changed
-        // If we have a trust anchor index, use it.
-        if (params instanceof IndexedPKIXParameters) {
-            try {
-                IndexedPKIXParameters indexed = (IndexedPKIXParameters) params;
-                return indexed.findTrustAnchor(cert);
-            } catch (CertPathValidatorException e) {
-                throw new AnnotatedException(e.getMessage(), e);
-            }
-        }
-        // END android-changed
+        return findTrustAnchor(cert, trustAnchors, null);
+    }
+    
+    /**
+     * Search the given Set of TrustAnchor's for one that is the
+     * issuer of the given X509 certificate. Uses the specified
+     * provider for signature verification, or the default provider
+     * if null.
+     *
+     * @param cert the X509 certificate
+     * @param trustAnchors a Set of TrustAnchor's
+     * @param sigProvider the provider to use for signature verification
+     *
+     * @return the <code>TrustAnchor</code> object if found or
+     * <code>null</code> if not.
+     *
+     * @exception AnnotatedException
+     *                if a TrustAnchor was found but the signature verification
+     *                on the given certificate has thrown an exception.
+     */
+    protected static TrustAnchor findTrustAnchor(
+        X509Certificate cert,
+        Set             trustAnchors,
+        String          sigProvider) 
+            throws AnnotatedException
+    {
         TrustAnchor trust = null;
         PublicKey trustPublicKey = null;
         Exception invalidKeyEx = null;
@@ -194,49 +179,21 @@
             throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex);
         }
 
-        // BEGIN android-changed
-        Iterator iter = params.getTrustAnchors().iterator();
-        // END android-changed
-        // BEGIN android-added
-        byte[] certBytes = null;
-        try {
-            certBytes = cert.getEncoded();
-        } catch (Exception e) {
-            // ignore, just continue
-        }
-        // END android-added
+        Iterator iter = trustAnchors.iterator();
         while (iter.hasNext() && trust == null)
         {
             trust = (TrustAnchor) iter.next();
-            // BEGIN android-changed
-            X509Certificate trustCert = trust.getTrustedCert();
-            // END android-changed
-            // BEGIN android-added
-            // If the trust anchor is identical to the certificate we're
-            // done. Just return the anchor.
-            // There is similar code in PKIXCertPathValidatorSpi.
-            try {
-                byte[] trustBytes = trustCert.getEncoded();
-                if (certBytes != null && Arrays.equals(trustBytes, certBytes)) {
-                    return trust;
-                }
-            } catch (Exception e) {
-                // ignore, continue and verify the certificate
-            }
-            // END android-added
-            // BEGIN android-changed
-            if (trustCert != null)
+            if (trust.getTrustedCert() != null)
             {
-                if (certSelectX509.match(trustCert))
+                if (certSelectX509.match(trust.getTrustedCert()))
                 {
-                    trustPublicKey = trustCert.getPublicKey();
+                    trustPublicKey = trust.getTrustedCert().getPublicKey();
                 }
                 else
                 {
                     trust = null;
                 }
             }
-            // END android-changed
             else if (trust.getCAName() != null
                     && trust.getCAPublicKey() != null)
             {
@@ -266,9 +223,7 @@
             {
                 try
                 {
-                    // BEGIN android-changed
-                    verifyX509Certificate(cert, trustPublicKey, params.getSigProvider());
-                    // END android-changed
+                    verifyX509Certificate(cert, trustPublicKey, sigProvider);
                 }
                 catch (Exception ex)
                 {
@@ -420,69 +375,6 @@
     
     // crl checking
 
-    /**
-     * Return a Collection of all CRLs found in the X509Store's that are
-     * matching the crlSelect criteriums.
-     *
-     * @param crlSelect a {@link X509CRLStoreSelector} object that will be used
-     *            to select the CRLs
-     * @param crlStores a List containing only
-     *            {@link org.bouncycastle.x509.X509Store  X509Store} objects.
-     *            These are used to search for CRLs
-     *
-     * @return a Collection of all found {@link X509CRL X509CRL} objects. May be
-     *         empty but never <code>null</code>.
-     */
-    protected static final Collection findCRLs(X509CRLStoreSelector crlSelect,
-        List crlStores) throws AnnotatedException
-    {
-        Set crls = new HashSet();
-        Iterator iter = crlStores.iterator();
-
-        AnnotatedException lastException = null;
-        boolean foundValidStore = false;
-
-        while (iter.hasNext())
-        {
-            Object obj = iter.next();
-
-            if (obj instanceof X509Store)
-            {
-                X509Store store = (X509Store)obj;
-
-                try
-                {
-                    crls.addAll(store.getMatches(crlSelect));
-                    foundValidStore = true;
-                }
-                catch (StoreException e)
-                {
-                    lastException = new AnnotatedException(
-                        "Exception searching in X.509 CRL store.", e);
-                }
-            }
-            else
-            {
-                CertStore store = (CertStore)obj;
-
-                try
-                {
-                    crls.addAll(store.getCRLs(crlSelect));
-                    foundValidStore = true;
-                }
-                catch (CertStoreException e)
-                {
-                    lastException = new AnnotatedException(
-                        "Exception searching in X.509 CRL store.", e);
-                }
-            }
-        }
-        if (!foundValidStore && lastException != null)
-        {
-            throw lastException;
-        }
-        return crls;
-    }
 
     //
     // policy checking
@@ -800,13 +692,13 @@
                 //     X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
                 //         url, base).build();
                 //     pkixParams.addAdditionalStore(X509Store.getInstance(
-                //         "CERTIFICATE/LDAP", params, "BC"));
+                //         "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
                 //     pkixParams.addAdditionalStore(X509Store.getInstance(
-                //         "CRL/LDAP", params, "BC"));
+                //         "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
                 //     pkixParams.addAdditionalStore(X509Store.getInstance(
-                //         "ATTRIBUTECERTIFICATE/LDAP", params, "BC"));
+                //         "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
                 //     pkixParams.addAdditionalStore(X509Store.getInstance(
-                //         "CERTIFICATEPAIR/LDAP", params, "BC"));
+                //         "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
                 // }
                 // END android-removed
             }
@@ -1174,15 +1066,6 @@
 
         X509CRLStoreSelector deltaSelect = new X509CRLStoreSelector();
 
-        if (paramsPKIX.getDate() != null)
-        {
-            deltaSelect.setDateAndTime(paramsPKIX.getDate());
-        }
-        else
-        {
-            deltaSelect.setDateAndTime(currentDate);
-        }
-
         // 5.2.4 (a)
         try
         {
@@ -1234,18 +1117,8 @@
         // 5.2.4 (c)
         deltaSelect.setMaxBaseCRLNumber(completeCRLNumber);
 
-        Set temp = new HashSet();
         // find delta CRLs
-        try
-        {
-            temp.addAll(CertPathValidatorUtilities.findCRLs(deltaSelect, paramsPKIX.getAdditionalStores()));
-            temp.addAll(CertPathValidatorUtilities.findCRLs(deltaSelect, paramsPKIX.getStores()));
-            temp.addAll(CertPathValidatorUtilities.findCRLs(deltaSelect, paramsPKIX.getCertStores()));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new AnnotatedException("Could not search for delta CRLs.", e);
-        }
+        Set temp = CRL_UTIL.findCRLs(deltaSelect, paramsPKIX, currentDate);
 
         Set result = new HashSet();
 
@@ -1316,28 +1189,12 @@
             crlselect.setAttrCertificateChecking((X509AttributeCertificate)cert);
         }
 
-        if (paramsPKIX.getDate() != null)
-        {
-            crlselect.setDateAndTime(paramsPKIX.getDate());
-        }
-        else
-        {
-            crlselect.setDateAndTime(currentDate);
-        }
+
 
         crlselect.setCompleteCRLEnabled(true);
 
-        Set crls = new HashSet();
-        try
-        {
-            crls.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getStores()));
-            crls.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
-            crls.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getCertStores()));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new AnnotatedException("Could not search for CRLs.", e);
-        }
+        Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
+
         if (crls.isEmpty())
         {
             if (cert instanceof X509AttributeCertificate)
@@ -1474,7 +1331,7 @@
                 dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
             try
             {
-                KeyFactory keyFactory = KeyFactory.getInstance("DSA", "BC");
+                KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
                 return keyFactory.generatePublic(dsaPubKeySpec);
             }
             catch (Exception exception)
diff --git a/src/main/java/org/bouncycastle/jce/provider/DSABase.java b/src/main/java/org/bouncycastle/jce/provider/DSABase.java
new file mode 100644
index 0000000..b30c11e
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/DSABase.java
@@ -0,0 +1,121 @@
+package org.bouncycastle.jce.provider;
+
+import java.math.BigInteger;
+import java.security.SignatureException;
+import java.security.SignatureSpi;
+import java.security.PrivateKey;
+import java.security.InvalidKeyException;
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
+import org.bouncycastle.crypto.DSA;
+import org.bouncycastle.crypto.Digest;
+
+public abstract class DSABase
+    extends SignatureSpi
+    implements PKCSObjectIdentifiers, X509ObjectIdentifiers
+{
+    protected Digest                  digest;
+    protected DSA                     signer;
+    protected DSAEncoder              encoder;
+
+    protected DSABase(
+        Digest                  digest,
+        DSA                     signer,
+        DSAEncoder              encoder)
+    {
+        this.digest = digest;
+        this.signer = signer;
+        this.encoder = encoder;
+    }
+
+    protected void engineInitSign(
+        PrivateKey privateKey)
+    throws InvalidKeyException
+    {
+        engineInitSign(privateKey, null);
+    }
+
+    protected void engineUpdate(
+        byte    b)
+        throws SignatureException
+    {
+        digest.update(b);
+    }
+
+    protected void engineUpdate(
+        byte[]  b,
+        int     off,
+        int     len) 
+        throws SignatureException
+    {
+        digest.update(b, off, len);
+    }
+
+    protected byte[] engineSign()
+        throws SignatureException
+    {
+        byte[]  hash = new byte[digest.getDigestSize()];
+
+        digest.doFinal(hash, 0);
+
+        try
+        {
+            BigInteger[]    sig = signer.generateSignature(hash);
+
+            return encoder.encode(sig[0], sig[1]);
+        }
+        catch (Exception e)
+        {
+            throw new SignatureException(e.toString());
+        }
+    }
+
+    protected boolean engineVerify(
+        byte[]  sigBytes) 
+        throws SignatureException
+    {
+        byte[]  hash = new byte[digest.getDigestSize()];
+
+        digest.doFinal(hash, 0);
+
+        BigInteger[]    sig;
+
+        try
+        {
+            sig = encoder.decode(sigBytes);
+        }
+        catch (Exception e)
+        {
+            throw new SignatureException("error decoding signature bytes.");
+        }
+
+        return signer.verifySignature(hash, sig[0], sig[1]);
+    }
+
+    protected void engineSetParameter(
+        AlgorithmParameterSpec params)
+    {
+        throw new UnsupportedOperationException("engineSetParameter unsupported");
+    }
+
+    /**
+     * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)">
+     */
+    protected void engineSetParameter(
+        String  param,
+        Object  value)
+    {
+        throw new UnsupportedOperationException("engineSetParameter unsupported");
+    }
+
+    /**
+     * @deprecated
+     */
+    protected Object engineGetParameter(
+        String      param)
+    {
+        throw new UnsupportedOperationException("engineSetParameter unsupported");
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java b/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java
new file mode 100644
index 0000000..e0dc92b
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/DSAEncoder.java
@@ -0,0 +1,13 @@
+package org.bouncycastle.jce.provider;
+
+import java.math.BigInteger;
+import java.io.IOException;
+
+public interface DSAEncoder
+{
+    byte[] encode(BigInteger r, BigInteger s)
+        throws IOException;
+
+    BigInteger[] decode(byte[] sig)
+        throws IOException;
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java b/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
index 5ba4cc2..1b48aec 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
@@ -1,43 +1,48 @@
 package org.bouncycastle.jce.provider;
 
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.InvalidParameterException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
+
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.BufferedBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.engines.AESFastEngine;
-import org.bouncycastle.crypto.engines.BlowfishEngine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.CAST5Engine;
-// import org.bouncycastle.crypto.engines.CAST6Engine;
-// END android-removed
 import org.bouncycastle.crypto.engines.DESEngine;
 import org.bouncycastle.crypto.engines.DESedeEngine;
 // BEGIN android-removed
 // import org.bouncycastle.crypto.engines.GOST28147Engine;
 // END android-removed
 import org.bouncycastle.crypto.engines.RC2Engine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.RC532Engine;
-// import org.bouncycastle.crypto.engines.RC564Engine;
-// END android-removed
-// import org.bouncycastle.crypto.engines.RC6Engine;
-// import org.bouncycastle.crypto.engines.RijndaelEngine;
-// import org.bouncycastle.crypto.engines.SEEDEngine;
-// import org.bouncycastle.crypto.engines.SerpentEngine;
-// import org.bouncycastle.crypto.engines.SkipjackEngine;
-// import org.bouncycastle.crypto.engines.TEAEngine;
-// END android-removed
 import org.bouncycastle.crypto.engines.TwofishEngine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.XTEAEngine;
-// END android-removed
 import org.bouncycastle.crypto.modes.AEADBlockCipher;
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.modes.CCMBlockCipher;
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.CTSBlockCipher;
-import org.bouncycastle.crypto.modes.EAXBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.EAXBlockCipher;
+// END android-removed
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
 import org.bouncycastle.crypto.modes.GOFBBlockCipher;
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
@@ -64,27 +69,6 @@
 // END android-removed
 import org.bouncycastle.util.Strings;
 
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.ShortBufferException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
-// import javax.crypto.spec.RC2ParameterSpec;
-// import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.InvalidParameterException;
-import java.security.Key;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
 public class JCEBlockCipher extends WrapCipherSpi
     implements PBE
 {
@@ -175,7 +159,7 @@
             {
                 try
                 {
-                    engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, "BC");
+                    engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
                     engineParams.init(pbeSpec);
                 }
                 catch (Exception e)
@@ -194,7 +178,7 @@
 
                 try
                 {
-                    engineParams = AlgorithmParameters.getInstance(name, "BC");
+                    engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME);
                     engineParams.init(ivParam.getIV());
                 }
                 catch (Exception e)
@@ -304,11 +288,13 @@
             ivLength = baseEngine.getBlockSize();
             cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
         }
-        else if (modeName.startsWith("EAX"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
-        }
+        // BEGIN android-removed
+        // else if (modeName.startsWith("EAX"))
+        // {
+        //     ivLength = baseEngine.getBlockSize();
+        //     cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
+        // }
+        // END android-removed
         else if (modeName.startsWith("GCM"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -801,32 +787,6 @@
     //         super(new CBCBlockCipher(new DESEngine()), 64);
     //     }
     // }
-    // END android-removed
-
-    /**
-     * DESede
-     */
-    static public class DESede
-        extends JCEBlockCipher
-    {
-        public DESede()
-        {
-            super(new DESedeEngine());
-        }
-    }
-
-    // BEGIN android-removed
-    // /**
-    //  * DESedeCBC
-    //  */
-    // static public class DESedeCBC
-    //     extends JCEBlockCipher
-    // {
-    //     public DESedeCBC()
-    //     {
-    //         super(new CBCBlockCipher(new DESedeEngine()), 64);
-    //     }
-    // }
     //
     // /**
     //  *  GOST28147
@@ -839,7 +799,7 @@
     //         super(new GOST28147Engine());
     //     }
     // }
-    //    
+    //
     // static public class GOST28147cbc
     //     extends JCEBlockCipher
     // {
@@ -850,56 +810,6 @@
     // }
     //
     // /**
-    //  * SKIPJACK
-    //  */
-    // static public class Skipjack
-    //     extends JCEBlockCipher
-    // {
-    //     public Skipjack()
-    //     {
-    //         super(new SkipjackEngine());
-    //     }
-    // }
-    // END android-removed
-    
-    /**
-     * Blowfish
-     */
-    static public class Blowfish
-        extends JCEBlockCipher
-    {
-        public Blowfish()
-        {
-            super(new BlowfishEngine());
-        }
-    }
-    
-    // BEGIN android-removed
-    // /**
-    //  * Blowfish CBC
-    //  */
-    // static public class BlowfishCBC
-    //     extends JCEBlockCipher
-    // {
-    //     public BlowfishCBC()
-    //     {
-    //         super(new CBCBlockCipher(new BlowfishEngine()), 64);
-    //     }
-    // }
-    //
-    // /**
-    //  * Twofish
-    //  */
-    // static public class Twofish
-    //     extends JCEBlockCipher
-    // {
-    //     public Twofish()
-    //     {
-    //         super(new TwofishEngine());
-    //     }
-    // }
-    //
-    // /**
     //  * RC2
     //  */
     // static public class RC2
@@ -922,188 +832,6 @@
     //         super(new CBCBlockCipher(new RC2Engine()), 64);
     //     }
     // }
-    //
-    // /**
-    //  * RC5
-    //  */
-    // static public class RC5
-    //     extends JCEBlockCipher
-    // {
-    //     public RC5()
-    //     {
-    //         super(new RC532Engine());
-    //     }
-    // }
-    //
-    // /**
-    //  * RC564
-    //  */
-    // static public class RC564
-    //     extends JCEBlockCipher
-    // {
-    //     public RC564()
-    //     {
-    //         super(new RC564Engine());
-    //     }
-    // }
-    //
-    // /**
-    //  * RC6
-    //  */
-    // static public class RC6
-    //     extends JCEBlockCipher
-    // {
-    //     public RC6()
-    //     {
-    //         super(new RC6Engine());
-    //     }
-    // }
-    //
-    // /**
-    //  * AES
-    //  */
-    // static public class AES
-    //     extends JCEBlockCipher
-    // {
-    //     public AES()
-    //     {
-    //         super(new AESFastEngine());
-    //     }
-    // }
-    //
-    // /**
-    //  * AESCBC
-    //  */
-    // static public class AESCBC
-    //     extends JCEBlockCipher
-    // {
-    //     public AESCBC()
-    //     {
-    //         super(new CBCBlockCipher(new AESFastEngine()), 128);
-    //     }
-    // }
-    //
-    // /**
-    //  * AESCFB
-    //  */
-    // static public class AESCFB
-    //     extends JCEBlockCipher
-    // {
-    //     public AESCFB()
-    //     {
-    //         super(new CFBBlockCipher(new AESFastEngine(), 128), 128);
-    //     }
-    // }
-    //
-    // /**
-    //  * AESOFB
-    //  */
-    // static public class AESOFB
-    //     extends JCEBlockCipher
-    // {
-    //     public AESOFB()
-    //     {
-    //         super(new OFBBlockCipher(new AESFastEngine(), 128), 128);
-    //     }
-    // }
-    //
-    // /**
-    //  * Rijndael
-    //  */
-    // static public class Rijndael
-    //     extends JCEBlockCipher
-    // {
-    //     public Rijndael()
-    //     {
-    //         super(new RijndaelEngine());
-    //     }
-    // }
-    //
-    // /**
-    //  * Serpent
-    //  */
-    // static public class Serpent
-    //     extends JCEBlockCipher
-    // {
-    //     public Serpent()
-    //     {
-    //         super(new SerpentEngine());
-    //     }
-    // }
-    //
-    //
-    //
-    // /**
-    //  * CAST5
-    //  */
-    // static public class CAST5
-    //     extends JCEBlockCipher
-    // {
-    //     public CAST5()
-    //     {
-    //         super(new CAST5Engine());
-    //     }
-    // }
-    //
-    // /**
-    //  * CAST5 CBC
-    //  */
-    // static public class CAST5CBC
-    //     extends JCEBlockCipher
-    // {
-    //     public CAST5CBC()
-    //     {
-    //         super(new CBCBlockCipher(new CAST5Engine()), 64);
-    //     }
-    // }
-    //
-    // /**
-    //  * CAST6
-    //  */
-    // static public class CAST6
-    //     extends JCEBlockCipher
-    // {
-    //     public CAST6()
-    //     {
-    //         super(new CAST6Engine());
-    //     }
-    // }
-    // 
-    // /**
-    //  * TEA
-    //  */
-    // static public class TEA
-    //     extends JCEBlockCipher
-    // {
-    //     public TEA()
-    //     {
-    //         super(new TEAEngine());
-    //     }
-    // }
-    //
-    // /**
-    //  * XTEA
-    //  */
-    // static public class XTEA
-    //     extends JCEBlockCipher
-    // {
-    //     public XTEA()
-    //     {
-    //         super(new XTEAEngine());
-    //     }
-    // }
-    // 
-    // /**
-    //  * SEED
-    //  */
-    // static public class SEED
-    //     extends JCEBlockCipher
-    // {
-    //     public SEED()
-    //     {
-    //         super(new SEEDEngine());
-    //     }
-    // }
     // END android-removed
 
     /**
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java b/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
index 75fbdf7..ef8f76a 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
@@ -1,7 +1,12 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.crypto.params.DESParameters;
-import org.bouncycastle.util.Strings;
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Hashtable;
 
 import javax.crypto.KeyAgreementSpi;
 import javax.crypto.SecretKey;
@@ -10,13 +15,9 @@
 import javax.crypto.interfaces.DHPublicKey;
 import javax.crypto.spec.DHParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
-import java.math.BigInteger;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.Hashtable;
+
+import org.bouncycastle.crypto.params.DESParameters;
+import org.bouncycastle.util.Strings;
 
 /**
  * Diffie-Hellman key agreement. There's actually a better way of doing this
@@ -31,8 +32,6 @@
     private BigInteger      g;
     private BigInteger      result;
 
-    private SecureRandom    random;
-
     private static final Hashtable algorithms = new Hashtable();
 
     static
@@ -41,11 +40,13 @@
         Integer i64 = Integer.valueOf(64);
         Integer i192 = Integer.valueOf(192);
         Integer i128 = Integer.valueOf(128);
+        Integer i256 = Integer.valueOf(256);
         // END android-changed
 
         algorithms.put("DES", i64);
         algorithms.put("DESEDE", i192);
         algorithms.put("BLOWFISH", i128);
+        algorithms.put("AES", i256);
     }
 
     private byte[] bigIntToBytes(
@@ -172,8 +173,6 @@
         }
         DHPrivateKey    privKey = (DHPrivateKey)key;
 
-        this.random = random;
-
         if (params != null)
         {
             if (!(params instanceof DHParameterSpec))
@@ -206,7 +205,6 @@
 
         DHPrivateKey    privKey = (DHPrivateKey)key;
 
-        this.random = random;
         this.p = privKey.getParams().getP();
         this.g = privKey.getParams().getG();
         this.x = this.result = privKey.getX();
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
index 3da31fb..fc38481 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java
@@ -1,5 +1,15 @@
 package org.bouncycastle.jce.provider;
 
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.math.BigInteger;
+import java.util.Enumeration;
+
+import javax.crypto.interfaces.DHPrivateKey;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.DHPrivateKeySpec;
+
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DEREncodable;
 import org.bouncycastle.asn1.DERInteger;
@@ -8,18 +18,11 @@
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x9.DHDomainParameters;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
 
-import javax.crypto.interfaces.DHPrivateKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.DHPrivateKeySpec;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.math.BigInteger;
-import java.util.Enumeration;
-
 public class JCEDHPrivateKey
     implements DHPrivateKey, PKCS12BagAttributeCarrier
 {
@@ -27,7 +30,8 @@
     
     BigInteger      x;
 
-    DHParameterSpec dhSpec;
+    private DHParameterSpec dhSpec;
+    private PrivateKeyInfo  info;
 
     private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl();
 
@@ -52,17 +56,35 @@
     JCEDHPrivateKey(
         PrivateKeyInfo  info)
     {
-        DHParameter     params = new DHParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
+        ASN1Sequence    seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters());
         DERInteger      derX = (DERInteger)info.getPrivateKey();
+        DERObjectIdentifier id = info.getAlgorithmId().getObjectId();
 
+        this.info = info;
         this.x = derX.getValue();
-        if (params.getL() != null)
+
+        if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement))
         {
-            this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue());
+            DHParameter params = new DHParameter(seq);
+
+            if (params.getL() != null)
+            {
+                this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue());
+            }
+            else
+            {
+                this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
+            }
+        }
+        else if (id.equals(X9ObjectIdentifiers.dhpublicnumber))
+        {
+            DHDomainParameters params = DHDomainParameters.getInstance(seq);
+
+            this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue());
         }
         else
         {
-            this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
+            throw new IllegalArgumentException("unknown algorithm type: " + id);
         }
     }
 
@@ -96,6 +118,11 @@
      */
     public byte[] getEncoded()
     {
+        if (info != null)
+        {
+            return info.getDEREncoded();
+        }
+        
         PrivateKeyInfo          info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(getX()));
 
         return info.getDEREncoded();
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
index e343af3..942e3bf 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java
@@ -1,21 +1,25 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.pkcs.DHParameter;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-
-import javax.crypto.interfaces.DHPublicKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.DHPublicKeySpec;
 import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.math.BigInteger;
 
+import javax.crypto.interfaces.DHPublicKey;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.DHPublicKeySpec;
+
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.pkcs.DHParameter;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.DHDomainParameters;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.params.DHPublicKeyParameters;
+
 public class JCEDHPublicKey
     implements DHPublicKey
 {
@@ -23,7 +27,8 @@
     
     private BigInteger              y;
     private DHParameterSpec         dhSpec;
-
+    private SubjectPublicKeyInfo    info;
+    
     JCEDHPublicKey(
         DHPublicKeySpec    spec)
     {
@@ -56,9 +61,9 @@
     JCEDHPublicKey(
         SubjectPublicKeyInfo    info)
     {
-        DHParameter             params = new DHParameter((ASN1Sequence)info.getAlgorithmId().getParameters());
-        DERInteger              derY = null;
+        this.info = info;
 
+        DERInteger              derY;
         try
         {
             derY = (DERInteger)info.getPublicKey();
@@ -69,13 +74,33 @@
         }
 
         this.y = derY.getValue();
-        if (params.getL() != null)
+
+        ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters());
+        DERObjectIdentifier id = info.getAlgorithmId().getObjectId();
+
+        // we need the PKCS check to handle older keys marked with the X9 oid.
+        if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement) || isPKCSParam(seq))
         {
-            this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue());
+            DHParameter             params = new DHParameter(seq);
+
+            if (params.getL() != null)
+            {
+                this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue());
+            }
+            else
+            {
+                this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
+            }
+        }
+        else if (id.equals(X9ObjectIdentifiers.dhpublicnumber))
+        {
+            DHDomainParameters params = DHDomainParameters.getInstance(seq);
+
+            this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue());
         }
         else
         {
-            this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
+            throw new IllegalArgumentException("unknown algorithm type: " + id);
         }
     }
 
@@ -91,7 +116,12 @@
 
     public byte[] getEncoded()
     {
-        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.dhpublicnumber, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(y));
+        if (info != null)
+        {
+            return info.getDEREncoded();
+        }
+
+        SubjectPublicKeyInfo    info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(y));
 
         return info.getDEREncoded();
     }
@@ -106,6 +136,29 @@
         return y;
     }
 
+    private boolean isPKCSParam(ASN1Sequence seq)
+    {
+        if (seq.size() == 2)
+        {
+            return true;
+        }
+        
+        if (seq.size() > 3)
+        {
+            return false;
+        }
+
+        DERInteger l = DERInteger.getInstance(seq.getObjectAt(2));
+        DERInteger p = DERInteger.getInstance(seq.getObjectAt(0));
+
+        if (l.getValue().compareTo(BigInteger.valueOf(p.getValue().bitLength())) > 0)
+        {
+            return false;
+        }
+
+        return true;
+    }
+
     private void readObject(
         ObjectInputStream   in)
         throws IOException, ClassNotFoundException
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
new file mode 100644
index 0000000..3b3f318
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
@@ -0,0 +1,472 @@
+package org.bouncycastle.jce.provider;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.math.BigInteger;
+import java.security.interfaces.ECPrivateKey;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.EllipticCurve;
+import java.util.Enumeration;
+
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.jce.interfaces.ECPointEncoder;
+import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
+import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
+import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.bouncycastle.math.ec.ECCurve;
+
+public class JCEECPrivateKey
+    implements ECPrivateKey, org.bouncycastle.jce.interfaces.ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder
+{
+    private String          algorithm = "EC";
+    private BigInteger      d;
+    private ECParameterSpec ecSpec;
+    private boolean         withCompression;
+
+    private DERBitString publicKey;
+
+    private PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl();
+
+    protected JCEECPrivateKey()
+    {
+    }
+
+    public JCEECPrivateKey(
+        ECPrivateKey    key)
+    {
+        this.d = key.getS();
+        this.algorithm = key.getAlgorithm();
+        this.ecSpec = key.getParams();
+    }
+
+    public JCEECPrivateKey(
+        String              algorithm,
+        org.bouncycastle.jce.spec.ECPrivateKeySpec     spec)
+    {
+        this.algorithm = algorithm;
+        this.d = spec.getD();
+
+        if (spec.getParams() != null) // can be null if implicitlyCA
+        {
+            ECCurve curve = spec.getParams().getCurve();
+            EllipticCurve ellipticCurve;
+
+            ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());
+
+            this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
+        }
+        else
+        {
+            this.ecSpec = null;
+        }
+    }
+
+
+    public JCEECPrivateKey(
+        String              algorithm,
+        ECPrivateKeySpec    spec)
+    {
+        this.algorithm = algorithm;
+        this.d = spec.getS();
+        this.ecSpec = spec.getParams();
+    }
+
+    public JCEECPrivateKey(
+        String             algorithm,
+        JCEECPrivateKey    key)
+    {
+        this.algorithm = algorithm;
+        this.d = key.d;
+        this.ecSpec = key.ecSpec;
+        this.withCompression = key.withCompression;
+        this.attrCarrier = key.attrCarrier;
+        this.publicKey = key.publicKey;
+    }
+
+    public JCEECPrivateKey(
+        String                  algorithm,
+        ECPrivateKeyParameters  params,
+        JCEECPublicKey          pubKey,
+        ECParameterSpec         spec)
+    {
+        ECDomainParameters      dp = params.getParameters();
+
+        this.algorithm = algorithm;
+        this.d = params.getD();
+
+        if (spec == null)
+        {
+            EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());
+
+            this.ecSpec = new ECParameterSpec(
+                            ellipticCurve,
+                            new ECPoint(
+                                    dp.getG().getX().toBigInteger(),
+                                    dp.getG().getY().toBigInteger()),
+                            dp.getN(),
+                            dp.getH().intValue());
+        }
+        else
+        {
+            this.ecSpec = spec;
+        }
+
+        publicKey = getPublicKeyDetails(pubKey);
+    }
+
+    public JCEECPrivateKey(
+        String                  algorithm,
+        ECPrivateKeyParameters  params,
+        JCEECPublicKey          pubKey,
+        org.bouncycastle.jce.spec.ECParameterSpec         spec)
+    {
+        ECDomainParameters      dp = params.getParameters();
+
+        this.algorithm = algorithm;
+        this.d = params.getD();
+
+        if (spec == null)
+        {
+            EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());
+
+            this.ecSpec = new ECParameterSpec(
+                            ellipticCurve,
+                            new ECPoint(
+                                    dp.getG().getX().toBigInteger(),
+                                    dp.getG().getY().toBigInteger()),
+                            dp.getN(),
+                            dp.getH().intValue());
+        }
+        else
+        {
+            EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed());
+            
+            this.ecSpec = new ECParameterSpec(
+                                ellipticCurve,
+                                new ECPoint(
+                                        spec.getG().getX().toBigInteger(),
+                                        spec.getG().getY().toBigInteger()),
+                                spec.getN(),
+                                spec.getH().intValue());
+        }
+
+        publicKey = getPublicKeyDetails(pubKey);
+    }
+
+    public JCEECPrivateKey(
+        String                  algorithm,
+        ECPrivateKeyParameters  params)
+    {
+        this.algorithm = algorithm;
+        this.d = params.getD();
+        this.ecSpec = null;
+    }
+
+    JCEECPrivateKey(
+        PrivateKeyInfo      info)
+    {
+        populateFromPrivKeyInfo(info);
+    }
+
+    private void populateFromPrivKeyInfo(PrivateKeyInfo info)
+    {
+        X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters());
+
+        if (params.isNamedCurve())
+        {
+            DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+            X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
+
+            // BEGIN android-removed
+            // if (ecP == null) // GOST Curve
+            // {
+            //     ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
+            //     EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
+            //
+            //     ecSpec = new ECNamedCurveSpec(
+            //             ECGOST3410NamedCurves.getName(oid),
+            //             ellipticCurve,
+            //             new ECPoint(
+            //                     gParam.getG().getX().toBigInteger(),
+            //                     gParam.getG().getY().toBigInteger()),
+            //             gParam.getN(),
+            //             gParam.getH());
+            // }
+            // else
+            // END android-removed
+            {
+                EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
+
+                ecSpec = new ECNamedCurveSpec(
+                        ECUtil.getCurveName(oid),
+                        ellipticCurve,
+                        new ECPoint(
+                                ecP.getG().getX().toBigInteger(),
+                                ecP.getG().getY().toBigInteger()),
+                        ecP.getN(),
+                        ecP.getH());
+            }
+        }
+        else if (params.isImplicitlyCA())
+        {
+            ecSpec = null;
+        }
+        else
+        {
+            X9ECParameters      ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
+            EllipticCurve       ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
+
+            this.ecSpec = new ECParameterSpec(
+                ellipticCurve,
+                new ECPoint(
+                        ecP.getG().getX().toBigInteger(),
+                        ecP.getG().getY().toBigInteger()),
+                ecP.getN(),
+                ecP.getH().intValue());
+        }
+
+        if (info.getPrivateKey() instanceof DERInteger)
+        {
+            DERInteger          derD = (DERInteger)info.getPrivateKey();
+
+            this.d = derD.getValue();
+        }
+        else
+        {
+            ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)info.getPrivateKey());
+
+            this.d = ec.getKey();
+            this.publicKey = ec.getPublicKey();
+        }
+    }
+
+    public String getAlgorithm()
+    {
+        return algorithm;
+    }
+
+    /**
+     * return the encoding format we produce in getEncoded().
+     *
+     * @return the string "PKCS#8"
+     */
+    public String getFormat()
+    {
+        return "PKCS#8";
+    }
+
+    /**
+     * Return a PKCS8 representation of the key. The sequence returned
+     * represents a full PrivateKeyInfo object.
+     *
+     * @return a PKCS8 representation of the key.
+     */
+    public byte[] getEncoded()
+    {
+        X962Parameters          params;
+
+        if (ecSpec instanceof ECNamedCurveSpec)
+        {
+            DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
+            if (curveOid == null)  // guess it's the OID
+            {
+                curveOid = new DERObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName());
+            }
+            params = new X962Parameters(curveOid);
+        }
+        else if (ecSpec == null)
+        {
+            params = new X962Parameters(DERNull.INSTANCE);
+        }
+        else
+        {
+            ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
+
+            X9ECParameters ecP = new X9ECParameters(
+                curve,
+                EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+                ecSpec.getOrder(),
+                BigInteger.valueOf(ecSpec.getCofactor()),
+                ecSpec.getCurve().getSeed());
+
+            params = new X962Parameters(ecP);
+        }
+        
+        PrivateKeyInfo          info;
+        ECPrivateKeyStructure keyStructure;
+
+        if (publicKey != null)
+        {
+            keyStructure = new ECPrivateKeyStructure(this.getS(), publicKey, params);
+        }
+        else
+        {
+            keyStructure = new ECPrivateKeyStructure(this.getS(), params);
+        }
+
+        // BEGIN android-removed
+        // if (algorithm.equals("ECGOST3410"))
+        // {
+        //     info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), keyStructure.getDERObject());
+        // }
+        // else
+        // END android-removed
+        {
+
+            info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), keyStructure.getDERObject());
+        }
+
+        return info.getDEREncoded();
+    }
+
+    public ECParameterSpec getParams()
+    {
+        return ecSpec;
+    }
+
+    public org.bouncycastle.jce.spec.ECParameterSpec getParameters()
+    {
+        if (ecSpec == null)
+        {
+            return null;
+        }
+        
+        return EC5Util.convertSpec(ecSpec, withCompression);
+    }
+
+    org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec()
+    {
+        if (ecSpec != null)
+        {
+            return EC5Util.convertSpec(ecSpec, withCompression);
+        }
+
+        return ProviderUtil.getEcImplicitlyCa();
+    }
+
+    public BigInteger getS()
+    {
+        return d;
+    }
+
+    public BigInteger getD()
+    {
+        return d;
+    }
+    
+    public void setBagAttribute(
+        DERObjectIdentifier oid,
+        DEREncodable        attribute)
+    {
+        attrCarrier.setBagAttribute(oid, attribute);
+    }
+
+    public DEREncodable getBagAttribute(
+        DERObjectIdentifier oid)
+    {
+        return attrCarrier.getBagAttribute(oid);
+    }
+
+    public Enumeration getBagAttributeKeys()
+    {
+        return attrCarrier.getBagAttributeKeys();
+    }
+
+    public void setPointFormat(String style)
+    {
+       withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style));
+    }
+
+    public boolean equals(Object o)
+    {
+        if (!(o instanceof JCEECPrivateKey))
+        {
+            return false;
+        }
+
+        JCEECPrivateKey other = (JCEECPrivateKey)o;
+
+        return getD().equals(other.getD()) && (engineGetSpec().equals(other.engineGetSpec()));
+    }
+
+    public int hashCode()
+    {
+        return getD().hashCode() ^ engineGetSpec().hashCode();
+    }
+
+    public String toString()
+    {
+        StringBuffer    buf = new StringBuffer();
+        String          nl = System.getProperty("line.separator");
+
+        buf.append("EC Private Key").append(nl);
+        buf.append("             S: ").append(this.d.toString(16)).append(nl);
+
+        return buf.toString();
+
+    }
+
+    private DERBitString getPublicKeyDetails(JCEECPublicKey   pub)
+    {
+        try
+        {
+            SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(pub.getEncoded()));
+
+            return info.getPublicKeyData();
+        }
+        catch (IOException e)
+        {   // should never happen
+            return null;
+        }
+    }
+
+    private void readObject(
+        ObjectInputStream in)
+        throws IOException, ClassNotFoundException
+    {
+        byte[] enc = (byte[])in.readObject();
+
+        populateFromPrivKeyInfo(PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(enc)));
+
+        this.algorithm = (String)in.readObject();
+        this.withCompression = in.readBoolean();
+        this.attrCarrier = new PKCS12BagAttributeCarrierImpl();
+
+        attrCarrier.readObject(in);
+    }
+
+    private void writeObject(
+        ObjectOutputStream out)
+        throws IOException
+    {
+        out.writeObject(this.getEncoded());
+        out.writeObject(algorithm);
+        out.writeBoolean(withCompression);
+
+        attrCarrier.writeObject(out);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
new file mode 100644
index 0000000..00277ac
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
@@ -0,0 +1,532 @@
+package org.bouncycastle.jce.provider;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.math.BigInteger;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.EllipticCurve;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
+// END android-removed
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X962Parameters;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.asn1.x9.X9ECPoint;
+import org.bouncycastle.asn1.x9.X9IntegerConverter;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+// BEGIN android-removed
+// import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
+// END android-removed
+import org.bouncycastle.jce.interfaces.ECPointEncoder;
+import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
+import org.bouncycastle.jce.provider.asymmetric.ec.ECUtil;
+// BEGIN android-removed
+// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+// END android-removed
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.bouncycastle.math.ec.ECCurve;
+
+public class JCEECPublicKey
+    implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder
+{
+    private String                  algorithm = "EC";
+    private org.bouncycastle.math.ec.ECPoint q;
+    private ECParameterSpec         ecSpec;
+    private boolean                 withCompression;
+    // BEGIN android-removed
+    // private GOST3410PublicKeyAlgParameters       gostParams;
+    // END android-removed
+
+    public JCEECPublicKey(
+        String              algorithm,
+        JCEECPublicKey      key)
+    {
+        this.algorithm = algorithm;
+        this.q = key.q;
+        this.ecSpec = key.ecSpec;
+        this.withCompression = key.withCompression;
+        // BEGIN android-removed
+        // this.gostParams = key.gostParams;
+        // END android-removed
+    }
+    
+    public JCEECPublicKey(
+        String              algorithm,
+        ECPublicKeySpec     spec)
+    {
+        this.algorithm = algorithm;
+        this.ecSpec = spec.getParams();
+        this.q = EC5Util.convertPoint(ecSpec, spec.getW(), false);
+    }
+
+    public JCEECPublicKey(
+        String              algorithm,
+        org.bouncycastle.jce.spec.ECPublicKeySpec     spec)
+    {
+        this.algorithm = algorithm;
+        this.q = spec.getQ();
+
+        if (spec.getParams() != null) // can be null if implictlyCa
+        {
+            ECCurve curve = spec.getParams().getCurve();
+            EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed());
+
+            this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams());
+        }
+        else
+        {
+            if (q.getCurve() == null)
+            {
+                org.bouncycastle.jce.spec.ECParameterSpec s = ProviderUtil.getEcImplicitlyCa();
+
+                q = s.getCurve().createPoint(q.getX().toBigInteger(), q.getY().toBigInteger(), false);
+            }               
+            this.ecSpec = null;
+        }
+    }
+    
+    public JCEECPublicKey(
+        String                  algorithm,
+        ECPublicKeyParameters   params,
+        ECParameterSpec         spec)
+    {
+        ECDomainParameters      dp = params.getParameters();
+
+        this.algorithm = algorithm;
+        this.q = params.getQ();
+
+        if (spec == null)
+        {
+            EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());
+
+            this.ecSpec = createSpec(ellipticCurve, dp);
+        }
+        else
+        {
+            this.ecSpec = spec;
+        }
+    }
+
+    public JCEECPublicKey(
+        String                  algorithm,
+        ECPublicKeyParameters   params,
+        org.bouncycastle.jce.spec.ECParameterSpec         spec)
+    {
+        ECDomainParameters      dp = params.getParameters();
+
+        this.algorithm = algorithm;
+        this.q = params.getQ();
+
+        if (spec == null)
+        {
+            EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed());
+
+            this.ecSpec = createSpec(ellipticCurve, dp);
+        }
+        else
+        {
+            EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed());
+
+            this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec);
+        }
+    }
+
+    /*
+     * called for implicitCA
+     */
+    public JCEECPublicKey(
+        String                  algorithm,
+        ECPublicKeyParameters   params)
+    {
+        this.algorithm = algorithm;
+        this.q = params.getQ();
+        this.ecSpec = null;
+    }
+
+    private ECParameterSpec createSpec(EllipticCurve ellipticCurve, ECDomainParameters dp)
+    {
+        return new ECParameterSpec(
+                ellipticCurve,
+                new ECPoint(
+                        dp.getG().getX().toBigInteger(),
+                        dp.getG().getY().toBigInteger()),
+                        dp.getN(),
+                        dp.getH().intValue());
+    }
+    
+    public JCEECPublicKey(
+        ECPublicKey     key)
+    {
+        this.algorithm = key.getAlgorithm();
+        this.ecSpec = key.getParams();
+        this.q = EC5Util.convertPoint(this.ecSpec, key.getW(), false);
+    }
+
+    JCEECPublicKey(
+        SubjectPublicKeyInfo    info)
+    {
+        populateFromPubKeyInfo(info);
+    }
+
+    private void populateFromPubKeyInfo(SubjectPublicKeyInfo info)
+    {
+        // BEGIN android-removed
+        // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
+        // {
+        //     DERBitString bits = info.getPublicKeyData();
+        //     ASN1OctetString key;
+        //     this.algorithm = "ECGOST3410";
+        //
+        //     try
+        //     {
+        //         key = (ASN1OctetString) ASN1Object.fromByteArray(bits.getBytes());
+        //     }
+        //     catch (IOException ex)
+        //     {
+        //         throw new IllegalArgumentException("error recovering public key");
+        //     }
+        //
+        //     byte[]          keyEnc = key.getOctets();
+        //     byte[]          x = new byte[32];
+        //     byte[]          y = new byte[32];
+        //
+        //     for (int i = 0; i != x.length; i++)
+        //     {
+        //         x[i] = keyEnc[32 - 1 - i];
+        //     }
+        //
+        //     for (int i = 0; i != y.length; i++)
+        //     {
+        //         y[i] = keyEnc[64 - 1 - i];
+        //     }
+        //
+        //     gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
+        //
+        //     ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
+        //
+        //     ECCurve curve = spec.getCurve();
+        //     EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
+        //
+        //     this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
+        //
+        //     ecSpec = new ECNamedCurveSpec(
+        //             ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
+        //             ellipticCurve,
+        //             new ECPoint(
+        //                     spec.getG().getX().toBigInteger(),
+        //                     spec.getG().getY().toBigInteger()),
+        //                     spec.getN(), spec.getH());
+        //
+        // }
+        // else
+        // END android-removed
+        {
+            X962Parameters params = new X962Parameters((DERObject)info.getAlgorithmId().getParameters());
+            ECCurve                 curve;
+            EllipticCurve           ellipticCurve;
+
+            if (params.isNamedCurve())
+            {
+                DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+                X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
+
+                curve = ecP.getCurve();
+                ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed());
+
+                ecSpec = new ECNamedCurveSpec(
+                        ECUtil.getCurveName(oid),
+                        ellipticCurve,
+                        new ECPoint(
+                                ecP.getG().getX().toBigInteger(),
+                                ecP.getG().getY().toBigInteger()),
+                        ecP.getN(),
+                        ecP.getH());
+            }
+            else if (params.isImplicitlyCA())
+            {
+                ecSpec = null;
+                curve = ProviderUtil.getEcImplicitlyCa().getCurve();
+            }
+            else
+            {
+                X9ECParameters          ecP = new X9ECParameters((ASN1Sequence)params.getParameters());
+
+                curve = ecP.getCurve();
+                ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed());
+
+                this.ecSpec = new ECParameterSpec(
+                        ellipticCurve,
+                        new ECPoint(
+                                ecP.getG().getX().toBigInteger(),
+                                ecP.getG().getY().toBigInteger()),
+                        ecP.getN(),
+                        ecP.getH().intValue());
+            }
+
+            DERBitString    bits = info.getPublicKeyData();
+            byte[]          data = bits.getBytes();
+            ASN1OctetString key = new DEROctetString(data);
+
+            //
+            // extra octet string - one of our old certs...
+            //
+            if (data[0] == 0x04 && data[1] == data.length - 2
+                && (data[2] == 0x02 || data[2] == 0x03))
+            {
+                int qLength = new X9IntegerConverter().getByteLength(curve);
+
+                if (qLength >= data.length - 3)
+                {
+                    try
+                    {
+                        key = (ASN1OctetString) ASN1Object.fromByteArray(data);
+                    }
+                    catch (IOException ex)
+                    {
+                        throw new IllegalArgumentException("error recovering public key");
+                    }
+                }
+            }
+            X9ECPoint derQ = new X9ECPoint(curve, key);
+
+            this.q = derQ.getPoint();
+        }
+    }
+
+    public String getAlgorithm()
+    {
+        return algorithm;
+    }
+
+    public String getFormat()
+    {
+        return "X.509";
+    }
+
+    public byte[] getEncoded()
+    {
+        ASN1Encodable        params;
+        SubjectPublicKeyInfo info;
+
+        // BEGIN android-removed
+        // if (algorithm.equals("ECGOST3410"))
+        // {
+        //     if (gostParams != null)
+        //     {
+        //         params = gostParams;
+        //     }
+        //     else
+        //     {
+        //         if (ecSpec instanceof ECNamedCurveSpec)
+        //         {
+        //             params = new GOST3410PublicKeyAlgParameters(
+        //                            ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
+        //                            CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
+        //         }
+        //         else
+        //         {   // strictly speaking this may not be applicable...
+        //             ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
+        //
+        //             X9ECParameters ecP = new X9ECParameters(
+        //                 curve,
+        //                 EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+        //                 ecSpec.getOrder(),
+        //                 BigInteger.valueOf(ecSpec.getCofactor()),
+        //                 ecSpec.getCurve().getSeed());
+        //
+        //             params = new X962Parameters(ecP);
+        //         }
+        //     }
+        //
+        //     BigInteger      bX = this.q.getX().toBigInteger();
+        //     BigInteger      bY = this.q.getY().toBigInteger();
+        //     byte[]          encKey = new byte[64];
+        //
+        //     extractBytes(encKey, 0, bX);
+        //     extractBytes(encKey, 32, bY);
+        //
+        //     info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.getDERObject()), new DEROctetString(encKey));
+        // }
+        // else
+        // END android-removed
+        {
+            if (ecSpec instanceof ECNamedCurveSpec)
+            {
+                DERObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName());
+                if (curveOid == null)
+                {
+                    curveOid = new DERObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName());
+                }
+                params = new X962Parameters(curveOid);
+            }
+            else if (ecSpec == null)
+            {
+                params = new X962Parameters(DERNull.INSTANCE);
+            }
+            else
+            {
+                ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
+
+                X9ECParameters ecP = new X9ECParameters(
+                    curve,
+                    EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+                    ecSpec.getOrder(),
+                    BigInteger.valueOf(ecSpec.getCofactor()),
+                    ecSpec.getCurve().getSeed());
+
+                params = new X962Parameters(ecP);
+            }
+
+            ECCurve curve = this.engineGetQ().getCurve();
+            ASN1OctetString p = (ASN1OctetString)
+                new X9ECPoint(curve.createPoint(this.getQ().getX().toBigInteger(), this.getQ().getY().toBigInteger(), withCompression)).getDERObject();
+
+            info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), p.getOctets());
+        }
+
+        return info.getDEREncoded();
+    }
+
+    private void extractBytes(byte[] encKey, int offSet, BigInteger bI)
+    {
+        byte[] val = bI.toByteArray();
+        if (val.length < 32)
+        {
+            byte[] tmp = new byte[32];
+            System.arraycopy(val, 0, tmp, tmp.length - val.length, val.length);
+            val = tmp;
+        }
+
+        for (int i = 0; i != 32; i++)
+        {
+            encKey[offSet + i] = val[val.length - 1 - i];
+        }
+    }
+
+    public ECParameterSpec getParams()
+    {
+        return ecSpec;
+    }
+
+    public org.bouncycastle.jce.spec.ECParameterSpec getParameters()
+    {
+        if (ecSpec == null)     // implictlyCA
+        {
+            return null;
+        }
+
+        return EC5Util.convertSpec(ecSpec, withCompression);
+    }
+
+    public ECPoint getW()
+    {
+        return new ECPoint(q.getX().toBigInteger(), q.getY().toBigInteger());
+    }
+
+    public org.bouncycastle.math.ec.ECPoint getQ()
+    {
+        if (ecSpec == null)
+        {
+            if (q instanceof org.bouncycastle.math.ec.ECPoint.Fp)
+            {
+                return new org.bouncycastle.math.ec.ECPoint.Fp(null, q.getX(), q.getY());
+            }
+            else
+            {
+                return new org.bouncycastle.math.ec.ECPoint.F2m(null, q.getX(), q.getY());
+            }
+        }
+
+        return q;
+    }
+
+    public org.bouncycastle.math.ec.ECPoint engineGetQ()
+    {
+        return q;
+    }
+
+    org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec()
+    {
+        if (ecSpec != null)
+        {
+            return EC5Util.convertSpec(ecSpec, withCompression);
+        }
+
+        return ProviderUtil.getEcImplicitlyCa();
+    }
+
+    public String toString()
+    {
+        StringBuffer    buf = new StringBuffer();
+        String          nl = System.getProperty("line.separator");
+
+        buf.append("EC Public Key").append(nl);
+        buf.append("            X: ").append(this.q.getX().toBigInteger().toString(16)).append(nl);
+        buf.append("            Y: ").append(this.q.getY().toBigInteger().toString(16)).append(nl);
+
+        return buf.toString();
+
+    }
+    
+    public void setPointFormat(String style)
+    {
+       withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style));
+    }
+
+    public boolean equals(Object o)
+    {
+        if (!(o instanceof JCEECPublicKey))
+        {
+            return false;
+        }
+
+        JCEECPublicKey other = (JCEECPublicKey)o;
+
+        return engineGetQ().equals(other.engineGetQ()) && (engineGetSpec().equals(other.engineGetSpec()));
+    }
+
+    public int hashCode()
+    {
+        return engineGetQ().hashCode() ^ engineGetSpec().hashCode();
+    }
+
+    private void readObject(
+        ObjectInputStream in)
+        throws IOException, ClassNotFoundException
+    {
+        byte[] enc = (byte[])in.readObject();
+
+        populateFromPubKeyInfo(SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(enc)));
+
+        this.algorithm = (String)in.readObject();
+        this.withCompression = in.readBoolean();
+    }
+
+    private void writeObject(
+        ObjectOutputStream out)
+        throws IOException
+    {
+        out.writeObject(this.getEncoded());
+        out.writeObject(algorithm);
+        out.writeBoolean(withCompression);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java b/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java
index 8108f4e..6373557 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java
@@ -1,18 +1,18 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.KeyGenerationParameters;
-import org.bouncycastle.crypto.generators.DESKeyGenerator;
-import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
-
-import javax.crypto.KeyGeneratorSpi;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidParameterException;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
 
+import javax.crypto.KeyGeneratorSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.bouncycastle.crypto.CipherKeyGenerator;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.generators.DESKeyGenerator;
+
 public class JCEKeyGenerator
     extends KeyGeneratorSpi
 {
@@ -57,6 +57,11 @@
     {
         try
         {
+            // BEGIN android-added
+            if (random == null) {
+                random = new SecureRandom();
+            }
+            // END android-added
             engine.init(new KeyGenerationParameters(random, keySize));
             uninitialised = false;
         }
@@ -93,110 +98,8 @@
         }
     }
 
-    /**
-     * DESede - the default for this is to generate a key in 
-     * a-b-a format that's 24 bytes long but has 16 bytes of
-     * key material (the first 8 bytes is repeated as the last
-     * 8 bytes). If you give it a size, you'll get just what you
-     * asked for.
-     */
-    public static class DESede
-        extends JCEKeyGenerator
-    {
-        private boolean     keySizeSet = false;
-
-        public DESede()
-        {
-            super("DESede", 192, new DESedeKeyGenerator());
-        }
-
-        protected void engineInit(
-            int             keySize,
-            SecureRandom    random)
-        {
-            super.engineInit(keySize, random);
-            keySizeSet = true;
-        }
-
-        protected SecretKey engineGenerateKey()
-        {
-            if (uninitialised)
-            {
-                engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize));
-                uninitialised = false;
-            }
-
-            //
-            // if no key size has been defined generate a 24 byte key in
-            // the a-b-a format
-            //
-            if (!keySizeSet)
-            {
-                byte[]     k = engine.generateKey();
-
-                System.arraycopy(k, 0, k, 16, 8);
-
-                return (SecretKey)(new SecretKeySpec(k, algName));
-            }
-            else
-            {
-                return (SecretKey)(new SecretKeySpec(engine.generateKey(), algName));
-            }
-        }
-    }
-    
     // BEGIN android-removed
     // /**
-    //  * generate a desEDE key in the a-b-c format.
-    //  */
-    // public static class DESede3
-    //     extends JCEKeyGenerator
-    // {
-    //     public DESede3()
-    //     {
-    //         super("DESede3", 192, new DESedeKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * SKIPJACK
-    //  */
-    // public static class Skipjack
-    //     extends JCEKeyGenerator
-    // {
-    //     public Skipjack()
-    //     {
-    //         super("SKIPJACK", 80, new CipherKeyGenerator());
-    //     }
-    // }
-    // END android-removed
-    
-    /**
-     * Blowfish
-     */
-    public static class Blowfish
-        extends JCEKeyGenerator
-    {
-        public Blowfish()
-        {
-            super("Blowfish", 128, new CipherKeyGenerator());
-        }
-    }
-    
-    // BEGIN android-removed
-    // /**
-    //  * Twofish
-    //  */
-    // public static class Twofish
-    //     extends JCEKeyGenerator
-    // {
-    //     public Twofish()
-    //     {
-    //         super("Twofish", 256, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
     //  * RC2
     //  */
     // public static class RC2
@@ -207,56 +110,6 @@
     //         super("RC2", 128, new CipherKeyGenerator());
     //     }
     // }
-    // END android-removed
-    
-    /**
-     * RC4
-     */
-    public static class RC4
-        extends JCEKeyGenerator
-    {
-        public RC4()
-        {
-            super("RC4", 128, new CipherKeyGenerator());
-        }
-    }
-    
-    // BEGIN android-removed
-    // /**
-    //  * RC5
-    //  */
-    // public static class RC5
-    //     extends JCEKeyGenerator
-    // {
-    //     public RC5()
-    //     {
-    //         super("RC5", 128, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * RC5
-    //  */
-    // public static class RC564
-    //     extends JCEKeyGenerator
-    // {
-    //     public RC564()
-    //     {
-    //         super("RC5-64", 256, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * RC6
-    //  */
-    // public static class RC6
-    //     extends JCEKeyGenerator
-    // {
-    //     public RC6()
-    //     {
-    //         super("RC6", 256, new CipherKeyGenerator());
-    //     }
-    // }
     //
     // /**
     //  * GOST28147
@@ -269,128 +122,6 @@
     //         super("GOST28147", 256, new CipherKeyGenerator());
     //     }
     // }
-    
-    // /**
-    //  * Rijndael
-    //  */
-    // public static class Rijndael
-    //     extends JCEKeyGenerator
-    // {
-    //     public Rijndael()
-    //     {
-    //         super("Rijndael", 192, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * Serpent
-    //  */
-    // public static class Serpent
-    //     extends JCEKeyGenerator
-    // {
-    //     public Serpent()
-    //     {
-    //         super("Serpent", 192, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    //
-    //
-    // /**
-    //  * CAST6
-    //  */
-    // public static class CAST6
-    //     extends JCEKeyGenerator
-    // {
-    //     public CAST6()
-    //     {
-    //         super("CAST6", 256, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * TEA
-    //  */
-    // public static class TEA
-    //     extends JCEKeyGenerator
-    // {
-    //     public TEA()
-    //     {
-    //         super("TEA", 128, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * XTEA
-    //  */
-    // public static class XTEA
-    //     extends JCEKeyGenerator
-    // {
-    //     public XTEA()
-    //     {
-    //         super("XTEA", 128, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * Salsa20
-    //  */
-    // public static class Salsa20
-    //     extends JCEKeyGenerator
-    // {
-    //     public Salsa20()
-    //     {
-    //         super("Salsa20", 128, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * HC128
-    //  */
-    // public static class HC128
-    //     extends JCEKeyGenerator
-    // {
-    //     public HC128()
-    //     {
-    //         super("HC128", 128, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * HC256
-    //  */
-    // public static class HC256
-    //     extends JCEKeyGenerator
-    // {
-    //     public HC256()
-    //     {
-    //         super("HC256", 256, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * VMPC
-    //  */
-    // public static class VMPC
-    //     extends JCEKeyGenerator
-    // {
-    //     public VMPC()
-    //     {
-    //         super("VMPC", 128, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // /**
-    //  * VMPC-KSA3
-    //  */
-    // public static class VMPCKSA3
-    //     extends JCEKeyGenerator
-    // {
-    //     public VMPCKSA3()
-    //     {
-    //         super("VMPC-KSA3", 128, new CipherKeyGenerator());
-    //     }
-    // }
     // END android-removed
 
     // HMAC Related secret keys..
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEMac.java b/src/main/java/org/bouncycastle/jce/provider/JCEMac.java
index cbb2547..cf876f5 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEMac.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEMac.java
@@ -1,5 +1,14 @@
 package org.bouncycastle.jce.provider;
 
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.MacSpi;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEParameterSpec;
+
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Mac;
 // BEGIN android-removed
@@ -22,11 +31,8 @@
 // import org.bouncycastle.crypto.digests.TigerDigest;
 // END android-removed
 import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.DESedeEngine;
 // BEGIN android-removed
 // import org.bouncycastle.crypto.engines.RC2Engine;
-// import org.bouncycastle.crypto.engines.RC532Engine;
-// import org.bouncycastle.crypto.engines.SkipjackEngine;
 // END android-removed
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
 // BEGIN android-removed
@@ -37,20 +43,11 @@
 // BEGIN android-removed
 // import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
 // import org.bouncycastle.crypto.macs.OldHMac;
-// import org.bouncycastle.crypto.macs.VMPCMac;
 // END android-removed
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 
-import javax.crypto.MacSpi;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEParameterSpec;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
-
 public class JCEMac
     extends MacSpi implements PBE
 {
@@ -174,30 +171,6 @@
     // }
     //
     // /**
-    //  * DESede
-    //  */
-    // public static class DESede
-    //     extends JCEMac
-    // {
-    //     public DESede()
-    //     {
-    //         super(new CBCBlockCipherMac(new DESedeEngine()));
-    //     }
-    // }
-    //
-    // /**
-    //  * SKIPJACK
-    //  */
-    // public static class Skipjack
-    //     extends JCEMac
-    // {
-    //     public Skipjack()
-    //     {
-    //         super(new CBCBlockCipherMac(new SkipjackEngine()));
-    //     }
-    // }
-    //
-    // /**
     //  * RC2
     //  */
     // public static class RC2
@@ -210,18 +183,6 @@
     // }
     //
     // /**
-    //  * RC5
-    //  */
-    // public static class RC5
-    //     extends JCEMac
-    // {
-    //     public RC5()
-    //     {
-    //         super(new CBCBlockCipherMac(new RC532Engine()));
-    //     }
-    // }
-    //
-    // /**
     //  * GOST28147
     //  */
     // public static class GOST28147
@@ -233,17 +194,7 @@
     //     }
     // }
     //
-    // /**
-    //  * VMPC
-    //  */
-    // public static class VMPC
-    //     extends JCEMac
-    // {
-    //     public VMPC()
-    //     {
-    //         super(new VMPCMac());
-    //     }
-    // }
+    //
     //
     // /**
     //  * DES
@@ -258,30 +209,6 @@
     // }
     //
     // /**
-    //  * DESede
-    //  */
-    // public static class DESedeCFB8
-    //     extends JCEMac
-    // {
-    //     public DESedeCFB8()
-    //     {
-    //         super(new CFBBlockCipherMac(new DESedeEngine()));
-    //     }
-    // }
-    //
-    // /**
-    //  * SKIPJACK
-    //  */
-    // public static class SkipjackCFB8
-    //     extends JCEMac
-    // {
-    //     public SkipjackCFB8()
-    //     {
-    //         super(new CFBBlockCipherMac(new SkipjackEngine()));
-    //     }
-    // }
-    //
-    // /**
     //  * RC2CFB8
     //  */
     // public static class RC2CFB8
@@ -294,43 +221,6 @@
     // }
     //
     // /**
-    //  * RC5CFB8
-    //  */
-    // public static class RC5CFB8
-    //     extends JCEMac
-    // {
-    //     public RC5CFB8()
-    //     {
-    //         super(new CFBBlockCipherMac(new RC532Engine()));
-    //     }
-    // }
-    //
-    //
-    // /**
-    //  * DESede64
-    //  */
-    // public static class DESede64
-    //     extends JCEMac
-    // {
-    //     public DESede64()
-    //     {
-    //         super(new CBCBlockCipherMac(new DESedeEngine(), 64));
-    //     }
-    // }
-    //
-    // /**
-    //  * DESede64with7816-4Padding
-    //  */
-    // public static class DESede64with7816d4
-    //     extends JCEMac
-    // {
-    //     public DESede64with7816d4()
-    //     {
-    //         super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
-    //     }
-    // }
-    //
-    // /**
     //  * DES9797Alg3with7816-4Padding
     //  */
     // public static class DES9797Alg3with7816d4
@@ -378,7 +268,7 @@
     //     }
     // }
     // END android-removed
-    
+
     /**
      * MD5 HMac
      */
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java b/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java
index 877dc6b..50a0e41 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java
@@ -1,23 +1,5 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.crypto.AsymmetricBlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
-import org.bouncycastle.crypto.encodings.OAEPEncoding;
-import org.bouncycastle.crypto.encodings.PKCS1Encoding;
-import org.bouncycastle.crypto.engines.RSABlindedEngine;
-import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.util.Strings;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.OAEPParameterSpec;
-import javax.crypto.spec.PSource;
 import java.io.ByteArrayOutputStream;
 import java.security.AlgorithmParameters;
 import java.security.InvalidAlgorithmParameterException;
@@ -32,6 +14,25 @@
 import java.security.spec.InvalidParameterSpecException;
 import java.security.spec.MGF1ParameterSpec;
 
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
+
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.crypto.AsymmetricBlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
+import org.bouncycastle.crypto.encodings.OAEPEncoding;
+import org.bouncycastle.crypto.encodings.PKCS1Encoding;
+import org.bouncycastle.crypto.engines.RSABlindedEngine;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.util.Strings;
+
 public class JCERSACipher extends WrapCipherSpi
 {
     private AsymmetricBlockCipher   cipher;
@@ -143,7 +144,7 @@
             {
                 try
                 {
-                    engineParams = AlgorithmParameters.getInstance("OAEP", "BC");
+                    engineParams = AlgorithmParameters.getInstance("OAEP", BouncyCastleProvider.PROVIDER_NAME);
                     engineParams.init(paramSpec);
                 }
                 catch (Exception e)
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
index 2d384d3..51f8e38 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
@@ -8,7 +8,6 @@
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactorySpi;
 import javax.crypto.spec.DESKeySpec;
-import javax.crypto.spec.DESedeKeySpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
@@ -209,20 +208,19 @@
                 {
                     param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize);
                 }
-                
+
+                KeyParameter kParam;
                 if (param instanceof ParametersWithIV)
                 {
-                    KeyParameter    kParam = (KeyParameter)((ParametersWithIV)param).getParameters();
-
-                    DESParameters.setOddParity(kParam.getKey());
+                    kParam = (KeyParameter)((ParametersWithIV)param).getParameters();
                 }
                 else
                 {
-                    KeyParameter    kParam = (KeyParameter)param;
-
-                    DESParameters.setOddParity(kParam.getKey());
+                    kParam = (KeyParameter)param;
                 }
-                
+
+                DESParameters.setOddParity(kParam.getKey());
+
                 return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param);
             }
             
@@ -252,75 +250,6 @@
         }
     }
 
-    static public class DESede
-        extends JCESecretKeyFactory
-    {
-        public DESede()
-        {
-            super("DESede", null);
-        }
-
-        protected KeySpec engineGetKeySpec(
-            SecretKey key,
-            Class keySpec)
-        throws InvalidKeySpecException
-        {
-            if (keySpec == null)
-            {
-                throw new InvalidKeySpecException("keySpec parameter is null");
-            }
-            if (key == null)
-            {
-                throw new InvalidKeySpecException("key parameter is null");
-            }
-            
-            if (SecretKeySpec.class.isAssignableFrom(keySpec))
-            {
-                return new SecretKeySpec(key.getEncoded(), algName);
-            }
-            else if (DESedeKeySpec.class.isAssignableFrom(keySpec))
-            {
-                byte[]  bytes = key.getEncoded();
-
-                try
-                {
-                    if (bytes.length == 16)
-                    {
-                        byte[]  longKey = new byte[24];
-
-                        System.arraycopy(bytes, 0, longKey, 0, 16);
-                        System.arraycopy(bytes, 0, longKey, 16, 8);
-
-                        return new DESedeKeySpec(longKey);
-                    }
-                    else
-                    {
-                        return new DESedeKeySpec(bytes);
-                    }
-                }
-                catch (Exception e)
-                {
-                    throw new InvalidKeySpecException(e.toString());
-                }
-            }
-
-            throw new InvalidKeySpecException("Invalid KeySpec");
-        }
-
-        protected SecretKey engineGenerateSecret(
-            KeySpec keySpec)
-        throws InvalidKeySpecException
-        {
-            if (keySpec instanceof DESedeKeySpec)
-            {
-                DESedeKeySpec desKeySpec = (DESedeKeySpec)keySpec;
-                return new SecretKeySpec(desKeySpec.getKey(), "DESede");
-            }
-
-            return super.engineGenerateSecret(keySpec);
-        }
-    }
-    
     // BEGIN android-removed
     // /**
     //  * PBEWithMD2AndDES
@@ -375,7 +304,7 @@
     * PBEWithSHA1AndDES
     */
    static public class PBEWithSHA1AndDES
-       extends PBEKeyFactory
+       extends DESPBEKeyFactory
    {
        public PBEWithSHA1AndDES()
        {
@@ -399,7 +328,7 @@
     * PBEWithSHAAnd3-KeyTripleDES-CBC
     */
    static public class PBEWithSHAAndDES3Key
-       extends PBEKeyFactory
+       extends DESPBEKeyFactory
    {
        public PBEWithSHAAndDES3Key()
        {
@@ -411,7 +340,7 @@
     * PBEWithSHAAnd2-KeyTripleDES-CBC
     */
    static public class PBEWithSHAAndDES2Key
-       extends PBEKeyFactory
+       extends DESPBEKeyFactory
    {
        public PBEWithSHAAndDES2Key()
        {
diff --git a/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java b/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java
index 6226581..b88ccae 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java
@@ -1,29 +1,11 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.StreamBlockCipher;
-import org.bouncycastle.crypto.StreamCipher;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.BlowfishEngine;
-// import org.bouncycastle.crypto.engines.DESEngine;
-// import org.bouncycastle.crypto.engines.DESedeEngine;
-// import org.bouncycastle.crypto.engines.HC128Engine;
-// import org.bouncycastle.crypto.engines.HC256Engine;
-// END android-removed
-import org.bouncycastle.crypto.engines.RC4Engine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.Salsa20Engine;
-// import org.bouncycastle.crypto.engines.SkipjackEngine;
-// import org.bouncycastle.crypto.engines.TwofishEngine;
-// import org.bouncycastle.crypto.engines.VMPCEngine;
-// import org.bouncycastle.crypto.engines.VMPCKSA3Engine;
-// END android-removed
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
 
 import javax.crypto.Cipher;
 import javax.crypto.NoSuchPaddingException;
@@ -35,12 +17,26 @@
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
 // END android-removed
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.StreamBlockCipher;
+import org.bouncycastle.crypto.StreamCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.BlowfishEngine;
+// import org.bouncycastle.crypto.engines.DESEngine;
+// import org.bouncycastle.crypto.engines.DESedeEngine;
+// END android-removed
+import org.bouncycastle.crypto.engines.RC4Engine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.SkipjackEngine;
+// import org.bouncycastle.crypto.engines.TwofishEngine;
+// END android-removed
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.OFBBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
 
 public class JCEStreamCipher
     extends WrapCipherSpi implements PBE
@@ -113,7 +109,7 @@
             {
                 try
                 {
-                    AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, "BC");
+                    AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
                     engineParams.init(pbeSpec);
                     
                     return engineParams;
@@ -505,18 +501,6 @@
     // END android-removed
 
     /**
-     * RC4
-     */
-    static public class RC4
-        extends JCEStreamCipher
-    {
-        public RC4()
-        {
-            super(new RC4Engine(), 0);
-        }
-    }
-
-    /**
      * PBEWithSHAAnd128BitRC4
      */
     static public class PBEWithSHAAnd128BitRC4
@@ -539,66 +523,4 @@
             super(new RC4Engine(), 0);
         }
     }
-    
-    // BEGIN android-removed
-    // /**
-    //  * Salsa20
-    //  */
-    // static public class Salsa20
-    //     extends JCEStreamCipher
-    // {
-    //     public Salsa20()
-    //     {
-    //         super(new Salsa20Engine(), 8);
-    //     }
-    // }
-    //
-    // /**
-    //  * HC-128
-    //  */
-    // static public class HC128
-    //     extends JCEStreamCipher
-    // {
-    //     public HC128()
-    //     {
-    //         super(new HC128Engine(), 16);
-    //     }
-    // }
-    //
-    // /**
-    //  * HC-256
-    //  */
-    // static public class HC256
-    //     extends JCEStreamCipher
-    // {
-    //     public HC256()
-    //     {
-    //         super(new HC256Engine(), 32);
-    //     }
-    // }
-    //
-    // /**
-    //  * VMPC
-    //  */
-    // static public class VMPC
-    //     extends JCEStreamCipher
-    // {
-    //     public VMPC()
-    //     {
-    //         super(new VMPCEngine(), 16);
-    //     }
-    // }
-    //
-    // /**
-    //  * VMPC-KSA3
-    //  */
-    // static public class VMPCKSA3
-    //     extends JCEStreamCipher
-    // {
-    //     public VMPCKSA3()
-    //     {
-    //         super(new VMPCKSA3Engine(), 16);
-    //     }
-    // }
-    // END android-removed
 }
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java b/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
index f367434..b61acfa 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
@@ -1,5 +1,20 @@
 package org.bouncycastle.jce.provider;
 
+import java.security.AlgorithmParameterGeneratorSpi;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidParameterException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.DSAParameterSpec;
+
+import javax.crypto.spec.DHGenParameterSpec;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.IvParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// END android-removed
+
 import org.bouncycastle.crypto.generators.DHParametersGenerator;
 import org.bouncycastle.crypto.generators.DSAParametersGenerator;
 // BEGIN android-removed
@@ -15,20 +30,6 @@
 // import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec;
 // END android-removed
 
-import javax.crypto.spec.DHGenParameterSpec;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
-// BEGIN android-removed
-// import javax.crypto.spec.RC2ParameterSpec;
-// END android-removed
-import java.security.AlgorithmParameterGeneratorSpi;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidParameterException;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.DSAParameterSpec;
-
 public abstract class JDKAlgorithmParameterGenerator
     extends AlgorithmParameterGeneratorSpi
 {
@@ -83,7 +84,7 @@
 
             try
             {
-                params = AlgorithmParameters.getInstance("DH", "BC");
+                params = AlgorithmParameters.getInstance("DH", BouncyCastleProvider.PROVIDER_NAME);
                 params.init(new DHParameterSpec(p.getP(), p.getG(), l));
             }
             catch (Exception e)
@@ -138,7 +139,7 @@
 
             try
             {
-                params = AlgorithmParameters.getInstance("DSA", "BC");
+                params = AlgorithmParameters.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME);
                 params.init(new DSAParameterSpec(p.getP(), p.getQ(), p.getG()));
             }
             catch (Exception e)
@@ -150,198 +151,198 @@
         }
     }
 
-   // BEGIN android-removed
-   // public static class GOST3410
-   //     extends JDKAlgorithmParameterGenerator
-   // {
-   //     protected void engineInit(
-   //             AlgorithmParameterSpec  genParamSpec,
-   //             SecureRandom            random)
-   //     throws InvalidAlgorithmParameterException
-   //     {
-   //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation.");
-   //     }
-   //       
-   //     protected AlgorithmParameters engineGenerateParameters()
-   //     {
-   //         GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator();
-   //           
-   //         if (random != null)
-   //         {
-   //             pGen.init(strength, 2, random);
-   //         }
-   //         else
-   //         {
-   //             pGen.init(strength, 2, new SecureRandom());
-   //         }
-   //           
-   //         GOST3410Parameters p = pGen.generateParameters();
-   //           
-   //         AlgorithmParameters params;
-   //           
-   //         try
-   //         {
-   //             params = AlgorithmParameters.getInstance("GOST3410", "BC");
-   //             params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
-   //         }
-   //         catch (Exception e)
-   //         {
-   //             throw new RuntimeException(e.getMessage());
-   //         }
-   //           
-   //         return params;
-   //     }
-   // }
-   //   
-   // public static class ElGamal
-   //     extends JDKAlgorithmParameterGenerator
-   // {
-   //     private int l = 0;
-   //       
-   //     protected void engineInit(
-   //         AlgorithmParameterSpec  genParamSpec,
-   //         SecureRandom            random)
-   //         throws InvalidAlgorithmParameterException
-   //     {
-   //         if (!(genParamSpec instanceof DHGenParameterSpec))
-   //         {
-   //             throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation");
-   //         }
-   //         DHGenParameterSpec  spec = (DHGenParameterSpec)genParamSpec;
-   //
-   //         this.strength = spec.getPrimeSize();
-   //         this.l = spec.getExponentSize();
-   //         this.random = random;
-   //     }
-   //
-   //     protected AlgorithmParameters engineGenerateParameters()
-   //     {
-   //         ElGamalParametersGenerator pGen = new ElGamalParametersGenerator();
-   //
-   //         if (random != null)
-   //         {
-   //             pGen.init(strength, 20, random);
-   //         }
-   //         else
-   //         {
-   //             pGen.init(strength, 20, new SecureRandom());
-   //         }
-   //
-   //         ElGamalParameters p = pGen.generateParameters();
-   //
-   //         AlgorithmParameters params;
-   //
-   //         try
-   //         {
-   //             params = AlgorithmParameters.getInstance("ElGamal", "BC");
-   //             params.init(new DHParameterSpec(p.getP(), p.getG(), l));
-   //         }
-   //         catch (Exception e)
-   //         {
-   //             throw new RuntimeException(e.getMessage());
-   //         }
-   //
-   //         return params;
-   //     }
-   // }
-   //
-   //  public static class DES
-   //      extends JDKAlgorithmParameterGenerator
-   //  {
-   //      protected void engineInit(
-   //          AlgorithmParameterSpec  genParamSpec,
-   //          SecureRandom            random)
-   //          throws InvalidAlgorithmParameterException
-   //      {
-   //          throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
-   //      }
-   //
-   //      protected AlgorithmParameters engineGenerateParameters()
-   //      {
-   //          byte[]  iv = new byte[8];
-   //
-   //          if (random == null)
-   //          {
-   //              random = new SecureRandom();
-   //          }
-   //
-   //          random.nextBytes(iv);
-   //
-   //          AlgorithmParameters params;
-   //
-   //          try
-   //          {
-   //              params = AlgorithmParameters.getInstance("DES", "BC");
-   //              params.init(new IvParameterSpec(iv));
-   //          }
-   //          catch (Exception e)
-   //          {
-   //              throw new RuntimeException(e.getMessage());
-   //          }
-   //
-   //          return params;
-   //      }
-   //  }
-   //
-   //  public static class RC2
-   //      extends JDKAlgorithmParameterGenerator
-   //  {
-   //      RC2ParameterSpec    spec = null;
-   //
-   //      protected void engineInit(
-   //          AlgorithmParameterSpec  genParamSpec,
-   //          SecureRandom            random)
-   //          throws InvalidAlgorithmParameterException
-   //      {
-   //          if (genParamSpec instanceof RC2ParameterSpec)
-   //          {
-   //              spec = (RC2ParameterSpec)genParamSpec;
-   //              return;
-   //          }
-   //
-   //          throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
-   //      }
-   //
-   //      protected AlgorithmParameters engineGenerateParameters()
-   //      {
-   //          AlgorithmParameters params;
-   //
-   //          if (spec == null)
-   //          {
-   //              byte[]  iv = new byte[8];
-   //
-   //              if (random == null)
-   //              {
-   //                  random = new SecureRandom();
-   //              }
-   //
-   //              random.nextBytes(iv);
-   //
-   //              try
-   //              {
-   //                  params = AlgorithmParameters.getInstance("RC2", "BC");
-   //                  params.init(new IvParameterSpec(iv));
-   //              }
-   //              catch (Exception e)
-   //              {
-   //                  throw new RuntimeException(e.getMessage());
-   //              }
-   //          }
-   //          else
-   //          {
-   //              try
-   //              {
-   //                  params = AlgorithmParameters.getInstance("RC2", "BC");
-   //                  params.init(spec);
-   //              }
-   //              catch (Exception e)
-   //              {
-   //                  throw new RuntimeException(e.getMessage());
-   //              }
-   //          }
-   //
-   //          return params;
-   //      }
-   //  }
-   // END android-removed
+    // BEGIN android-removed
+    // public static class GOST3410
+    //     extends JDKAlgorithmParameterGenerator
+    // {
+    //     protected void engineInit(
+    //             AlgorithmParameterSpec  genParamSpec,
+    //             SecureRandom            random)
+    //     throws InvalidAlgorithmParameterException
+    //     {
+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation.");
+    //     }
+    //    
+    //     protected AlgorithmParameters engineGenerateParameters()
+    //     {
+    //         GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator();
+    //        
+    //         if (random != null)
+    //         {
+    //             pGen.init(strength, 2, random);
+    //         }
+    //         else
+    //         {
+    //             pGen.init(strength, 2, new SecureRandom());
+    //         }
+    //        
+    //         GOST3410Parameters p = pGen.generateParameters();
+    //        
+    //         AlgorithmParameters params;
+    //
+    //         try
+    //         {
+    //             params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME);
+    //             params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA())));
+    //         }
+    //         catch (Exception e)
+    //         {
+    //             throw new RuntimeException(e.getMessage());
+    //         }
+    //
+    //         return params;
+    //     }
+    // }
+    //
+    // public static class ElGamal
+    //     extends JDKAlgorithmParameterGenerator
+    // {
+    //     private int l = 0;
+    //
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec  genParamSpec,
+    //         SecureRandom            random)
+    //         throws InvalidAlgorithmParameterException
+    //     {
+    //         if (!(genParamSpec instanceof DHGenParameterSpec))
+    //         {
+    //             throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation");
+    //         }
+    //         DHGenParameterSpec  spec = (DHGenParameterSpec)genParamSpec;
+    //
+    //         this.strength = spec.getPrimeSize();
+    //         this.l = spec.getExponentSize();
+    //         this.random = random;
+    //     }
+    //
+    //     protected AlgorithmParameters engineGenerateParameters()
+    //     {
+    //         ElGamalParametersGenerator pGen = new ElGamalParametersGenerator();
+    //
+    //         if (random != null)
+    //         {
+    //             pGen.init(strength, 20, random);
+    //         }
+    //         else
+    //         {
+    //             pGen.init(strength, 20, new SecureRandom());
+    //         }
+    //
+    //         ElGamalParameters p = pGen.generateParameters();
+    //
+    //         AlgorithmParameters params;
+    //
+    //         try
+    //         {
+    //             params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME);
+    //             params.init(new DHParameterSpec(p.getP(), p.getG(), l));
+    //         }
+    //         catch (Exception e)
+    //         {
+    //             throw new RuntimeException(e.getMessage());
+    //         }
+    //
+    //         return params;
+    //     }
+    // }
+    //
+    // public static class DES
+    //     extends JDKAlgorithmParameterGenerator
+    // {
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec  genParamSpec,
+    //         SecureRandom            random)
+    //         throws InvalidAlgorithmParameterException
+    //     {
+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
+    //     }
+    //
+    //     protected AlgorithmParameters engineGenerateParameters()
+    //     {
+    //         byte[]  iv = new byte[8];
+    //
+    //         if (random == null)
+    //         {
+    //             random = new SecureRandom();
+    //         }
+    //
+    //         random.nextBytes(iv);
+    //
+    //         AlgorithmParameters params;
+    //
+    //         try
+    //         {
+    //             params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
+    //             params.init(new IvParameterSpec(iv));
+    //         }
+    //         catch (Exception e)
+    //         {
+    //             throw new RuntimeException(e.getMessage());
+    //         }
+    //
+    //         return params;
+    //     }
+    // }
+    //
+    // public static class RC2
+    //     extends JDKAlgorithmParameterGenerator
+    // {
+    //     RC2ParameterSpec    spec = null;
+    //
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec  genParamSpec,
+    //         SecureRandom            random)
+    //         throws InvalidAlgorithmParameterException
+    //     {
+    //         if (genParamSpec instanceof RC2ParameterSpec)
+    //         {
+    //             spec = (RC2ParameterSpec)genParamSpec;
+    //             return;
+    //         }
+    //
+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
+    //     }
+    //
+    //     protected AlgorithmParameters engineGenerateParameters()
+    //     {
+    //         AlgorithmParameters params;
+    //
+    //         if (spec == null)
+    //         {
+    //             byte[]  iv = new byte[8];
+    //
+    //             if (random == null)
+    //             {
+    //                 random = new SecureRandom();
+    //             }
+    //
+    //             random.nextBytes(iv);
+    //
+    //             try
+    //             {
+    //                 params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
+    //                 params.init(new IvParameterSpec(iv));
+    //             }
+    //             catch (Exception e)
+    //             {
+    //                 throw new RuntimeException(e.getMessage());
+    //             }
+    //         }
+    //         else
+    //         {
+    //             try
+    //             {
+    //                 params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
+    //                 params.init(spec);
+    //             }
+    //             catch (Exception e)
+    //             {
+    //                 throw new RuntimeException(e.getMessage());
+    //             }
+    //         }
+    //
+    //         return params;
+    //     }
+    // }
+    // END android-removed
 }
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java b/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java
index 9402743..1c22952 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java
@@ -21,6 +21,7 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.NullDigest;
 import org.bouncycastle.crypto.digests.SHA1Digest;
 // BEGIN android-removed
 // import org.bouncycastle.crypto.digests.SHA224Digest;
@@ -33,7 +34,6 @@
 // BEGIN android-removed
 // import org.bouncycastle.jce.interfaces.GOST3410Key;
 // END android-removed
-import org.bouncycastle.jce.provider.util.NullDigest;
 
 public class JDKDSASigner
     extends SignatureSpi
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java b/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java
index 380dcd1..badeac1 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java
@@ -28,6 +28,7 @@
 // import org.bouncycastle.crypto.digests.MD4Digest;
 // END android-removed
 import org.bouncycastle.crypto.digests.MD5Digest;
+import org.bouncycastle.crypto.digests.NullDigest;
 // BEGIN android-removed
 // import org.bouncycastle.crypto.digests.RIPEMD128Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
@@ -42,7 +43,6 @@
 import org.bouncycastle.crypto.digests.SHA512Digest;
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
-import org.bouncycastle.jce.provider.util.NullDigest;
 
 public class JDKDigestSignature
     extends SignatureSpi
@@ -185,13 +185,13 @@
                 }
             }
         }
-        else if (expected.length == sig.length - 2)  // NULL left out
+        else if (sig.length == expected.length - 2)  // NULL left out
         {
             int sigOffset = sig.length - hash.length - 2;
             int expectedOffset = expected.length - hash.length - 2;
 
-            sig[1] -= 2;      // adjust lengths
-            sig[3] -= 2;
+            expected[1] -= 2;      // adjust lengths
+            expected[3] -= 2;
 
             for (int i = 0; i < hash.length; i++)
             {
@@ -201,7 +201,7 @@
                 }
             }
 
-            for (int i = 0; i < expectedOffset; i++)
+            for (int i = 0; i < sigOffset; i++)
             {
                 if (sig[i] != expected[i])  // check header less NULL
                 {
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java b/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java
index 8ee9a64..3ed5821 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java
@@ -144,6 +144,20 @@
            
            return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG());
        }
+       // BEGIN android-added
+       else if (spec.isAssignableFrom(DSAPublicKeySpec.class) && key instanceof DSAPublicKey)
+       {
+            DSAPublicKey    k = (DSAPublicKey)key;
+
+            return new DSAPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG());
+       }
+       else if (spec.isAssignableFrom(DSAPrivateKeySpec.class) && key instanceof DSAPrivateKey)
+       {
+            DSAPrivateKey    k = (DSAPrivateKey)key;
+
+            return new DSAPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG());
+       }
+       // END android-added
 
        throw new RuntimeException("not implemented yet " + key + " " + spec);
     }
@@ -261,11 +275,11 @@
         {
             return new JDKDSAPublicKey(info);
         }
+        else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
+        {
+            return new JCEECPublicKey(info);
+        }
         // BEGIN android-removed
-        // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-        // {
-        //     return new JCEECPublicKey(info);
-        // }
         // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
         // {
         //     return new JDKGOST3410PublicKey(info);
@@ -307,6 +321,10 @@
         {
               return new JCEDHPrivateKey(info);
         }
+        else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber))
+        {
+              return new JCEDHPrivateKey(info);
+        }
         // BEGIN android-removed
         // else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm))
         // {
@@ -317,11 +335,11 @@
         {
               return new JDKDSAPrivateKey(info);
         }
+        else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
+        {
+              return new JCEECPrivateKey(info);
+        }
         // BEGIN android-removed
-        // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-        // {
-        //       return new JCEECPrivateKey(info);
-        // }
         // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94))
         // {
         //       return new JDKGOST3410PrivateKey(info);
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java b/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
index e6f74c6..1c68095 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
@@ -361,7 +361,7 @@
 
         try
         {
-            CertificateFactory cFact = CertificateFactory.getInstance(type, "BC");
+            CertificateFactory cFact = CertificateFactory.getInstance(type, BouncyCastleProvider.PROVIDER_NAME);
             ByteArrayInputStream bIn = new ByteArrayInputStream(cEnc);
 
             return cFact.generateCertificate(bIn);
@@ -436,11 +436,11 @@
             switch (keyType)
             {
             case KEY_PRIVATE:
-                return KeyFactory.getInstance(algorithm, "BC").generatePrivate(spec);
+                return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePrivate(spec);
             case KEY_PUBLIC:
-                return KeyFactory.getInstance(algorithm, "BC").generatePublic(spec);
+                return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePublic(spec);
             case KEY_SECRET:
-                return SecretKeyFactory.getInstance(algorithm, "BC").generateSecret(spec);
+                return SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generateSecret(spec);
             default:
                 throw new IOException("Key type " + keyType + " not recognised!");
             }
@@ -463,10 +463,10 @@
         try
         {
             PBEKeySpec          pbeSpec = new PBEKeySpec(password);
-            SecretKeyFactory    keyFact = SecretKeyFactory.getInstance(algorithm, "BC");
+            SecretKeyFactory    keyFact = SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME);
             PBEParameterSpec    defParams = new PBEParameterSpec(salt, iterationCount);
 
-            Cipher cipher = Cipher.getInstance(algorithm, "BC");
+            Cipher cipher = Cipher.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME);
 
             cipher.init(mode, keyFact.generateSecret(pbeSpec), defParams);
 
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java b/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
index 205c2bb..9707b05 100644
--- a/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
@@ -7,6 +7,7 @@
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.security.Key;
+import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.KeyStoreSpi;
 import java.security.NoSuchAlgorithmException;
@@ -16,8 +17,11 @@
 import java.security.PublicKey;
 import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
+import java.security.KeyStore.LoadStoreParameter;
+import java.security.KeyStore.ProtectionParameter;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Date;
@@ -46,6 +50,7 @@
 import org.bouncycastle.asn1.DERObject;
 import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERSet;
 import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
@@ -1102,9 +1107,50 @@
         }
     }
 
+    public void engineStore(LoadStoreParameter param) throws IOException,
+            NoSuchAlgorithmException, CertificateException
+    {
+        if (param == null)
+        {
+            throw new IllegalArgumentException("'param' arg cannot be null");
+        }
+
+        if (!(param instanceof JDKPKCS12StoreParameter))
+        {
+            throw new IllegalArgumentException(
+                "No support for 'param' of type " + param.getClass().getName());
+        }
+
+        JDKPKCS12StoreParameter bcParam = (JDKPKCS12StoreParameter)param;
+
+        char[] password;
+        ProtectionParameter protParam = param.getProtectionParameter();
+        if (protParam == null)
+        {
+            password = null;
+        }
+        else if (protParam instanceof KeyStore.PasswordProtection)
+        {
+            password = ((KeyStore.PasswordProtection)protParam).getPassword();
+        }
+        else
+        {
+            throw new IllegalArgumentException(
+                "No support for protection parameter of type " + protParam.getClass().getName());
+        }
+
+        doStore(bcParam.getOutputStream(), password, bcParam.isUseDEREncoding());
+    }
+
     public void engineStore(OutputStream stream, char[] password) 
         throws IOException
     {
+        doStore(stream, password, false);
+    }
+
+    private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) 
+        throws IOException
+    {
         if (password == null)
         {
             throw new NullPointerException("No password supplied for PKCS#12 KeyStore.");
@@ -1432,9 +1478,17 @@
         AuthenticatedSafe   auth = new AuthenticatedSafe(info);
 
         ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
-        BEROutputStream         berOut = new BEROutputStream(bOut);
+        DEROutputStream asn1Out;
+        if (useDEREncoding)
+        {
+            asn1Out = new DEROutputStream(bOut);
+        }
+        else
+        {
+            asn1Out = new BEROutputStream(bOut);
+        }
 
-        berOut.writeObject(auth);
+        asn1Out.writeObject(auth);
 
         byte[]              pkg = bOut.toByteArray();
 
@@ -1473,9 +1527,16 @@
         //
         Pfx                 pfx = new Pfx(mainInfo, mData);
 
-        berOut = new BEROutputStream(stream);
+        if (useDEREncoding)
+        {
+            asn1Out = new DEROutputStream(stream);
+        }
+        else
+        {
+            asn1Out = new BEROutputStream(stream);
+        }
 
-        berOut.writeObject(pfx);
+        asn1Out.writeObject(pfx);
     }
 
     private static byte[] calculatePbeMac(
diff --git a/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java b/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java
new file mode 100644
index 0000000..865481f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java
@@ -0,0 +1,48 @@
+package org.bouncycastle.jce.provider;
+
+import java.io.OutputStream;
+import java.security.KeyStore;
+import java.security.KeyStore.LoadStoreParameter;
+import java.security.KeyStore.ProtectionParameter;
+
+public class JDKPKCS12StoreParameter implements LoadStoreParameter
+{
+    private OutputStream outputStream;
+    private ProtectionParameter protectionParameter;
+    private boolean useDEREncoding;
+
+    public OutputStream getOutputStream()
+    {
+        return outputStream;
+    }
+
+    public ProtectionParameter getProtectionParameter()
+    {
+        return protectionParameter;
+    }
+
+    public boolean isUseDEREncoding()
+    {
+        return useDEREncoding;
+    }
+
+    public void setOutputStream(OutputStream outputStream)
+    {
+        this.outputStream = outputStream;
+    }
+
+    public void setPassword(char[] password)
+    {
+        this.protectionParameter = new KeyStore.PasswordProtection(password);
+    }
+
+    public void setProtectionParameter(ProtectionParameter protectionParameter)
+    {
+        this.protectionParameter = protectionParameter;
+    }
+
+    public void setUseDEREncoding(boolean useDEREncoding)
+    {
+        this.useDEREncoding = useDEREncoding;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java b/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
index 4e77119..984283f 100644
--- a/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
+++ b/src/main/java/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
@@ -1,9 +1,6 @@
 package org.bouncycastle.jce.provider;
 
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-// BEGIN android-added
-import org.bouncycastle.asn1.OrderedTable;
-// END android-added
 import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEREncodable;
 import org.bouncycastle.asn1.ASN1OutputStream;
@@ -20,73 +17,65 @@
 class PKCS12BagAttributeCarrierImpl
     implements PKCS12BagAttributeCarrier
 {
-    // BEGIN android-changed
-    private OrderedTable pkcs12 = new OrderedTable();
-    // END android-changed
+    private Hashtable pkcs12Attributes;
+    private Vector pkcs12Ordering;
 
-    // BEGIN android-removed
-    // PKCS12BagAttributeCarrierImpl(Hashtable attributes, Vector ordering)
-    // {
-    //     this.pkcs12Attributes = attributes;
-    //     this.pkcs12Ordering = ordering;
-    // }
-    // END android-removed
+    PKCS12BagAttributeCarrierImpl(Hashtable attributes, Vector ordering)
+    {
+        this.pkcs12Attributes = attributes;
+        this.pkcs12Ordering = ordering;
+    }
 
     public PKCS12BagAttributeCarrierImpl()
     {
-        // BEGIN android-removed
-        // this(new Hashtable(), new Vector());
-        // END android-removed
+        this(new Hashtable(), new Vector());
     }
 
     public void setBagAttribute(
         DERObjectIdentifier oid,
         DEREncodable        attribute)
     {
-        // BEGIN android-changed
-        // preserve original ordering
-        pkcs12.put(oid, attribute);
-        // END android-changed
+        if (pkcs12Attributes.containsKey(oid))
+        {                           // preserve original ordering
+            pkcs12Attributes.put(oid, attribute);
+        }
+        else
+        {
+            pkcs12Attributes.put(oid, attribute);
+            pkcs12Ordering.addElement(oid);
+        }
     }
 
     public DEREncodable getBagAttribute(
         DERObjectIdentifier oid)
     {
-        // BEGIN android-changed
-        return (DEREncodable)pkcs12.get(oid);
-        // END android-changed
+        return (DEREncodable)pkcs12Attributes.get(oid);
     }
 
     public Enumeration getBagAttributeKeys()
     {
-        // BEGIN android-changed
-        return pkcs12.getKeys();
-        // END android-changed
+        return pkcs12Ordering.elements();
     }
 
     int size()
     {
-        // BEGIN android-changed
-        return pkcs12.size();
-        // END android-changed
+        return pkcs12Ordering.size();
     }
 
-    // BEGIN android-removed
-    // Hashtable getAttributes()
-    // {
-    //     return pkcs12Attributes;
-    // }
-    //
-    // Vector getOrdering()
-    // {
-    //     return pkcs12Ordering;
-    // }
-    // END android-removed
+    Hashtable getAttributes()
+    {
+        return pkcs12Attributes;
+    }
+
+    Vector getOrdering()
+    {
+        return pkcs12Ordering;
+    }
 
     public void writeObject(ObjectOutputStream out)
         throws IOException
     {
-        if (pkcs12.size() == 0)
+        if (pkcs12Ordering.size() == 0)
         {
             out.writeObject(new Hashtable());
             out.writeObject(new Vector());
@@ -103,7 +92,7 @@
                 DERObjectIdentifier    oid = (DERObjectIdentifier)e.nextElement();
 
                 aOut.writeObject(oid);
-                aOut.writeObject(pkcs12.get(oid));
+                aOut.writeObject(pkcs12Attributes.get(oid));
             }
 
             out.writeObject(bOut.toByteArray());
@@ -117,11 +106,8 @@
 
         if (obj instanceof Hashtable)
         {
-            // BEGIN android-changed
-            // we only write out Hashtable/Vector in empty case
-            in.readObject(); // consume empty Vector
-            this.pkcs12 = new OrderedTable();
-            // END android-changed
+            this.pkcs12Attributes = (Hashtable)obj;
+            this.pkcs12Ordering = (Vector)in.readObject();
         }
         else
         {
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
new file mode 100644
index 0000000..c94016d
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
@@ -0,0 +1,155 @@
+package org.bouncycastle.jce.provider;
+
+import java.security.cert.CertStore;
+import java.security.cert.CertStoreException;
+import java.security.cert.PKIXParameters;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.bouncycastle.util.StoreException;
+import org.bouncycastle.x509.ExtendedPKIXParameters;
+import org.bouncycastle.x509.X509CRLStoreSelector;
+import org.bouncycastle.x509.X509Store;
+
+public class PKIXCRLUtil
+{
+    public Set findCRLs(X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate)
+        throws AnnotatedException
+    {
+        Set initialSet = new HashSet();
+
+        // get complete CRL(s)
+        try
+        {
+            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
+            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores()));
+            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
+        }
+        catch (AnnotatedException e)
+        {
+            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
+        }
+
+        Set finalSet = new HashSet();
+        Date validityDate = currentDate;
+
+        if (paramsPKIX.getDate() != null)
+        {
+            validityDate = paramsPKIX.getDate();
+        }
+
+        // based on RFC 5280 6.3.3
+        for (Iterator it = initialSet.iterator(); it.hasNext();)
+        {
+            X509CRL crl = (X509CRL)it.next();
+
+            if (crl.getNextUpdate().after(validityDate))
+            {
+                X509Certificate cert = crlselect.getCertificateChecking();
+
+                if (cert != null)
+                {
+                    if (crl.getThisUpdate().before(cert.getNotAfter()))
+                    {
+                        finalSet.add(crl);
+                    }
+                }
+                else
+                {
+                    finalSet.add(crl);
+                }
+            }
+        }
+
+        return finalSet;
+    }
+
+    public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX)
+        throws AnnotatedException
+    {
+        Set completeSet = new HashSet();
+
+        // get complete CRL(s)
+        try
+        {
+            completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
+        }
+        catch (AnnotatedException e)
+        {
+            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
+        }
+
+        return completeSet;
+    }
+
+/**
+     * Return a Collection of all CRLs found in the X509Store's that are
+     * matching the crlSelect criteriums.
+     *
+     * @param crlSelect a {@link X509CRLStoreSelector} object that will be used
+     *            to select the CRLs
+     * @param crlStores a List containing only
+     *            {@link org.bouncycastle.x509.X509Store  X509Store} objects.
+     *            These are used to search for CRLs
+     *
+     * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be
+     *         empty but never <code>null</code>.
+     */
+    private final Collection findCRLs(X509CRLStoreSelector crlSelect,
+        List crlStores) throws AnnotatedException
+    {
+        Set crls = new HashSet();
+        Iterator iter = crlStores.iterator();
+
+        AnnotatedException lastException = null;
+        boolean foundValidStore = false;
+
+        while (iter.hasNext())
+        {
+            Object obj = iter.next();
+
+            if (obj instanceof X509Store)
+            {
+                X509Store store = (X509Store)obj;
+
+                try
+                {
+                    crls.addAll(store.getMatches(crlSelect));
+                    foundValidStore = true;
+                }
+                catch (StoreException e)
+                {
+                    lastException = new AnnotatedException(
+                        "Exception searching in X.509 CRL store.", e);
+                }
+            }
+            else
+            {
+                CertStore store = (CertStore)obj;
+
+                try
+                {
+                    crls.addAll(store.getCRLs(crlSelect));
+                    foundValidStore = true;
+                }
+                catch (CertStoreException e)
+                {
+                    lastException = new AnnotatedException(
+                        "Exception searching in X.509 CRL store.", e);
+                }
+            }
+        }
+        if (!foundValidStore && lastException != null)
+        {
+            throw lastException;
+        }
+        return crls;
+    }
+
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java
index 8c8969a..af4b8ab 100644
--- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java
+++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java
@@ -179,7 +179,7 @@
                 }
                 Enumeration e = ((ASN1Sequence)derObject).getObjects();
                 certificates = new ArrayList();
-                CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "BC");
+                CertificateFactory certFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
                 while (e.hasMoreElements())
                 {
                     ASN1Encodable element = (ASN1Encodable)e.nextElement();
@@ -192,7 +192,7 @@
             {
                 inStream = new BufferedInputStream(inStream);
                 certificates = new ArrayList();
-                CertificateFactory certFactory= CertificateFactory.getInstance("X.509", "BC");
+                CertificateFactory certFactory= CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
                 Certificate cert;
                 while ((cert = certFactory.generateCertificate(inStream)) != null)
                 {
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
index 05bba8e..384eb86 100644
--- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
+++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
@@ -1,10 +1,5 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
-import org.bouncycastle.x509.X509CertStoreSelector;
-
 import java.security.InvalidAlgorithmParameterException;
 import java.security.cert.CertPath;
 import java.security.cert.CertPathBuilderException;
@@ -24,6 +19,11 @@
 import java.util.Iterator;
 import java.util.List;
 
+import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
+import org.bouncycastle.util.Selector;
+import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
+import org.bouncycastle.x509.X509CertStoreSelector;
+
 /**
  * Implements the PKIX CertPathBuilding algorithm for BouncyCastle.
  * 
@@ -160,8 +160,8 @@
 
         try
         {
-            cFact = CertificateFactory.getInstance("X.509", "BC");
-            validator = CertPathValidator.getInstance("PKIX", "BC");
+            cFact = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
+            validator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
         }
         catch (Exception e)
         {
@@ -172,9 +172,8 @@
         try
         {
             // check whether the issuer of <tbvCert> is a TrustAnchor
-            // BEGIN android-changed
-            if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams) != null)
-                // END android-changed
+            if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(),
+                pkixParams.getSigProvider()) != null)
             {
                 // exception message from possibly later tried certification
                 // chains
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
index 20ce6a4..fb698f9 100644
--- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
@@ -24,10 +24,6 @@
 
 import javax.security.auth.x500.X500Principal;
 
-// BEGIN android-added
-import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters;
-
-// END android-added
 import org.bouncycastle.asn1.DEREncodable;
 import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -76,6 +72,14 @@
         // Issuer: CN=Entrust.net
         {(byte)0xe2, (byte)0x3b, (byte)0x8d, (byte)0x10, (byte)0x5f, (byte)0x87, (byte)0x71, (byte)0x0a, (byte)0x68, (byte)0xd9,
          (byte)0x24, (byte)0x80, (byte)0x50, (byte)0xeb, (byte)0xef, (byte)0xc6, (byte)0x27, (byte)0xbe, (byte)0x4c, (byte)0xa6},
+        // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
+        // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
+        {(byte)0x7b, (byte)0x2e, (byte)0x16, (byte)0xbc, (byte)0x39, (byte)0xbc, (byte)0xd7, (byte)0x2b, (byte)0x45, (byte)0x6e,
+         (byte)0x9f, (byte)0x05, (byte)0x5d, (byte)0x1d, (byte)0xe6, (byte)0x15, (byte)0xb7, (byte)0x49, (byte)0x45, (byte)0xdb},
+        // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
+        // Issuer: CN=Staat der Nederlanden Overheid CA
+        {(byte)0xe8, (byte)0xf9, (byte)0x12, (byte)0x00, (byte)0xc6, (byte)0x5c, (byte)0xee, (byte)0x16, (byte)0xe0, (byte)0x39,
+         (byte)0xb9, (byte)0xf8, (byte)0x83, (byte)0x84, (byte)0x16, (byte)0x61, (byte)0x63, (byte)0x5f, (byte)0x81, (byte)0xc5},
     };
 
     private static boolean isPublicKeyBlackListed(PublicKey publicKey) {
@@ -107,18 +111,6 @@
                     + " instance.");
         }
 
-        // BEGIN android-added
-        IndexedPKIXParameters indexedParams;
-        if (params instanceof IndexedPKIXParameters)
-        {
-            indexedParams = (IndexedPKIXParameters)params;
-        }
-        else
-        {
-            indexedParams = null;
-        }
-
-        // END android-added
         ExtendedPKIXParameters paramsPKIX;
         if (params instanceof ExtendedPKIXParameters)
         {
@@ -179,15 +171,10 @@
         // (d)
         // 
         TrustAnchor trust;
-        // BEGIN android-added
-        X509Certificate lastCert = (X509Certificate) certs.get(certs.size() - 1);
-        // END android-added
         try
         {
-            // BEGIN android-changed
-            trust = CertPathValidatorUtilities.findTrustAnchor(lastCert,
-                    indexedParams != null ? indexedParams : paramsPKIX);
-            // END android-changed
+            trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1),
+                    paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider());
         }
         catch (AnnotatedException e)
         {
@@ -283,25 +270,12 @@
         X500Principal workingIssuerName;
 
         X509Certificate sign = trust.getTrustedCert();
-        // BEGIN android-added
-        boolean trustAnchorInChain = false;
-        // END android-added
         try
         {
             if (sign != null)
             {
                 workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
                 workingPublicKey = sign.getPublicKey();
-                // BEGIN android-added
-                // There is similar code in CertPathValidatorUtilities.
-                try {
-                    byte[] trustBytes = sign.getEncoded();
-                    byte[] certBytes = lastCert.getEncoded();
-                    trustAnchorInChain = Arrays.equals(trustBytes, certBytes);
-                } catch(Exception e) {
-                    // ignore, continue with trustAnchorInChain being false
-                }
-                // END android-added
             }
             else
             {
@@ -387,10 +361,8 @@
             // 6.1.3
             //
 
-            // BEGIN android-changed
             RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey,
-                verificationAlreadyPerformed, workingIssuerName, sign, i, trustAnchorInChain);
-            // END android-changed
+                verificationAlreadyPerformed, workingIssuerName, sign);
 
             RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator);
 
@@ -407,18 +379,11 @@
 
             if (i != n)
             {
-                // BEGIN android-added
-                if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-                {
-                // END android-added
                 if (cert != null && cert.getVersion() == 1)
                 {
                     throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null,
                             certPath, index);
                 }
-                // BEGIN android-added
-                }
-                // END android-added
 
                 RFC3280CertPathUtilities.prepareNextCertA(certPath, index);
 
@@ -442,9 +407,7 @@
                 inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy);
 
                 // (k)
-                // BEGIN android-changed
-                RFC3280CertPathUtilities.prepareNextCertK(certPath, index, i, trustAnchorInChain);
-                // END android-changed
+                RFC3280CertPathUtilities.prepareNextCertK(certPath, index);
 
                 // (l)
                 maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength);
diff --git a/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java b/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java
index b4f700d..6060ad4 100644
--- a/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java
+++ b/src/main/java/org/bouncycastle/jce/provider/ProviderUtil.java
@@ -1,97 +1,87 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.jce.ProviderConfigurationPermission;
-// BEGIN android-removed
-// import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
-// END android-removed
-import org.bouncycastle.jce.interfaces.ConfigurableProvider;
-// BEGIN android-removed
-// import org.bouncycastle.jce.spec.ECParameterSpec;
-// END android-removed
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.Permission;
 
+import org.bouncycastle.jce.ProviderConfigurationPermission;
+import org.bouncycastle.jce.interfaces.ConfigurableProvider;
+import org.bouncycastle.jce.provider.asymmetric.ec.EC5Util;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+
 public class ProviderUtil
 {
     private static final long  MAX_MEMORY = Runtime.getRuntime().maxMemory();
 
     private static Permission BC_EC_LOCAL_PERMISSION = new ProviderConfigurationPermission(
-                                                   "BC", ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA);
+                                                   BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA);
     private static Permission BC_EC_PERMISSION = new ProviderConfigurationPermission(
-                                                   "BC", ConfigurableProvider.EC_IMPLICITLY_CA);
+                                                   BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.EC_IMPLICITLY_CA);
 
     private static ThreadLocal threadSpec = new ThreadLocal();
-    // BEGIN android-removed
-    // private static volatile ECParameterSpec ecImplicitCaParams;
-    // END android-removed
+    private static volatile ECParameterSpec ecImplicitCaParams;
 
     static void setParameter(String parameterName, Object parameter)
     {
         SecurityManager securityManager = System.getSecurityManager();
 
-        // BEGIN android-removed
-        // if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA))
-        // {
-        //     ECParameterSpec curveSpec;
-        //
-        //     if (securityManager != null)
-        //     {
-        //         securityManager.checkPermission(BC_EC_LOCAL_PERMISSION);
-        //     }
-        //
-        //     if (parameter instanceof ECParameterSpec || parameter == null)
-        //     {
-        //         curveSpec = (ECParameterSpec)parameter;
-        //     }
-        //     else  // assume java.security.spec
-        //     {
-        //         curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
-        //     }
-        //
-        //     if (curveSpec == null)
-        //     {
-        //         threadSpec.remove();
-        //     }
-        //     else
-        //     {
-        //         threadSpec.set(curveSpec);
-        //     }
-        // }
-        // else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA))
-        // {
-        //     if (securityManager != null)
-        //     {
-        //         securityManager.checkPermission(BC_EC_PERMISSION);
-        //     }
-        //
-        //     if (parameter instanceof ECParameterSpec || parameter == null)
-        //     {
-        //         ecImplicitCaParams = (ECParameterSpec)parameter;
-        //     }
-        //     else  // assume java.security.spec
-        //     {
-        //         ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
-        //     }
-        // }
-        // END android-removed
+        if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA))
+        {
+            ECParameterSpec curveSpec;
+
+            if (securityManager != null)
+            {
+                securityManager.checkPermission(BC_EC_LOCAL_PERMISSION);
+            }
+
+            if (parameter instanceof ECParameterSpec || parameter == null)
+            {
+                curveSpec = (ECParameterSpec)parameter;
+            }
+            else  // assume java.security.spec
+            {
+                curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
+            }
+
+            if (curveSpec == null)
+            {
+                threadSpec.remove();
+            }
+            else
+            {
+                threadSpec.set(curveSpec);
+            }
+        }
+        else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA))
+        {
+            if (securityManager != null)
+            {
+                securityManager.checkPermission(BC_EC_PERMISSION);
+            }
+
+            if (parameter instanceof ECParameterSpec || parameter == null)
+            {
+                ecImplicitCaParams = (ECParameterSpec)parameter;
+            }
+            else  // assume java.security.spec
+            {
+                ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false);
+            }
+        }
     }
 
-    // BEGIN android-removed
-    // public static ECParameterSpec getEcImplicitlyCa()
-    // {
-    //     ECParameterSpec spec = (ECParameterSpec)threadSpec.get();
-    //
-    //     if (spec != null)
-    //     {
-    //         return spec;
-    //     }
-    //
-    //     return ecImplicitCaParams;
-    // }
-    // END android-removed
+    public static ECParameterSpec getEcImplicitlyCa()
+    {
+        ECParameterSpec spec = (ECParameterSpec)threadSpec.get();
+
+        if (spec != null)
+        {
+            return spec;
+        }
+
+        return ecImplicitCaParams;
+    }
 
     static int getReadLimit(InputStream in)
         throws IOException
diff --git a/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
index 921ed3b..ef3baaa 100644
--- a/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
+++ b/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
@@ -59,6 +59,7 @@
 
 public class RFC3280CertPathUtilities
 {
+    private static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil();
 
     /**
      * If the complete CRL includes an issuing distribution point (IDP) CRL
@@ -491,7 +492,7 @@
             }
             try
             {
-                CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
+                CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
                 selector = new X509CertStoreSelector();
                 selector.setCertificate(signingCert);
                 ExtendedPKIXParameters temp = (ExtendedPKIXParameters)paramsPKIX.clone();
@@ -678,20 +679,10 @@
         X509CRL crl)
         throws AnnotatedException
     {
-        Set completeSet = new HashSet();
         Set deltaSet = new HashSet();
         X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
         crlselect.setCertificateChecking(cert);
 
-        if (paramsPKIX.getDate() != null)
-        {
-            crlselect.setDateAndTime(paramsPKIX.getDate());
-        }
-        else
-        {
-            crlselect.setDateAndTime(currentDate);
-        }
-
         try
         {
             crlselect.addIssuerName(crl.getIssuerX500Principal().getEncoded());
@@ -702,18 +693,8 @@
         }
 
         crlselect.setCompleteCRLEnabled(true);
+        Set completeSet = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
 
-        // get complete CRL(s)
-        try
-        {
-            completeSet.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
-            completeSet.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getStores()));
-            completeSet.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getCertStores()));
-        }
-        catch (AnnotatedException e)
-        {
-            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
-        }
         if (paramsPKIX.isUseDeltasEnabled())
         {
             // get delta CRL(s)
@@ -732,6 +713,8 @@
                 deltaSet};
     }
 
+
+
     /**
      * If use-deltas is set, verify the issuer and scope of the delta CRL.
      *
@@ -1471,11 +1454,7 @@
         PublicKey workingPublicKey,
         boolean verificationAlreadyPerformed,
         X500Principal workingIssuerName,
-        X509Certificate sign,
-        // BEGIN android-added
-        int i, 
-        boolean trustAnchorInChain)
-        // END android-added
+        X509Certificate sign)
         throws ExtCertPathValidatorException
     {
         List certs = certPath.getCertificates();
@@ -1489,15 +1468,8 @@
             {
                 // (a) (1)
                 //
-                // BEGIN android-added
-                if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-                {
-                // END android-added
                 CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey,
                     paramsPKIX.getSigProvider());
-                // BEGIN android-added
-                }
-                // END android-added
             }
             catch (GeneralSecurityException e)
             {
@@ -1594,7 +1566,7 @@
                     ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
                     if (constraint.getTagNo() == 0)
                     {
-                        tmpInt = DERInteger.getInstance(constraint).getValue().intValue();
+                        tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                         if (tmpInt < explicitPolicy)
                         {
                             return tmpInt;
@@ -1648,7 +1620,7 @@
                     ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
                     if (constraint.getTagNo() == 1)
                     {
-                        tmpInt = DERInteger.getInstance(constraint).getValue().intValue();
+                        tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                         if (tmpInt < policyMapping)
                         {
                             return tmpInt;
@@ -2088,11 +2060,7 @@
 
     protected static void prepareNextCertK(
         CertPath certPath,
-        int index,
-        // BEGIN android-added
-        int i, 
-        boolean trustAnchorInChain)
-        // END android-added
+        int index)
         throws CertPathValidatorException
     {
         List certs = certPath.getCertificates();
@@ -2120,14 +2088,7 @@
         }
         else
         {
-            // BEGIN android-added
-            if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-            {
-            // END android-added
             throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
-            // BEGIN android-added
-            }
-            // END android-added
         }
     }
 
@@ -2365,7 +2326,7 @@
         }
         catch (AnnotatedException e)
         {
-            throw new ExtCertPathValidatorException("Policy constraints could no be decoded.", e, certPath, index);
+            throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e, certPath, index);
         }
         if (pc != null)
         {
@@ -2379,12 +2340,12 @@
                     case 0:
                         try
                         {
-                            tmpInt = DERInteger.getInstance(constraint).getValue().intValue();
+                            tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
                         }
                         catch (Exception e)
                         {
                             throw new ExtCertPathValidatorException(
-                                "Policy constraints requireExplicitPolicy field could no be decoded.", e, certPath,
+                                "Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath,
                                 index);
                         }
                         if (tmpInt == 0)
diff --git a/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java b/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java
index aa50406..1a5808b 100644
--- a/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java
+++ b/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java
@@ -1,23 +1,18 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.Wrapper;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.engines.DESedeWrapEngine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.RC2WrapEngine;
-// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-// END android-removed
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -32,19 +27,22 @@
 // import javax.crypto.spec.RC5ParameterSpec;
 // END android-removed
 import javax.crypto.spec.SecretKeySpec;
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.Wrapper;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RC2WrapEngine;
+// END android-removed
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
 
 public abstract class WrapCipherSpi extends CipherSpi
     implements PBE
@@ -368,20 +366,17 @@
 
                 DERObjectIdentifier  oid = in.getAlgorithmId().getObjectId();
 
+                if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey))
+                {
+                    privKey = new JCEECPrivateKey(in);
+                }
                 // BEGIN android-removed
-                // if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey))
-                // {
-                //     privKey = new JCEECPrivateKey(in);
-                // }
                 // else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94))
                 // {
                 //     privKey = new JDKGOST3410PrivateKey(in);
                 // }
-                // else if (oid.equals(X9ObjectIdentifiers.id_dsa))
                 // END android-removed
-                // BEGIN android-added
-                if (oid.equals(X9ObjectIdentifiers.id_dsa))
-                // END android-added
+                else if (oid.equals(X9ObjectIdentifiers.id_dsa))
                 {
                     privKey = new JDKDSAPrivateKey(in);
                 }
@@ -409,7 +404,7 @@
         {
             try
             {
-                KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, "BC");
+                KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME);
 
                 if (wrappedKeyType == Cipher.PUBLIC_KEY)
                 {
@@ -443,17 +438,6 @@
     // classes that inherit directly from us
     //
 
-
-
-    public static class DESEDEWrap
-        extends WrapCipherSpi
-    {
-        public DESEDEWrap()
-        {
-            super(new DESedeWrapEngine());
-        }
-    }
-
     // BEGIN android-removed
     // public static class RC2Wrap
     //     extends WrapCipherSpi
@@ -463,14 +447,5 @@
     //         super(new RC2WrapEngine());
     //     }
     // }
-    //
-    // public static class RFC3211DESedeWrap
-    //     extends WrapCipherSpi
-    // {
-    //     public RFC3211DESedeWrap()
-    //     {
-    //         super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-    //     }
-    // }
     // END android-removed
 }
diff --git a/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java b/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java
index b86833a..1a073e0 100644
--- a/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java
+++ b/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java
@@ -1,22 +1,5 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREnumerated;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.util.ASN1Dump;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-import javax.security.auth.x500.X500Principal;
-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CRLException;
@@ -26,6 +9,22 @@
 import java.util.HashSet;
 import java.util.Set;
 
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DEREnumerated;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.util.ASN1Dump;
+import org.bouncycastle.asn1.x509.CRLReason;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.TBSCertList;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
+
 /**
  * The following extensions are listed in RFC 2459 as relevant to CRL Entries
  * 
diff --git a/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java b/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
index b196f3d..956c58b 100644
--- a/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
+++ b/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
@@ -1,25 +1,5 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.util.ASN1Dump;
-import org.bouncycastle.asn1.x509.CRLDistPoint;
-import org.bouncycastle.asn1.x509.CRLNumber;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-import javax.security.auth.x500.X500Principal;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.math.BigInteger;
@@ -35,12 +15,32 @@
 import java.security.cert.X509CRL;
 import java.security.cert.X509CRLEntry;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
-import java.util.Collections;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.util.ASN1Dump;
+import org.bouncycastle.asn1.x509.CRLDistPoint;
+import org.bouncycastle.asn1.x509.CRLNumber;
+import org.bouncycastle.asn1.x509.CertificateList;
+import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
+import org.bouncycastle.asn1.x509.TBSCertList;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
 
 /**
  * The following extensions are listed in RFC 2459 as relevant to CRLs
@@ -185,7 +185,7 @@
         throws CRLException,  NoSuchAlgorithmException,
             InvalidKeyException, NoSuchProviderException, SignatureException
     {
-        verify(key, "BC");
+        verify(key, BouncyCastleProvider.PROVIDER_NAME);
     }
 
     public void verify(PublicKey key, String sigProvider)
diff --git a/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
index e81211e..d52386a 100644
--- a/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
+++ b/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
@@ -1,31 +1,5 @@
 package org.bouncycastle.jce.provider;
 
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OutputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
-import org.bouncycastle.asn1.misc.NetscapeCertType;
-import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
-import org.bouncycastle.asn1.misc.VerisignCzagExtension;
-import org.bouncycastle.asn1.util.ASN1Dump;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.encoders.Hex;
-
-import javax.security.auth.x500.X500Principal;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.math.BigInteger;
@@ -53,6 +27,34 @@
 import java.util.List;
 import java.util.Set;
 
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1OutputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERIA5String;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
+import org.bouncycastle.asn1.misc.NetscapeCertType;
+import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
+import org.bouncycastle.asn1.misc.VerisignCzagExtension;
+import org.bouncycastle.asn1.util.ASN1Dump;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.X509CertificateStructure;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+
 public class X509CertificateObject
     extends X509Certificate
     implements PKCS12BagAttributeCarrier
@@ -222,7 +224,7 @@
      */
     public String getSigAlgName()
     {
-        Provider    prov = Security.getProvider("BC");
+        Provider    prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
 
         if (prov != null)
         {
@@ -546,19 +548,19 @@
         {
             return true;
         }
-        
+
         if (!(o instanceof Certificate))
         {
             return false;
         }
 
         Certificate other = (Certificate)o;
-        
+
         try
         {
             byte[] b1 = this.getEncoded();
             byte[] b2 = other.getEncoded();
-            
+
             return Arrays.areEqual(b1, b2);
         }
         catch (CertificateEncodingException e)
@@ -582,7 +584,13 @@
     {
         try
         {
-            return Arrays.hashCode(this.getEncoded());
+            int hashCode = 0;
+            byte[] certData = this.getEncoded();
+            for (int i = 1; i < certData.length; i++)
+            {
+                 hashCode += certData[i] * i;
+            }
+            return hashCode;
         }
         catch (CertificateEncodingException e)
         {
@@ -714,7 +722,7 @@
 
         try
         {
-            signature = Signature.getInstance(sigName, "BC");
+            signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME);
         }
         catch (Exception e)
         {
@@ -742,7 +750,7 @@
         throws CertificateException, NoSuchAlgorithmException, 
             SignatureException, InvalidKeyException
     {
-        if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+        if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature()))
         {
             throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
         }
@@ -761,4 +769,34 @@
             throw new InvalidKeyException("Public key presented not for certificate signature");
         }
     }
+
+    private boolean isAlgIdEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2)
+    {
+        if (!id1.getObjectId().equals(id2.getObjectId()))
+        {
+            return false;
+        }
+
+        if (id1.getParameters() == null)
+        {
+            if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE))
+            {
+                return false;
+            }
+
+            return true;
+        }
+
+        if (id2.getParameters() == null)
+        {
+            if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE))
+            {
+                return false;
+            }
+
+            return true;
+        }
+        
+        return id1.getParameters().equals(id2.getParameters());
+    }
 }
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java
new file mode 100644
index 0000000..5d873f9
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/EC.java
@@ -0,0 +1,117 @@
+package org.bouncycastle.jce.provider.asymmetric;
+
+import java.util.HashMap;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+
+public class EC
+{
+    public static class Mappings
+        extends HashMap
+    {
+        public Mappings()
+        {
+            put("KeyAgreement.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DH");
+            // BEGIN android-removed
+            // put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHC");
+            // put("KeyAgreement.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQV");
+            // put("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$DHwithSHA1KDF");
+            // put("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "org.bouncycastle.jce.provider.asymmetric.ec.KeyAgreement$MQVwithSHA1KDF");
+            // END android-removed
+
+            put("KeyFactory.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$EC");
+            // BEGIN android-removed
+            // put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDSA");
+            // put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDH");
+            // put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECDHC");
+            // put("KeyFactory.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECMQV");
+            // END android-removed
+            put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.id_ecPublicKey, "EC");
+            // TODO Should this be an alias for ECDH?
+            put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+            // BEGIN android-removed
+            // put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
+            //
+            // put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory$ECGOST3410");
+            // put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410");
+            // put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410");
+            // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
+            // END android-removed
+
+            put("KeyPairGenerator.EC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC");
+            // BEGIN android-removed
+            // put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDSA");
+            // put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
+            // put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDHC");
+            // put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECDH");
+            // put("KeyPairGenerator.ECMQV", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECMQV");
+            // END android-removed
+            // TODO Should this be an alias for ECDH?
+            put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+            // BEGIN android-removed
+            // put("Alg.Alias.KeyPairGenerator." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV");
+            //
+            // put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$ECGOST3410");
+            // put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410");
+            // put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410");
+            // END android-removed
+
+            put("Signature.ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA");
+            put("Signature.NONEwithECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSAnone");
+
+            put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA");
+            put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA");
+            put("Alg.Alias.Signature.SHA1WITHECDSA", "ECDSA");
+            put("Alg.Alias.Signature.ECDSAWITHSHA1", "ECDSA");
+            put("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA");
+            put("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA");
+            put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA");
+            // BEGIN android-removed
+            // put("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
+            //
+            // addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
+            // END android-removed
+            addSignatureAlgorithm("SHA256", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
+            addSignatureAlgorithm("SHA384", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
+            addSignatureAlgorithm("SHA512", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
+            // BEGIN android-removed
+            // addSignatureAlgorithm("RIPEMD160", "ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
+            //
+            // put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR");
+            // put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR224");
+            // put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR256");
+            // put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR384");
+            // put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecNR512");
+            //
+            // addSignatureAlgorithm("SHA1", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+            // addSignatureAlgorithm("SHA224", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+            // addSignatureAlgorithm("SHA256", "CVC-ECDSA", "org.bouncycastle.jce.provider.asymmetric.ec.Signature$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+            // END android-removed
+        }
+
+        private void addSignatureAlgorithm(
+            String digest,
+            String algorithm,
+            String className,
+            DERObjectIdentifier oid)
+        {
+            String mainName = digest + "WITH" + algorithm;
+            String jdk11Variation1 = digest + "with" + algorithm;
+            String jdk11Variation2 = digest + "With" + algorithm;
+            String alias = digest + "/" + algorithm;
+
+            put("Signature." + mainName, className);
+            put("Alg.Alias.Signature." + jdk11Variation1, mainName);
+            put("Alg.Alias.Signature." + jdk11Variation2, mainName);
+            put("Alg.Alias.Signature." + alias, mainName);
+            put("Alg.Alias.Signature." + oid, mainName);
+            put("Alg.Alias.Signature.OID." + oid, mainName);
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/EC5Util.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/EC5Util.java
new file mode 100644
index 0000000..b693613
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/EC5Util.java
@@ -0,0 +1,123 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import java.math.BigInteger;
+import java.security.spec.ECField;
+import java.security.spec.ECFieldF2m;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.EllipticCurve;
+
+import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.bouncycastle.math.ec.ECCurve;
+
+public class EC5Util
+{
+    public static EllipticCurve convertCurve(
+        ECCurve curve, 
+        byte[]  seed)
+    {
+        // TODO: the Sun EC implementation doesn't currently handle the seed properly
+        // so at the moment it's set to null. Should probably look at making this configurable
+        if (curve instanceof ECCurve.Fp)
+        {
+            return new EllipticCurve(new ECFieldFp(((ECCurve.Fp)curve).getQ()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null);
+        }
+        else
+        {
+            ECCurve.F2m curveF2m = (ECCurve.F2m)curve;
+            int ks[];
+            
+            if (curveF2m.isTrinomial())
+            {
+                ks = new int[] { curveF2m.getK1() };
+                
+                return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null);
+            }
+            else
+            {
+                ks = new int[] { curveF2m.getK3(), curveF2m.getK2(), curveF2m.getK1() };
+                
+                return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null);
+            } 
+        }
+    }
+
+    public static ECCurve convertCurve(
+        EllipticCurve ec)
+    {
+        ECField field = ec.getField();
+        BigInteger a = ec.getA();
+        BigInteger b = ec.getB();
+
+        if (field instanceof ECFieldFp)
+        {
+            return new ECCurve.Fp(((ECFieldFp)field).getP(), a, b);
+        }
+        else
+        {
+            ECFieldF2m fieldF2m = (ECFieldF2m)field;
+            int m = fieldF2m.getM();
+            int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial());
+            return new ECCurve.F2m(m, ks[0], ks[1], ks[2], a, b); 
+        }
+    }
+
+    public static ECParameterSpec convertSpec(
+        EllipticCurve ellipticCurve,
+        org.bouncycastle.jce.spec.ECParameterSpec spec)
+    {
+        if (spec instanceof ECNamedCurveParameterSpec)
+        {
+            return new ECNamedCurveSpec(
+                ((ECNamedCurveParameterSpec)spec).getName(),
+                ellipticCurve,
+                new ECPoint(
+                    spec.getG().getX().toBigInteger(),
+                    spec.getG().getY().toBigInteger()),
+                spec.getN(),
+                spec.getH());
+        }
+        else
+        {
+            return new ECParameterSpec(
+                ellipticCurve,
+                new ECPoint(
+                    spec.getG().getX().toBigInteger(),
+                    spec.getG().getY().toBigInteger()),
+                spec.getN(),
+                spec.getH().intValue());
+        }
+    }
+
+    public static org.bouncycastle.jce.spec.ECParameterSpec convertSpec(
+        ECParameterSpec ecSpec,
+        boolean withCompression)
+    {
+        ECCurve curve = convertCurve(ecSpec.getCurve());
+
+        return new org.bouncycastle.jce.spec.ECParameterSpec(
+            curve,
+            convertPoint(curve, ecSpec.getGenerator(), withCompression),
+            ecSpec.getOrder(),
+            BigInteger.valueOf(ecSpec.getCofactor()),
+            ecSpec.getCurve().getSeed());
+    }
+
+    public static org.bouncycastle.math.ec.ECPoint convertPoint(
+        ECParameterSpec ecSpec,
+        ECPoint point,
+        boolean withCompression)
+    {
+        return convertPoint(convertCurve(ecSpec.getCurve()), point, withCompression);
+    }
+
+    public static org.bouncycastle.math.ec.ECPoint convertPoint(
+        ECCurve curve,
+        ECPoint point,
+        boolean withCompression)
+    {
+        return curve.createPoint(point.getAffineX(), point.getAffineY(), withCompression);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java
new file mode 100644
index 0000000..088dfad
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java
@@ -0,0 +1,238 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.jce.interfaces.ECPrivateKey;
+import org.bouncycastle.jce.interfaces.ECPublicKey;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+import org.bouncycastle.jce.provider.ProviderUtil;
+import org.bouncycastle.jce.provider.JCEECPublicKey;
+
+import java.security.InvalidKeyException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+/**
+ * utility class for converting jce/jca ECDSA, ECDH, and ECDHC
+ * objects into their org.bouncycastle.crypto counterparts.
+ */
+public class ECUtil
+{
+    /**
+     * Returns a sorted array of middle terms of the reduction polynomial.
+     * @param k The unsorted array of middle terms of the reduction polynomial
+     * of length 1 or 3.
+     * @return the sorted array of middle terms of the reduction polynomial.
+     * This array always has length 3.
+     */
+    static int[] convertMidTerms(
+        int[] k)
+    {
+        int[] res = new int[3];
+        
+        if (k.length == 1)
+        {
+            res[0] = k[0];
+        }
+        else
+        {
+            if (k.length != 3)
+            {
+                throw new IllegalArgumentException("Only Trinomials and pentanomials supported");
+            }
+
+            if (k[0] < k[1] && k[0] < k[2])
+            {
+                res[0] = k[0];
+                if (k[1] < k[2])
+                {
+                    res[1] = k[1];
+                    res[2] = k[2];
+                }
+                else
+                {
+                    res[1] = k[2];
+                    res[2] = k[1];
+                }
+            }
+            else if (k[1] < k[2])
+            {
+                res[0] = k[1];
+                if (k[0] < k[2])
+                {
+                    res[1] = k[0];
+                    res[2] = k[2];
+                }
+                else
+                {
+                    res[1] = k[2];
+                    res[2] = k[0];
+                }
+            }
+            else
+            {
+                res[0] = k[2];
+                if (k[0] < k[1])
+                {
+                    res[1] = k[0];
+                    res[2] = k[1];
+                }
+                else
+                {
+                    res[1] = k[1];
+                    res[2] = k[0];
+                }
+            }
+        }
+
+        return res;
+    }
+
+    public static AsymmetricKeyParameter generatePublicKeyParameter(
+        PublicKey    key)
+        throws InvalidKeyException
+    {
+        if (key instanceof ECPublicKey)
+        {
+            ECPublicKey    k = (ECPublicKey)key;
+            ECParameterSpec s = k.getParameters();
+
+            if (s == null)
+            {
+                s = ProviderUtil.getEcImplicitlyCa();
+
+                return new ECPublicKeyParameters(
+                            ((JCEECPublicKey)k).engineGetQ(),
+                            new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
+            }
+            else
+            {
+                return new ECPublicKeyParameters(
+                            k.getQ(),
+                            new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
+            }
+        }
+        else if (key instanceof java.security.interfaces.ECPublicKey)
+        {
+            java.security.interfaces.ECPublicKey pubKey = (java.security.interfaces.ECPublicKey)key;
+            ECParameterSpec s = EC5Util.convertSpec(pubKey.getParams(), false);
+            return new ECPublicKeyParameters(
+                EC5Util.convertPoint(pubKey.getParams(), pubKey.getW(), false),
+                            new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
+        }
+
+        throw new InvalidKeyException("cannot identify EC public key.");
+    }
+
+    public static AsymmetricKeyParameter generatePrivateKeyParameter(
+        PrivateKey    key)
+        throws InvalidKeyException
+    {
+        if (key instanceof ECPrivateKey)
+        {
+            ECPrivateKey  k = (ECPrivateKey)key;
+            ECParameterSpec s = k.getParameters();
+
+            if (s == null)
+            {
+                s = ProviderUtil.getEcImplicitlyCa();
+            }
+
+            return new ECPrivateKeyParameters(
+                            k.getD(),
+                            new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
+        }
+                        
+        throw new InvalidKeyException("can't identify EC private key.");
+    }
+
+    public static DERObjectIdentifier getNamedCurveOid(
+        String name)
+    {
+        DERObjectIdentifier oid = X962NamedCurves.getOID(name);
+        
+        if (oid == null)
+        {
+            oid = SECNamedCurves.getOID(name);
+            if (oid == null)
+            {
+                oid = NISTNamedCurves.getOID(name);
+            }
+            // BEGIN android-removed
+            // if (oid == null)
+            // {
+            //     oid = TeleTrusTNamedCurves.getOID(name);
+            // }
+            // if (oid == null)
+            // {
+            //     oid = ECGOST3410NamedCurves.getOID(name);
+            // }
+            // END android-removed
+        }
+
+        return oid;
+    }
+    
+    public static X9ECParameters getNamedCurveByOid(
+        DERObjectIdentifier oid)
+    {
+        X9ECParameters params = X962NamedCurves.getByOID(oid);
+        
+        if (params == null)
+        {
+            params = SECNamedCurves.getByOID(oid);
+            if (params == null)
+            {
+                params = NISTNamedCurves.getByOID(oid);
+            }
+            // BEGIN android-removed
+            // if (params == null)
+            // {
+            //     params = TeleTrusTNamedCurves.getByOID(oid);
+            // }
+            // END android-removed
+        }
+
+        return params;
+    }
+
+    public static String getCurveName(
+        DERObjectIdentifier oid)
+    {
+        String name = X962NamedCurves.getName(oid);
+        
+        if (name == null)
+        {
+            name = SECNamedCurves.getName(oid);
+            if (name == null)
+            {
+                name = NISTNamedCurves.getName(oid);
+            }
+            // BEGIN android-removed
+            // if (name == null)
+            // {
+            //     name = TeleTrusTNamedCurves.getName(oid);
+            // }
+            // if (name == null)
+            // {
+            //     name = ECGOST3410NamedCurves.getName(oid);
+            // }
+            // END android-removed
+        }
+
+        return name;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java
new file mode 100644
index 0000000..438928f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java
@@ -0,0 +1,338 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Hashtable;
+
+import javax.crypto.KeyAgreementSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x9.X9IntegerConverter;
+import org.bouncycastle.crypto.BasicAgreement;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DerivationFunction;
+import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
+// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
+// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
+// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
+// END android-removed
+import org.bouncycastle.crypto.digests.SHA1Digest;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.MQVPrivateParameters;
+// import org.bouncycastle.crypto.params.MQVPublicParameters;
+// END android-removed
+import org.bouncycastle.jce.interfaces.ECPrivateKey;
+import org.bouncycastle.jce.interfaces.ECPublicKey;
+// BEGIN android-removed
+// import org.bouncycastle.jce.interfaces.MQVPrivateKey;
+// import org.bouncycastle.jce.interfaces.MQVPublicKey;
+// END android-removed
+
+/**
+ * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363
+ * both the simple one, and the simple one with cofactors are supported.
+ *
+ * Also, MQV key agreement per SEC-1
+ */
+public class KeyAgreement
+    extends KeyAgreementSpi
+{
+    private static final X9IntegerConverter converter = new X9IntegerConverter();
+    private static final Hashtable algorithms = new Hashtable();
+
+    static
+    {
+        // BEGIN android-changed
+        Integer i128 = Integer.valueOf(128);
+        Integer i192 = Integer.valueOf(192);
+        Integer i256 = Integer.valueOf(256);
+        // END android-changed
+
+        algorithms.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), i128);
+        algorithms.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), i192);
+        algorithms.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), i256);
+        algorithms.put(NISTObjectIdentifiers.id_aes128_wrap.getId(), i128);
+        algorithms.put(NISTObjectIdentifiers.id_aes192_wrap.getId(), i192);
+        algorithms.put(NISTObjectIdentifiers.id_aes256_wrap.getId(), i256);
+        algorithms.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId(), i192);
+    }
+
+    private String                 kaAlgorithm;
+    private BigInteger             result;
+    private ECDomainParameters     parameters;
+    private BasicAgreement         agreement;
+    // BEGIN android-removed
+    // private DerivationFunction     kdf;
+    // END android-removed
+
+    private byte[] bigIntToBytes(
+        BigInteger    r)
+    {
+        return converter.integerToBytes(r, converter.getByteLength(parameters.getG().getX()));
+    }
+
+    protected KeyAgreement(
+        String              kaAlgorithm,
+        BasicAgreement      agreement,
+        DerivationFunction  kdf)
+    {
+        this.kaAlgorithm = kaAlgorithm;
+        this.agreement = agreement;
+        // BEGIN android-removed
+        // this.kdf = kdf;
+        // END android-removed
+    }
+
+    protected Key engineDoPhase(
+        Key     key,
+        boolean lastPhase) 
+        throws InvalidKeyException, IllegalStateException
+    {
+        if (parameters == null)
+        {
+            throw new IllegalStateException(kaAlgorithm + " not initialised.");
+        }
+
+        if (!lastPhase)
+        {
+            throw new IllegalStateException(kaAlgorithm + " can only be between two parties.");
+        }
+
+        CipherParameters pubKey;        
+        // BEGIN android-removed
+        // if (agreement instanceof ECMQVBasicAgreement)
+        // {
+        //     if (!(key instanceof MQVPublicKey))
+        //     {
+        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+        //             + getSimpleName(MQVPublicKey.class) + " for doPhase");
+        //     }
+        //
+        //     MQVPublicKey mqvPubKey = (MQVPublicKey)key;
+        //     ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+        //         ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
+        //     ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+        //         ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
+        //
+        //     pubKey = new MQVPublicParameters(staticKey, ephemKey);
+        //
+        //     // TODO Validate that all the keys are using the same parameters?
+        // }
+        // else
+        // END android-removed
+        {
+            if (!(key instanceof ECPublicKey))
+            {
+                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+                    + getSimpleName(ECPublicKey.class) + " for doPhase");
+            }
+
+            pubKey = ECUtil.generatePublicKeyParameter((PublicKey)key);
+
+            // TODO Validate that all the keys are using the same parameters?
+        }
+
+        result = agreement.calculateAgreement(pubKey);
+
+        return null;
+    }
+
+    protected byte[] engineGenerateSecret()
+        throws IllegalStateException
+    {
+        // BEGIN android-removed
+        // if (kdf != null)
+        // {
+        //     throw new UnsupportedOperationException(
+        //         "KDF can only be used when algorithm is known");
+        // }
+        // END android-removed
+
+        return bigIntToBytes(result);
+    }
+
+    protected int engineGenerateSecret(
+        byte[]  sharedSecret,
+        int     offset) 
+        throws IllegalStateException, ShortBufferException
+    {
+        byte[] secret = engineGenerateSecret();
+
+        if (sharedSecret.length - offset < secret.length)
+        {
+            throw new ShortBufferException(kaAlgorithm + " key agreement: need " + secret.length + " bytes");
+        }
+
+        System.arraycopy(secret, 0, sharedSecret, offset, secret.length);
+        
+        return secret.length;
+    }
+
+    protected SecretKey engineGenerateSecret(
+        String algorithm)
+        throws NoSuchAlgorithmException
+    {
+        byte[] secret = bigIntToBytes(result);
+
+        // BEGIN android-removed
+        // if (kdf != null)
+        // {
+        //     if (!algorithms.containsKey(algorithm))
+        //     {
+        //         throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
+        //     }
+        //  
+        //     int    keySize = ((Integer)algorithms.get(algorithm)).intValue();
+        //
+        //     DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
+        //
+        //     byte[] keyBytes = new byte[keySize / 8];
+        //     kdf.init(params);
+        //     kdf.generateBytes(keyBytes, 0, keyBytes.length);
+        //     secret = keyBytes;
+        // }
+        // else
+        // END android-removed
+        {
+            // TODO Should we be ensuring the key is the right length?
+        }
+
+        return new SecretKeySpec(secret, algorithm);
+    }
+
+    protected void engineInit(
+        Key                     key,
+        AlgorithmParameterSpec  params,
+        SecureRandom            random) 
+        throws InvalidKeyException, InvalidAlgorithmParameterException
+    {
+        initFromKey(key);
+    }
+
+    protected void engineInit(
+        Key             key,
+        SecureRandom    random) 
+        throws InvalidKeyException
+    {
+        initFromKey(key);
+    }
+
+    private void initFromKey(Key key)
+        throws InvalidKeyException
+    {
+        // BEGIN android-removed
+        // if (agreement instanceof ECMQVBasicAgreement)
+        // {
+        //     if (!(key instanceof MQVPrivateKey))
+        //     {
+        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+        //             + getSimpleName(MQVPrivateKey.class) + " for initialisation");
+        //     }
+        //
+        //     MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
+        //     ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
+        //         ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
+        //     ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
+        //         ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
+        //
+        //     ECPublicKeyParameters ephemPubKey = null;
+        //     if (mqvPrivKey.getEphemeralPublicKey() != null)
+        //     {
+        //         ephemPubKey = (ECPublicKeyParameters)
+        //             ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
+        //     }
+        //
+        //     MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
+        //     this.parameters = staticPrivKey.getParameters();
+        //
+        //     // TODO Validate that all the keys are using the same parameters?
+        //
+        //     agreement.init(localParams);
+        // }
+        // else
+        // END android-removed
+        {
+            if (!(key instanceof ECPrivateKey))
+            {
+                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+                    + getSimpleName(ECPrivateKey.class) + " for initialisation");
+            }
+
+            ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)ECUtil.generatePrivateKeyParameter((PrivateKey)key);
+            this.parameters = privKey.getParameters();
+
+            agreement.init(privKey);
+        }
+    }
+
+    private static String getSimpleName(Class clazz)
+    {
+        String fullName = clazz.getName();
+
+        return fullName.substring(fullName.lastIndexOf('.') + 1);
+    }
+
+    public static class DH
+        extends KeyAgreement
+    {
+        public DH()
+        {
+            super("ECDH", new ECDHBasicAgreement(), null);
+        }
+    }
+
+    // BEGIN android-removed
+    // public static class DHC
+    //     extends KeyAgreement
+    // {
+    //     public DHC()
+    //     {
+    //         super("ECDHC", new ECDHCBasicAgreement(), null);
+    //     }
+    // }
+    //
+    // public static class MQV
+    //     extends KeyAgreement
+    // {
+    //     public MQV()
+    //     {
+    //         super("ECMQV", new ECMQVBasicAgreement(), null);
+    //     }
+    // }
+    //
+    // public static class DHwithSHA1KDF
+    //     extends KeyAgreement
+    // {
+    //     public DHwithSHA1KDF()
+    //     {
+    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+    //     }
+    // }
+    //
+    // public static class MQVwithSHA1KDF
+    //     extends KeyAgreement
+    // {
+    //     public MQVwithSHA1KDF()
+    //     {
+    //         super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+    //     }
+    // }
+    // END android-removed
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java
new file mode 100644
index 0000000..630d2c7
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyFactory.java
@@ -0,0 +1,208 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+
+import org.bouncycastle.jce.provider.JCEECPrivateKey;
+import org.bouncycastle.jce.provider.JCEECPublicKey;
+import org.bouncycastle.jce.provider.JDKKeyFactory;
+import org.bouncycastle.jce.provider.ProviderUtil;
+import org.bouncycastle.jce.spec.ECPrivateKeySpec;
+import org.bouncycastle.jce.spec.ECPublicKeySpec;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+
+public class KeyFactory
+    extends JDKKeyFactory
+{
+    String algorithm;
+
+    KeyFactory(
+        String algorithm)
+    {
+        this.algorithm = algorithm;
+    }
+
+    protected Key engineTranslateKey(
+        Key    key)
+        throws InvalidKeyException
+    {
+        if (key instanceof ECPublicKey)
+        {
+            return new JCEECPublicKey((ECPublicKey)key);
+        }
+        else if (key instanceof ECPrivateKey)
+        {
+            return new JCEECPrivateKey((ECPrivateKey)key);
+        }
+
+        throw new InvalidKeyException("key type unknown");
+    }
+
+    protected KeySpec engineGetKeySpec(
+        Key    key,
+        Class    spec)
+    throws InvalidKeySpecException
+    {
+       if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8"))
+       {
+               return new PKCS8EncodedKeySpec(key.getEncoded());
+       }
+       else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509"))
+       {
+               return new X509EncodedKeySpec(key.getEncoded());
+       }
+       else if (spec.isAssignableFrom(java.security.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey)
+       {
+           ECPublicKey k = (ECPublicKey)key;
+           if (k.getParams() != null)
+           {
+               return new java.security.spec.ECPublicKeySpec(k.getW(), k.getParams());
+           }
+           else
+           {
+               ECParameterSpec implicitSpec = ProviderUtil.getEcImplicitlyCa();
+
+               return new java.security.spec.ECPublicKeySpec(k.getW(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec));
+           }
+       }
+       else if (spec.isAssignableFrom(java.security.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey)
+       {
+           ECPrivateKey k = (ECPrivateKey)key;
+
+           if (k.getParams() != null)
+           {
+               return new java.security.spec.ECPrivateKeySpec(k.getS(), k.getParams());
+           }
+           else
+           {
+               ECParameterSpec implicitSpec = ProviderUtil.getEcImplicitlyCa();
+
+               return new java.security.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); 
+           }
+       }
+
+       throw new RuntimeException("not implemented yet " + key + " " + spec);
+    }
+
+    protected PrivateKey engineGeneratePrivate(
+        KeySpec keySpec)
+        throws InvalidKeySpecException
+    {
+        if (keySpec instanceof PKCS8EncodedKeySpec)
+        {
+            try
+            {
+                JCEECPrivateKey key = (JCEECPrivateKey)JDKKeyFactory.createPrivateKeyFromDERStream(
+                    ((PKCS8EncodedKeySpec)keySpec).getEncoded());
+
+                return new JCEECPrivateKey(algorithm, key);
+            }
+            catch (Exception e)
+            {
+                throw new InvalidKeySpecException(e.toString());
+            }
+        }
+        else if (keySpec instanceof ECPrivateKeySpec)
+        {
+            return new JCEECPrivateKey(algorithm, (ECPrivateKeySpec)keySpec);
+        }
+        else if (keySpec instanceof java.security.spec.ECPrivateKeySpec)
+        {
+            return new JCEECPrivateKey(algorithm, (java.security.spec.ECPrivateKeySpec)keySpec);
+        }
+
+        throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
+    }
+
+    protected PublicKey engineGeneratePublic(
+        KeySpec keySpec)
+        throws InvalidKeySpecException
+    {
+        if (keySpec instanceof X509EncodedKeySpec)
+        {
+            try
+            {
+                JCEECPublicKey key = (JCEECPublicKey)JDKKeyFactory.createPublicKeyFromDERStream(
+                    ((X509EncodedKeySpec)keySpec).getEncoded());
+
+                return new JCEECPublicKey(algorithm, key);
+            }
+            catch (Exception e)
+            {
+                throw new InvalidKeySpecException(e.toString());
+            }
+        }
+        else if (keySpec instanceof ECPublicKeySpec)
+        {
+            return new JCEECPublicKey(algorithm, (ECPublicKeySpec)keySpec);
+        }
+        else if (keySpec instanceof java.security.spec.ECPublicKeySpec)
+        {
+            return new JCEECPublicKey(algorithm, (java.security.spec.ECPublicKeySpec)keySpec);
+        }
+
+        throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName());
+    }
+
+    public static class EC
+        extends KeyFactory
+    {
+        public EC()
+        {
+            super("EC");
+        }
+    }
+
+    public static class ECDSA
+        extends KeyFactory
+    {
+        public ECDSA()
+        {
+            super("ECDSA");
+        }
+    }
+
+    public static class ECGOST3410
+        extends KeyFactory
+    {
+        public ECGOST3410()
+        {
+            super("ECGOST3410");
+        }
+    }
+
+    public static class ECDH
+        extends KeyFactory
+    {
+        public ECDH()
+        {
+            super("ECDH");
+        }
+    }
+
+    public static class ECDHC
+        extends KeyFactory
+    {
+        public ECDHC()
+        {
+            super("ECDHC");
+        }
+    }
+
+    public static class ECMQV
+        extends KeyFactory
+    {
+        public ECMQV()
+        {
+            super("ECMQV");
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java
new file mode 100644
index 0000000..ab104ed
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java
@@ -0,0 +1,352 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidParameterException;
+import java.security.KeyPair;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.ECGenParameterSpec;
+import java.util.Hashtable;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
+import org.bouncycastle.asn1.sec.SECNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
+import org.bouncycastle.asn1.x9.X962NamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
+import org.bouncycastle.crypto.params.ECDomainParameters;
+import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
+import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
+import org.bouncycastle.crypto.params.ECPublicKeyParameters;
+import org.bouncycastle.jce.provider.JCEECPrivateKey;
+import org.bouncycastle.jce.provider.JCEECPublicKey;
+import org.bouncycastle.jce.provider.JDKKeyPairGenerator;
+import org.bouncycastle.jce.provider.ProviderUtil;
+import org.bouncycastle.jce.spec.ECNamedCurveSpec;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+public abstract class KeyPairGenerator
+    extends JDKKeyPairGenerator
+{
+    public KeyPairGenerator(String algorithmName)
+    {
+        super(algorithmName);
+    }
+
+    public static class EC
+        extends KeyPairGenerator
+    {
+        ECKeyGenerationParameters   param;
+        ECKeyPairGenerator          engine = new ECKeyPairGenerator();
+        Object                      ecParams = null;
+        int                         strength = 239;
+        int                         certainty = 50;
+        SecureRandom                random = new SecureRandom();
+        boolean                     initialised = false;
+        String                      algorithm;
+
+        static private Hashtable    ecParameters;
+
+        static {
+            ecParameters = new Hashtable();
+
+            // BEGIN android-changed
+            ecParameters.put(Integer.valueOf(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192
+            ecParameters.put(Integer.valueOf(239), new ECGenParameterSpec("prime239v1"));
+            ecParameters.put(Integer.valueOf(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256
+
+            ecParameters.put(Integer.valueOf(224), new ECGenParameterSpec("P-224"));
+            ecParameters.put(Integer.valueOf(384), new ECGenParameterSpec("P-384"));
+            ecParameters.put(Integer.valueOf(521), new ECGenParameterSpec("P-521"));
+            // END android-changed
+        }
+
+        public EC()
+        {
+            super("EC");
+            this.algorithm = "EC";
+        }
+
+        public EC(
+            String  algorithm)
+        {
+            super(algorithm);
+            this.algorithm = algorithm;
+        }
+
+        public void initialize(
+            int             strength,
+            SecureRandom    random)
+        {
+            this.strength = strength;
+            // BEGIN android-added
+            if (random != null) {
+            // END android-added
+            this.random = random;
+            // BEGIN android-added
+            }
+            // END android-added
+            // BEGIN android-changed
+            this.ecParams = ecParameters.get(Integer.valueOf(strength));
+            // END android-changed
+
+            if (ecParams != null)
+            {
+                try
+                {
+                    initialize((ECGenParameterSpec)ecParams, random);
+                }
+                catch (InvalidAlgorithmParameterException e)
+                {
+                    throw new InvalidParameterException("key size not configurable.");
+                }
+            }
+            else
+            {
+                throw new InvalidParameterException("unknown key size.");
+            }
+        }
+
+        public void initialize(
+            AlgorithmParameterSpec  params,
+            SecureRandom            random)
+            throws InvalidAlgorithmParameterException
+        {
+            // BEGIN android-added
+            if (random == null) {
+                random = this.random;
+            }
+            // END android-added
+            if (params instanceof ECParameterSpec)
+            {
+                ECParameterSpec p = (ECParameterSpec)params;
+                this.ecParams = params;
+
+                param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random);
+
+                engine.init(param);
+                initialised = true;
+            }
+            else if (params instanceof java.security.spec.ECParameterSpec)
+            {
+                java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)params;
+                this.ecParams = params;
+
+                ECCurve curve = EC5Util.convertCurve(p.getCurve());
+                ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false);
+
+                param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random);
+
+                engine.init(param);
+                initialised = true;
+            }
+            else if (params instanceof ECGenParameterSpec)
+            {
+                final String curveName = ((ECGenParameterSpec)params).getName();
+
+                // BEGIN android-removed
+                // if (this.algorithm.equals("ECGOST3410"))
+                // {
+                //     ECDomainParameters  ecP = ECGOST3410NamedCurves.getByName(curveName);
+                //     if (ecP == null)
+                //     {
+                //         throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
+                //     }
+                //
+                //     this.ecParams = new ECNamedCurveSpec(
+                //                                     curveName,
+                //                                     ecP.getCurve(),
+                //                                     ecP.getG(),
+                //                                     ecP.getN(),
+                //                                     ecP.getH(),
+                //                                     ecP.getSeed());
+                // }
+                // else
+                // END android-removed
+                {
+                    X9ECParameters  ecP = X962NamedCurves.getByName(curveName);
+                    if (ecP == null)
+                    {
+                        ecP = SECNamedCurves.getByName(curveName);
+                        if (ecP == null)
+                        {
+                            ecP = NISTNamedCurves.getByName(curveName);
+                        }
+                        // BEGIN android-removed
+                        // if (ecP == null)
+                        // {
+                        //     ecP = TeleTrusTNamedCurves.getByName(curveName);
+                        // }
+                        // END android-removed
+                        if (ecP == null)
+                        {
+                            // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug)
+                            try
+                            {
+                                DERObjectIdentifier oid = new DERObjectIdentifier(curveName);
+                                ecP = X962NamedCurves.getByOID(oid);
+                                if (ecP == null)
+                                {
+                                    ecP = SECNamedCurves.getByOID(oid);
+                                }
+                                if (ecP == null)
+                                {
+                                    ecP = NISTNamedCurves.getByOID(oid);
+                                }
+                                // BEGIN android-removed
+                                // if (ecP == null)
+                                // {
+                                //     ecP = TeleTrusTNamedCurves.getByOID(oid);
+                                // }
+                                // END android-removed
+                                if (ecP == null)
+                                {
+                                    throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName);
+                                }
+                            }
+                            catch (IllegalArgumentException ex)
+                            {
+                                throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName);
+                            }
+                        }
+                    }
+
+                    this.ecParams = new ECNamedCurveSpec(
+                            curveName,
+                            ecP.getCurve(),
+                            ecP.getG(),
+                            ecP.getN(),
+                            ecP.getH(),
+                            null); // ecP.getSeed());   Work-around JDK bug -- it won't look up named curves properly if seed is present 
+                }
+
+                java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams;
+
+                ECCurve curve = EC5Util.convertCurve(p.getCurve());
+                ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false);
+
+                param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random);
+
+                engine.init(param);
+                initialised = true;
+            }
+            else if (params == null && ProviderUtil.getEcImplicitlyCa() != null)
+            {
+                ECParameterSpec p = ProviderUtil.getEcImplicitlyCa();
+                this.ecParams = params;
+
+                param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random);
+
+                engine.init(param);
+                initialised = true;
+            }
+            else if (params == null && ProviderUtil.getEcImplicitlyCa() == null)
+            {
+                throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set");
+            }
+            else
+            {
+                throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec");
+            }
+        }
+
+        public KeyPair generateKeyPair()
+        {
+            if (!initialised)
+            {
+                // BEGIN android-removed
+                // throw new IllegalStateException("EC Key Pair Generator not initialised");
+                // END android-removed
+                // BEGIN android-added
+                /*
+                 * KeyPairGenerator documentation says that a default initialization must be provided
+                 */
+                initialize(192, random);
+                // END android-added
+            }
+
+            AsymmetricCipherKeyPair     pair = engine.generateKeyPair();
+            ECPublicKeyParameters       pub = (ECPublicKeyParameters)pair.getPublic();
+            ECPrivateKeyParameters      priv = (ECPrivateKeyParameters)pair.getPrivate();
+
+            if (ecParams instanceof ECParameterSpec)
+            {
+                ECParameterSpec p = (ECParameterSpec)ecParams;
+
+                JCEECPublicKey pubKey = new JCEECPublicKey(algorithm, pub, p);
+                return new KeyPair(pubKey,
+                                   new JCEECPrivateKey(algorithm, priv, pubKey, p));
+            }
+            else if (ecParams == null)
+            {
+               return new KeyPair(new JCEECPublicKey(algorithm, pub),
+                                   new JCEECPrivateKey(algorithm, priv));
+            }
+            else
+            {
+                java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams;
+
+                JCEECPublicKey pubKey = new JCEECPublicKey(algorithm, pub, p);
+                
+                return new KeyPair(pubKey, new JCEECPrivateKey(algorithm, priv, pubKey, p));
+            }
+        }
+    }
+
+    public static class ECDSA
+        extends EC
+    {
+        public ECDSA()
+        {
+            super("ECDSA");
+        }
+    }
+
+    // BEGIN android-removed
+    // public static class ECGOST3410
+    //     extends EC
+    // {
+    //     public ECGOST3410()
+    //     {
+    //         super("ECGOST3410");
+    //     }
+    // }
+    // END android-removed
+
+    public static class ECDH
+        extends EC
+    {
+        public ECDH()
+        {
+            super("ECDH");
+        }
+    }
+
+    public static class ECDHC
+        extends EC
+    {
+        public ECDHC()
+        {
+            super("ECDHC");
+        }
+    }
+
+    public static class ECMQV
+        extends EC
+    {
+        public ECMQV()
+        {
+            super("ECMQV");
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java
new file mode 100644
index 0000000..0bb21f8
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java
@@ -0,0 +1,344 @@
+package org.bouncycastle.jce.provider.asymmetric.ec;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.interfaces.ECPublicKey;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DSA;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.NullDigest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+// END android-removed
+import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// END android-removed
+import org.bouncycastle.crypto.digests.SHA256Digest;
+import org.bouncycastle.crypto.digests.SHA384Digest;
+import org.bouncycastle.crypto.digests.SHA512Digest;
+import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.crypto.signers.ECDSASigner;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.signers.ECNRSigner;
+// END android-removed
+import org.bouncycastle.jce.interfaces.ECKey;
+import org.bouncycastle.jce.provider.DSABase;
+import org.bouncycastle.jce.provider.DSAEncoder;
+import org.bouncycastle.jce.provider.JDKKeyFactory;
+
+public class Signature
+    extends DSABase
+{
+    Signature(Digest digest, DSA signer, DSAEncoder encoder)
+    {
+        super(digest, signer, encoder);
+    }
+
+    protected void engineInitVerify(PublicKey publicKey)
+        throws InvalidKeyException
+    {
+        CipherParameters param;
+
+        if (publicKey instanceof ECPublicKey)
+        {
+            param = ECUtil.generatePublicKeyParameter(publicKey);
+        }
+        else
+        {
+            try
+            {
+                byte[] bytes = publicKey.getEncoded();
+
+                publicKey = JDKKeyFactory.createPublicKeyFromDERStream(bytes);
+
+                if (publicKey instanceof ECPublicKey)
+                {
+                    param = ECUtil.generatePublicKeyParameter(publicKey);
+                }
+                else
+                {
+                    throw new InvalidKeyException("can't recognise key type in ECDSA based signer");
+                }
+            }
+            catch (Exception e)
+            {
+                throw new InvalidKeyException("can't recognise key type in ECDSA based signer");
+            }
+        }
+
+        digest.reset();
+        signer.init(false, param);
+    }
+
+    protected void engineInitSign(
+        PrivateKey privateKey,
+        SecureRandom random)
+        throws InvalidKeyException
+    {
+        CipherParameters param;
+
+        if (privateKey instanceof ECKey)
+        {
+            param = ECUtil.generatePrivateKeyParameter(privateKey);
+        }
+        else
+        {
+            throw new InvalidKeyException("can't recognise key type in ECDSA based signer");
+        }
+
+        digest.reset();
+
+        if (random != null)
+        {
+            signer.init(true, new ParametersWithRandom(param, random));
+        }
+        else
+        {
+            signer.init(true, param);
+        }
+    }
+
+    static public class ecDSA
+        extends Signature
+    {
+        public ecDSA()
+        {
+            super(new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
+
+    static public class ecDSAnone
+        extends Signature
+    {
+        public ecDSAnone()
+        {
+            super(new NullDigest(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
+
+    // BEGIN android-removed
+    // static public class ecDSA224
+    //     extends Signature
+    // {
+    //     public ecDSA224()
+    //     {
+    //         super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
+    //     }
+    // }
+    // END android-removed
+
+    static public class ecDSA256
+        extends Signature
+    {
+        public ecDSA256()
+        {
+            super(new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
+
+    static public class ecDSA384
+        extends Signature
+    {
+        public ecDSA384()
+        {
+            super(new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
+
+    static public class ecDSA512
+        extends Signature
+    {
+        public ecDSA512()
+        {
+            super(new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
+
+    // BEGIN android-removed
+    // static public class ecDSARipeMD160
+    //     extends Signature
+    // {
+    //     public ecDSARipeMD160()
+    //     {
+    //         super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR
+    //     extends Signature
+    // {
+    //     public ecNR()
+    //     {
+    //         super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR224
+    //     extends Signature
+    // {
+    //     public ecNR224()
+    //     {
+    //         super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR256
+    //     extends Signature
+    // {
+    //     public ecNR256()
+    //     {
+    //         super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR384
+    //     extends Signature
+    // {
+    //     public ecNR384()
+    //     {
+    //         super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR512
+    //     extends Signature
+    // {
+    //     public ecNR512()
+    //     {
+    //         super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA
+    //     extends Signature
+    // {
+    //     public ecCVCDSA()
+    //     {
+    //         super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA224
+    //     extends Signature
+    // {
+    //     public ecCVCDSA224()
+    //     {
+    //         super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA256
+    //     extends Signature
+    // {
+    //     public ecCVCDSA256()
+    //     {
+    //         super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    // END android-removed
+
+    private static class StdDSAEncoder
+        implements DSAEncoder
+    {
+        public byte[] encode(
+            BigInteger r,
+            BigInteger s)
+            throws IOException
+        {
+            ASN1EncodableVector v = new ASN1EncodableVector();
+
+            v.add(new DERInteger(r));
+            v.add(new DERInteger(s));
+
+            return new DERSequence(v).getEncoded(ASN1Encodable.DER);
+        }
+
+        public BigInteger[] decode(
+            byte[] encoding)
+            throws IOException
+        {
+            ASN1Sequence s = (ASN1Sequence)ASN1Object.fromByteArray(encoding);
+            BigInteger[] sig = new BigInteger[2];
+
+            sig[0] = ((DERInteger)s.getObjectAt(0)).getValue();
+            sig[1] = ((DERInteger)s.getObjectAt(1)).getValue();
+
+            return sig;
+        }
+    }
+
+    private static class CVCDSAEncoder
+        implements DSAEncoder
+    {
+        public byte[] encode(
+            BigInteger r,
+            BigInteger s)
+            throws IOException
+        {
+            byte[] first = makeUnsigned(r);
+            byte[] second = makeUnsigned(s);
+            byte[] res;
+
+            if (first.length > second.length)
+            {
+                res = new byte[first.length * 2];
+            }
+            else
+            {
+                res = new byte[second.length * 2];
+            }
+
+            System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
+            System.arraycopy(second, 0, res, res.length - second.length, second.length);
+
+            return res;
+        }
+
+
+        private byte[] makeUnsigned(BigInteger val)
+        {
+            byte[] res = val.toByteArray();
+
+            if (res[0] == 0)
+            {
+                byte[] tmp = new byte[res.length - 1];
+
+                System.arraycopy(res, 1, tmp, 0, tmp.length);
+
+                return tmp;
+            }
+
+            return res;
+        }
+
+        public BigInteger[] decode(
+            byte[] encoding)
+            throws IOException
+        {
+            BigInteger[] sig = new BigInteger[2];
+
+            byte[] first = new byte[encoding.length / 2];
+            byte[] second = new byte[encoding.length / 2];
+
+            System.arraycopy(encoding, 0, first, 0, first.length);
+            System.arraycopy(encoding, first.length, second, 0, second.length);
+
+            sig[0] = new BigInteger(1, first);
+            sig[1] = new BigInteger(1, second);
+
+            return sig;
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java
index f2e84e4..6076ee5 100644
--- a/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java
+++ b/src/main/java/org/bouncycastle/jce/provider/symmetric/AES.java
@@ -1,27 +1,32 @@
 package org.bouncycastle.jce.provider.symmetric;
 
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.CipherKeyGenerator;
-import org.bouncycastle.crypto.engines.AESEngine;
-import org.bouncycastle.crypto.engines.AESFastEngine;
-import org.bouncycastle.crypto.engines.AESWrapEngine;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-// END android-removed
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.jce.provider.JCEBlockCipher;
-import org.bouncycastle.jce.provider.JCEKeyGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
-import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
-import org.bouncycastle.jce.provider.WrapCipherSpi;
-
-import javax.crypto.spec.IvParameterSpec;
 import java.security.AlgorithmParameters;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.HashMap;
+
+import javax.crypto.spec.IvParameterSpec;
+
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.crypto.BufferedBlockCipher;
+import org.bouncycastle.crypto.CipherKeyGenerator;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.engines.AESWrapEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// import org.bouncycastle.crypto.macs.CMac;
+// END android-removed
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CFBBlockCipher;
+import org.bouncycastle.crypto.modes.OFBBlockCipher;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.provider.JCEBlockCipher;
+import org.bouncycastle.jce.provider.JCEKeyGenerator;
+import org.bouncycastle.jce.provider.JCEMac;
+import org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator;
+import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
+import org.bouncycastle.jce.provider.WrapCipherSpi;
 
 public final class AES
 {
@@ -65,6 +70,15 @@
     //         super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128);
     //     }
     // }
+    //
+    // public static class AESCMAC
+    //     extends JCEMac
+    // {
+    //     public AESCMAC()
+    //     {
+    //         super(new CMac(new AESFastEngine()));
+    //     }
+    // }
     // END android-removed
 
     static public class Wrap
@@ -82,7 +96,7 @@
     // {
     //     public RFC3211Wrap()
     //     {
-    //         super(new RFC3211WrapEngine(new AESEngine()), 16);
+    //         super(new RFC3211WrapEngine(new AESFastEngine()), 16);
     //     }
     // }
     // END android-removed
@@ -155,7 +169,7 @@
     //
     //         try
     //         {
-    //             params = AlgorithmParameters.getInstance("AES", "BC");
+    //             params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
     //             params.init(new IvParameterSpec(iv));
     //         }
     //         catch (Exception e)
@@ -176,4 +190,89 @@
             return "AES IV";
         }
     }
+
+    public static class Mappings
+        extends HashMap
+    {
+        /**
+         * These three got introduced in some messages as a result of a typo in an
+         * early document. We don't produce anything using these OID values, but we'll
+         * read them.
+         */
+        private static final String wrongAES128 = "2.16.840.1.101.3.4.2";
+        private static final String wrongAES192 = "2.16.840.1.101.3.4.22";
+        private static final String wrongAES256 = "2.16.840.1.101.3.4.42";
+
+        public Mappings()
+        {
+            put("AlgorithmParameters.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParams");
+            put("Alg.Alias.AlgorithmParameters." + wrongAES128, "AES");
+            put("Alg.Alias.AlgorithmParameters." + wrongAES192, "AES");
+            put("Alg.Alias.AlgorithmParameters." + wrongAES256, "AES");
+            put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
+            put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+            put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+
+            // BEGIN android-removed
+            // put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
+            // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
+            // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
+            // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
+            // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
+            // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+            // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+            // END android-removed
+
+            put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+            put("Alg.Alias.Cipher." + wrongAES128, "AES");
+            put("Alg.Alias.Cipher." + wrongAES192, "AES");
+            put("Alg.Alias.Cipher." + wrongAES256, "AES");
+            // BEGIN android-removed
+            // put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$ECB");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$CBC");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$OFB");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
+            // put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$CFB");
+            // END android-removed
+            put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap");
+            put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
+            put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
+            put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
+            // BEGIN android-removed
+            // put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
+            // END android-removed
+
+            put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
+            // BEGIN android-removed
+            // put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+            // put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+            // put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+            // put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
+            // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
+            //
+            // put("Mac.AESCMAC", "org.bouncycastle.jce.provider.symmetric.AES$AESCMAC");
+            // END android-removed
+        }
+    }
 }
diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/AESMappings.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/AESMappings.java
deleted file mode 100644
index b3294c3..0000000
--- a/src/main/java/org/bouncycastle/jce/provider/symmetric/AESMappings.java
+++ /dev/null
@@ -1,88 +0,0 @@
-package org.bouncycastle.jce.provider.symmetric;
-
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-
-import java.util.HashMap;
-
-public class AESMappings
-    extends HashMap
-{
-    /**
-     * These three got introduced in some messages as a result of a typo in an
-     * early document. We don't produce anything using these OID values, but we'll
-     * read them.
-     */
-    private static final String wrongAES128 = "2.16.840.1.101.3.4.2";
-    private static final String wrongAES192 = "2.16.840.1.101.3.4.22";
-    private static final String wrongAES256 = "2.16.840.1.101.3.4.42";
-
-    public AESMappings()
-    {
-        put("AlgorithmParameters.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParams");
-        put("Alg.Alias.AlgorithmParameters." + wrongAES128, "AES");
-        put("Alg.Alias.AlgorithmParameters." + wrongAES192, "AES");
-        put("Alg.Alias.AlgorithmParameters." + wrongAES256, "AES");
-        put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-        put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-        put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-
-        // BEGIN android-removed
-        // put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$AlgParamGen");
-        // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
-        // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
-        // put("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
-        // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-        // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-        // put("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-        // END android-removed
-
-        put("Cipher.AES", "org.bouncycastle.jce.provider.symmetric.AES$ECB");
-        put("Alg.Alias.Cipher." + wrongAES128, "AES");
-        put("Alg.Alias.Cipher." + wrongAES192, "AES");
-        put("Alg.Alias.Cipher." + wrongAES256, "AES");
-        // BEGIN android-changed
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "AES");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "AES");
-        // END android-changed
-        put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$Wrap");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
-        put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
-        // BEGIN android-removed
-        // put("Cipher.AESRFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.AES$RFC3211Wrap");
-        // END android-removed
-
-        put("KeyGenerator.AES", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
-        // BEGIN android-removed
-        // put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-        // put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-        // put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-        // put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.symmetric.AES$KeyGen");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen128");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen192");
-        // put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.symmetric.AES$KeyGen256");
-        // END android-removed
-    }
-}
diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java
new file mode 100644
index 0000000..1206f6c
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/symmetric/ARC4.java
@@ -0,0 +1,50 @@
+package org.bouncycastle.jce.provider.symmetric;
+
+import java.util.HashMap;
+
+import org.bouncycastle.crypto.CipherKeyGenerator;
+import org.bouncycastle.crypto.engines.RC4Engine;
+import org.bouncycastle.jce.provider.JCEKeyGenerator;
+import org.bouncycastle.jce.provider.JCEStreamCipher;
+
+public final class ARC4
+{
+    private ARC4()
+    {
+    }
+    
+    public static class Base
+        extends JCEStreamCipher
+    {
+        public Base()
+        {
+            super(new RC4Engine(), 0);
+        }
+    }
+
+    public static class KeyGen
+        extends JCEKeyGenerator
+    {
+        public KeyGen()
+        {
+            // BEGIN android-changed
+            super("ARC4", 128, new CipherKeyGenerator());
+            // END android-changed
+        }
+    }
+
+    public static class Mappings
+        extends HashMap
+    {
+        public Mappings()
+        {
+            put("Cipher.ARC4", "org.bouncycastle.jce.provider.symmetric.ARC4$Base");
+            put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4");
+            put("Alg.Alias.Cipher.ARCFOUR", "ARC4");
+            put("Alg.Alias.Cipher.RC4", "ARC4");
+            put("KeyGenerator.ARC4", "org.bouncycastle.jce.provider.symmetric.ARC4$KeyGen");
+            put("Alg.Alias.KeyGenerator.RC4", "ARC4");
+            put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "ARC4");
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java
new file mode 100644
index 0000000..b1a8b72
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/symmetric/Blowfish.java
@@ -0,0 +1,69 @@
+package org.bouncycastle.jce.provider.symmetric;
+
+import java.util.HashMap;
+
+import org.bouncycastle.crypto.CipherKeyGenerator;
+import org.bouncycastle.crypto.engines.BlowfishEngine;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.jce.provider.JCEBlockCipher;
+import org.bouncycastle.jce.provider.JCEKeyGenerator;
+import org.bouncycastle.jce.provider.JDKAlgorithmParameters;
+
+public final class Blowfish
+{
+    private Blowfish()
+    {
+    }
+    
+    public static class ECB
+        extends JCEBlockCipher
+    {
+        public ECB()
+        {
+            super(new BlowfishEngine());
+        }
+    }
+
+    public static class CBC
+        extends JCEBlockCipher
+    {
+        public CBC()
+        {
+            super(new CBCBlockCipher(new BlowfishEngine()), 64);
+        }
+    }
+
+    public static class KeyGen
+        extends JCEKeyGenerator
+    {
+        public KeyGen()
+        {
+            super("Blowfish", 128, new CipherKeyGenerator());
+        }
+    }
+
+    public static class AlgParams
+        extends JDKAlgorithmParameters.IVAlgorithmParameters
+    {
+        protected String engineToString()
+        {
+            return "Blowfish IV";
+        }
+    }
+
+    public static class Mappings
+        extends HashMap
+    {
+        public Mappings()
+        {
+            put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$ECB");
+            // BEGIN android-removed
+            // put("Cipher.1.3.6.1.4.1.3029.1.2", "org.bouncycastle.jce.provider.symmetric.Blowfish$CBC");
+            // END android-removed
+            put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$KeyGen");
+            put("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
+            put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$AlgParams");
+            put("Alg.Alias.AlgorithmParameters.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java b/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java
new file mode 100644
index 0000000..ec35f61
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/provider/symmetric/DESede.java
@@ -0,0 +1,313 @@
+package org.bouncycastle.jce.provider.symmetric;
+
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.util.HashMap;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.DESedeKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.crypto.KeyGenerationParameters;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.engines.DESedeWrapEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// END android-removed
+import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
+import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// import org.bouncycastle.crypto.macs.CMac;
+// END android-removed
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
+import org.bouncycastle.jce.provider.JCEBlockCipher;
+import org.bouncycastle.jce.provider.JCEKeyGenerator;
+import org.bouncycastle.jce.provider.JCEMac;
+import org.bouncycastle.jce.provider.JCESecretKeyFactory;
+import org.bouncycastle.jce.provider.WrapCipherSpi;
+
+public final class DESede
+{
+    private DESede()
+    {
+    }
+
+    static public class ECB
+        extends JCEBlockCipher
+    {
+        public ECB()
+        {
+            super(new DESedeEngine());
+        }
+    }
+
+    static public class CBC
+        extends JCEBlockCipher
+    {
+        public CBC()
+        {
+            super(new CBCBlockCipher(new DESedeEngine()), 64);
+        }
+    }
+
+    // BEGIN android-removed
+    // /**
+    //  * DESede   CFB8
+    //  */
+    // public static class DESedeCFB8
+    //     extends JCEMac
+    // {
+    //     public DESedeCFB8()
+    //     {
+    //         super(new CFBBlockCipherMac(new DESedeEngine()));
+    //     }
+    // }
+    // END android-removed
+
+    /**
+     * DESede64
+     */
+    public static class DESede64
+        extends JCEMac
+    {
+        public DESede64()
+        {
+            super(new CBCBlockCipherMac(new DESedeEngine(), 64));
+        }
+    }
+
+    /**
+     * DESede64with7816-4Padding
+     */
+    public static class DESede64with7816d4
+        extends JCEMac
+    {
+        public DESede64with7816d4()
+        {
+            super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
+        }
+    }
+    
+    public static class CBCMAC
+        extends JCEMac
+    {
+        public CBCMAC()
+        {
+            super(new CBCBlockCipherMac(new DESedeEngine()));
+        }
+    }
+
+    // BEGIN android-removed
+    // static public class CMAC
+    //     extends JCEMac
+    // {
+    //     public CMAC()
+    //     {
+    //         super(new CMac(new DESedeEngine()));
+    //     }
+    // }
+    // END android-removed
+
+    public static class Wrap
+        extends WrapCipherSpi
+    {
+        public Wrap()
+        {
+            super(new DESedeWrapEngine());
+        }
+    }
+
+    // BEGIN android-removed
+    // public static class RFC3211
+    //     extends WrapCipherSpi
+    // {
+    //     public RFC3211()
+    //     {
+    //         super(new RFC3211WrapEngine(new DESedeEngine()), 8);
+    //     }
+    // }
+    // END android-removed
+
+  /**
+     * DESede - the default for this is to generate a key in
+     * a-b-a format that's 24 bytes long but has 16 bytes of
+     * key material (the first 8 bytes is repeated as the last
+     * 8 bytes). If you give it a size, you'll get just what you
+     * asked for.
+     */
+    public static class KeyGenerator
+        extends JCEKeyGenerator
+    {
+        private boolean     keySizeSet = false;
+
+        public KeyGenerator()
+        {
+            super("DESede", 192, new DESedeKeyGenerator());
+        }
+
+        protected void engineInit(
+            int             keySize,
+            SecureRandom random)
+        {
+            super.engineInit(keySize, random);
+            keySizeSet = true;
+        }
+
+        protected SecretKey engineGenerateKey()
+        {
+            if (uninitialised)
+            {
+                engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize));
+                uninitialised = false;
+            }
+
+            //
+            // if no key size has been defined generate a 24 byte key in
+            // the a-b-a format
+            //
+            if (!keySizeSet)
+            {
+                byte[]     k = engine.generateKey();
+
+                System.arraycopy(k, 0, k, 16, 8);
+
+                return new SecretKeySpec(k, algName);
+            }
+            else
+            {
+                return new SecretKeySpec(engine.generateKey(), algName);
+            }
+        }
+    }
+
+    /**
+     * generate a desEDE key in the a-b-c format.
+     */
+    public static class KeyGenerator3
+        extends JCEKeyGenerator
+    {
+        public KeyGenerator3()
+        {
+            super("DESede3", 192, new DESedeKeyGenerator());
+        }
+    }
+
+    static public class KeyFactory
+        extends JCESecretKeyFactory
+    {
+        public KeyFactory()
+        {
+            super("DESede", null);
+        }
+
+        protected KeySpec engineGetKeySpec(
+            SecretKey key,
+            Class keySpec)
+        throws InvalidKeySpecException
+        {
+            if (keySpec == null)
+            {
+                throw new InvalidKeySpecException("keySpec parameter is null");
+            }
+            if (key == null)
+            {
+                throw new InvalidKeySpecException("key parameter is null");
+            }
+
+            if (SecretKeySpec.class.isAssignableFrom(keySpec))
+            {
+                return new SecretKeySpec(key.getEncoded(), algName);
+            }
+            else if (DESedeKeySpec.class.isAssignableFrom(keySpec))
+            {
+                byte[]  bytes = key.getEncoded();
+
+                try
+                {
+                    if (bytes.length == 16)
+                    {
+                        byte[]  longKey = new byte[24];
+
+                        System.arraycopy(bytes, 0, longKey, 0, 16);
+                        System.arraycopy(bytes, 0, longKey, 16, 8);
+
+                        return new DESedeKeySpec(longKey);
+                    }
+                    else
+                    {
+                        return new DESedeKeySpec(bytes);
+                    }
+                }
+                catch (Exception e)
+                {
+                    throw new InvalidKeySpecException(e.toString());
+                }
+            }
+
+            throw new InvalidKeySpecException("Invalid KeySpec");
+        }
+
+        protected SecretKey engineGenerateSecret(
+            KeySpec keySpec)
+        throws InvalidKeySpecException
+        {
+            if (keySpec instanceof DESedeKeySpec)
+            {
+                DESedeKeySpec desKeySpec = (DESedeKeySpec)keySpec;
+                return new SecretKeySpec(desKeySpec.getKey(), "DESede");
+            }
+
+            return super.engineGenerateSecret(keySpec);
+        }
+    }
+
+    public static class Mappings
+        extends HashMap
+    {
+        public Mappings()
+        {
+            put("Cipher.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$ECB");
+            // BEGIN android-removed
+            // put("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
+            // put("Cipher." + OIWObjectIdentifiers.desCBC, "org.bouncycastle.jce.provider.symmetric.DESede$CBC");
+            // END android-removed
+            put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$Wrap");
+            // BEGIN android-changed
+            put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
+            // END android-changed
+            // BEGIN android-removed
+            // put("Cipher.DESEDERFC3211WRAP", "org.bouncycastle.jce.provider.symmetric.DESede$RFC3211");
+            // END android-removed
+
+            put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
+            // BEGIN android-removed
+            // put("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator3");
+            // put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.symmetric.DESede$KeyGenerator");
+            // END android-removed
+
+            put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.symmetric.DESede$KeyFactory");
+
+            // BEGIN android-removed
+            // put("Mac.DESEDECMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CMAC");
+            // put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.symmetric.DESede$CBCMAC");
+            // put("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
+            //
+            // put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.symmetric.DESede$DESedeCFB8");
+            // put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
+            //
+            // put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64");
+            // put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
+            //
+            // put("Mac.DESEDEMAC64WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.symmetric.DESede$DESede64with7816d4");
+            // put("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // put("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // put("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // END android-removed
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java b/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java
new file mode 100644
index 0000000..1215784
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java
@@ -0,0 +1,26 @@
+package org.bouncycastle.jce.spec;
+
+import java.security.spec.KeySpec;
+
+/**
+ * base class for an Elliptic Curve Key Spec
+ */
+public class ECKeySpec
+    implements KeySpec
+{
+    private ECParameterSpec     spec;
+
+    protected ECKeySpec(
+        ECParameterSpec spec)
+    {
+        this.spec = spec;
+    }
+
+    /**
+     * return the domain parameters for the curve
+     */
+    public ECParameterSpec getParams()
+    {
+        return spec;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java b/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java
new file mode 100644
index 0000000..47416a2
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java
@@ -0,0 +1,62 @@
+package org.bouncycastle.jce.spec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+/**
+ * specification signifying that the curve parameters can also be
+ * refered to by name.
+ * <p>
+ * If you are using JDK 1.5 you should be looking at ECNamedCurveSpec.
+ */
+public class ECNamedCurveParameterSpec
+    extends ECParameterSpec
+{
+    private String  name;
+
+    public ECNamedCurveParameterSpec(
+        String      name,
+        ECCurve     curve,
+        ECPoint     G,
+        BigInteger  n)
+    {
+        super(curve, G, n);
+
+        this.name = name;
+    }
+
+    public ECNamedCurveParameterSpec(
+        String      name,
+        ECCurve     curve,
+        ECPoint     G,
+        BigInteger  n,
+        BigInteger  h)
+    {
+        super(curve, G, n, h);
+
+        this.name = name;
+    }
+
+    public ECNamedCurveParameterSpec(
+        String      name,
+        ECCurve     curve,
+        ECPoint     G,
+        BigInteger  n,
+        BigInteger  h,
+        byte[]      seed)
+    {
+        super(curve, G, n, h, seed);
+
+        this.name = name;
+    }
+
+    /**
+     * return the name of the curve the EC domain parameters belong to.
+     */
+    public String getName()
+    {
+        return name;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java b/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java
new file mode 100644
index 0000000..84ebf70
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java
@@ -0,0 +1,121 @@
+package org.bouncycastle.jce.spec;
+
+import java.math.BigInteger;
+import java.security.spec.ECFieldF2m;
+import java.security.spec.ECFieldFp;
+import java.security.spec.ECPoint;
+import java.security.spec.EllipticCurve;
+
+import org.bouncycastle.math.ec.ECCurve;
+
+/**
+ * specification signifying that the curve parameters can also be
+ * referred to by name.
+ */
+public class ECNamedCurveSpec
+    extends java.security.spec.ECParameterSpec
+{
+    private String  name;
+
+    private static EllipticCurve convertCurve(
+        ECCurve  curve,
+        byte[]   seed)
+    {
+        if (curve instanceof ECCurve.Fp)
+        {
+            return new EllipticCurve(new ECFieldFp(((ECCurve.Fp)curve).getQ()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed);
+        }
+        else
+        {
+            ECCurve.F2m curveF2m = (ECCurve.F2m)curve;
+            int ks[];
+            
+            if (curveF2m.isTrinomial())
+            {
+                ks = new int[] { curveF2m.getK1() };
+                
+                return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed);
+            }
+            else
+            {
+                ks = new int[] { curveF2m.getK3(), curveF2m.getK2(), curveF2m.getK1() };
+
+                return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed);
+            } 
+        }
+
+    }
+    
+    private static ECPoint convertPoint(
+        org.bouncycastle.math.ec.ECPoint  g)
+    {
+        return new ECPoint(g.getX().toBigInteger(), g.getY().toBigInteger());
+    }
+    
+    public ECNamedCurveSpec(
+        String                              name,
+        ECCurve                             curve,
+        org.bouncycastle.math.ec.ECPoint    g,
+        BigInteger                          n)
+    {
+        super(convertCurve(curve, null), convertPoint(g), n, 1);
+
+        this.name = name;
+    }
+
+    public ECNamedCurveSpec(
+        String          name,
+        EllipticCurve   curve,
+        ECPoint         g,
+        BigInteger      n)
+    {
+        super(curve, g, n, 1);
+
+        this.name = name;
+    }
+    
+    public ECNamedCurveSpec(
+        String                              name,
+        ECCurve                             curve,
+        org.bouncycastle.math.ec.ECPoint    g,
+        BigInteger                          n,
+        BigInteger                          h)
+    {
+        super(convertCurve(curve, null), convertPoint(g), n, h.intValue());
+
+        this.name = name;
+    }
+
+    public ECNamedCurveSpec(
+        String          name,
+        EllipticCurve   curve,
+        ECPoint         g,
+        BigInteger      n,
+        BigInteger      h)
+    {
+        super(curve, g, n, h.intValue());
+
+        this.name = name;
+    }
+    
+    public ECNamedCurveSpec(
+        String                              name,
+        ECCurve                             curve,
+        org.bouncycastle.math.ec.ECPoint    g,
+        BigInteger                          n,
+        BigInteger                          h,
+        byte[]                              seed)
+    {
+        super(convertCurve(curve, seed), convertPoint(g), n, h.intValue());
+        
+        this.name = name;
+    }
+
+    /**
+     * return the name of the curve the EC domain parameters belong to.
+     */
+    public String getName()
+    {
+        return name;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java b/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java
new file mode 100644
index 0000000..e774a11
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java
@@ -0,0 +1,121 @@
+package org.bouncycastle.jce.spec;
+
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.ECPoint;
+
+import java.math.BigInteger;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * basic domain parameters for an Elliptic Curve public or private key.
+ */
+public class ECParameterSpec
+    implements AlgorithmParameterSpec
+{
+    private ECCurve     curve;
+    private byte[]      seed;
+    private ECPoint     G;
+    private BigInteger  n;
+    private BigInteger  h;
+
+    public ECParameterSpec(
+        ECCurve     curve,
+        ECPoint     G,
+        BigInteger  n)
+    {
+        this.curve = curve;
+        this.G = G;
+        this.n = n;
+        this.h = BigInteger.valueOf(1);
+        this.seed = null;
+    }
+
+    public ECParameterSpec(
+        ECCurve     curve,
+        ECPoint     G,
+        BigInteger  n,
+        BigInteger  h)
+    {
+        this.curve = curve;
+        this.G = G;
+        this.n = n;
+        this.h = h;
+        this.seed = null;
+    }
+
+    public ECParameterSpec(
+        ECCurve     curve,
+        ECPoint     G,
+        BigInteger  n,
+        BigInteger  h,
+        byte[]      seed)
+    {
+        this.curve = curve;
+        this.G = G;
+        this.n = n;
+        this.h = h;
+        this.seed = seed;
+    }
+
+    /**
+     * return the curve along which the base point lies.
+     * @return the curve
+     */
+    public ECCurve getCurve()
+    {
+        return curve;
+    }
+
+    /**
+     * return the base point we are using for these domain parameters.
+     * @return the base point.
+     */
+    public ECPoint getG()
+    {
+        return G;
+    }
+
+    /**
+     * return the order N of G
+     * @return the order
+     */
+    public BigInteger getN()
+    {
+        return n;
+    }
+
+    /**
+     * return the cofactor H to the order of G.
+     * @return the cofactor
+     */
+    public BigInteger getH()
+    {
+        return h;
+    }
+
+    /**
+     * return the seed used to generate this curve (if available).
+     * @return the random seed
+     */
+    public byte[] getSeed()
+    {
+        return seed;
+    }
+
+    public boolean equals(Object o)
+    {
+        if (!(o instanceof ECParameterSpec))
+        {
+            return false;
+        }
+
+        ECParameterSpec other = (ECParameterSpec)o;
+
+        return this.getCurve().equals(other.getCurve()) && this.getG().equals(other.getG());
+    }
+
+    public int hashCode()
+    {
+        return this.getCurve().hashCode() ^ this.getG().hashCode();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java b/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java
new file mode 100644
index 0000000..27885c4
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java
@@ -0,0 +1,35 @@
+package org.bouncycastle.jce.spec;
+
+import java.math.BigInteger;
+
+/**
+ * Elliptic Curve private key specification.
+ */
+public class ECPrivateKeySpec
+    extends ECKeySpec
+{
+    private BigInteger    d;
+
+    /**
+     * base constructor
+     *
+     * @param d the private number for the key.
+     * @param spec the domain parameters for the curve being used.
+     */
+    public ECPrivateKeySpec(
+        BigInteger      d,
+        ECParameterSpec spec)
+    {
+        super(spec);
+
+        this.d = d;
+    }
+
+    /**
+     * return the private number D
+     */
+    public BigInteger getD()
+    {
+        return d;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java b/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java
new file mode 100644
index 0000000..debab00
--- /dev/null
+++ b/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java
@@ -0,0 +1,35 @@
+package org.bouncycastle.jce.spec;
+
+import org.bouncycastle.math.ec.ECPoint;
+
+/**
+ * Elliptic Curve public key specification
+ */
+public class ECPublicKeySpec
+    extends ECKeySpec
+{
+    private ECPoint    q;
+
+    /**
+     * base constructor
+     *
+     * @param q the public point on the curve.
+     * @param spec the domain parameters for the curve.
+     */
+    public ECPublicKeySpec(
+        ECPoint         q,
+        ECParameterSpec spec)
+    {
+        super(spec);
+
+        this.q = q;
+    }
+
+    /**
+     * return the public point q
+     */
+    public ECPoint getQ()
+    {
+        return q;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java b/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java
new file mode 100644
index 0000000..78a7a8f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECAlgorithms.java
@@ -0,0 +1,92 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+public class ECAlgorithms
+{
+    public static ECPoint sumOfTwoMultiplies(ECPoint P, BigInteger a,
+        ECPoint Q, BigInteger b)
+    {
+        ECCurve c = P.getCurve();
+        if (!c.equals(Q.getCurve()))
+        {
+            throw new IllegalArgumentException("P and Q must be on same curve");
+        }
+
+        // Point multiplication for Koblitz curves (using WTNAF) beats Shamir's trick
+        if (c instanceof ECCurve.F2m)
+        {
+            ECCurve.F2m f2mCurve = (ECCurve.F2m)c;
+            if (f2mCurve.isKoblitz())
+            {
+                return P.multiply(a).add(Q.multiply(b));
+            }
+        }
+
+        return implShamirsTrick(P, a, Q, b);
+    }
+
+    /*
+     * "Shamir's Trick", originally due to E. G. Straus
+     * (Addition chains of vectors. American Mathematical Monthly,
+     * 71(7):806-808, Aug./Sept. 1964)
+     * <pre>
+     * Input: The points P, Q, scalar k = (km?, ... , k1, k0)
+     * and scalar l = (lm?, ... , l1, l0).
+     * Output: R = k * P + l * Q.
+     * 1: Z <- P + Q
+     * 2: R <- O
+     * 3: for i from m-1 down to 0 do
+     * 4:        R <- R + R        {point doubling}
+     * 5:        if (ki = 1) and (li = 0) then R <- R + P end if
+     * 6:        if (ki = 0) and (li = 1) then R <- R + Q end if
+     * 7:        if (ki = 1) and (li = 1) then R <- R + Z end if
+     * 8: end for
+     * 9: return R
+     * </pre>
+     */
+    public static ECPoint shamirsTrick(ECPoint P, BigInteger k,
+        ECPoint Q, BigInteger l)
+    {
+        if (!P.getCurve().equals(Q.getCurve()))
+        {
+            throw new IllegalArgumentException("P and Q must be on same curve");
+        }
+
+        return implShamirsTrick(P, k, Q, l);
+    }
+
+    private static ECPoint implShamirsTrick(ECPoint P, BigInteger k,
+        ECPoint Q, BigInteger l)
+    {
+        int m = Math.max(k.bitLength(), l.bitLength());
+        ECPoint Z = P.add(Q);
+        ECPoint R = P.getCurve().getInfinity();
+
+        for (int i = m - 1; i >= 0; --i)
+        {
+            R = R.twice();
+
+            if (k.testBit(i))
+            {
+                if (l.testBit(i))
+                {
+                    R = R.add(Z);
+                }
+                else
+                {
+                    R = R.add(P);
+                }
+            }
+            else
+            {
+                if (l.testBit(i))
+                {
+                    R = R.add(Q);
+                }
+            }
+        }
+
+        return R;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECConstants.java b/src/main/java/org/bouncycastle/math/ec/ECConstants.java
new file mode 100644
index 0000000..864f746
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECConstants.java
@@ -0,0 +1,12 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+public interface ECConstants
+{
+    public static final BigInteger ZERO = BigInteger.valueOf(0);
+    public static final BigInteger ONE = BigInteger.valueOf(1);
+    public static final BigInteger TWO = BigInteger.valueOf(2);
+    public static final BigInteger THREE = BigInteger.valueOf(3);
+    public static final BigInteger FOUR = BigInteger.valueOf(4);
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/src/main/java/org/bouncycastle/math/ec/ECCurve.java
new file mode 100644
index 0000000..c984104
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECCurve.java
@@ -0,0 +1,668 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+import java.util.Random;
+
+/**
+ * base class for an elliptic curve
+ */
+public abstract class ECCurve
+{
+    ECFieldElement a, b;
+
+    public abstract int getFieldSize();
+
+    public abstract ECFieldElement fromBigInteger(BigInteger x);
+
+    public abstract ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression);
+
+    public abstract ECPoint decodePoint(byte[] encoded);
+
+    public abstract ECPoint getInfinity();
+
+    public ECFieldElement getA()
+    {
+        return a;
+    }
+
+    public ECFieldElement getB()
+    {
+        return b;
+    }
+
+    /**
+     * Elliptic curve over Fp
+     */
+    public static class Fp extends ECCurve
+    {
+        BigInteger q;
+        ECPoint.Fp infinity;
+
+        public Fp(BigInteger q, BigInteger a, BigInteger b)
+        {
+            this.q = q;
+            this.a = fromBigInteger(a);
+            this.b = fromBigInteger(b);
+            this.infinity = new ECPoint.Fp(this, null, null);
+        }
+
+        public BigInteger getQ()
+        {
+            return q;
+        }
+
+        public int getFieldSize()
+        {
+            return q.bitLength();
+        }
+
+        public ECFieldElement fromBigInteger(BigInteger x)
+        {
+            return new ECFieldElement.Fp(this.q, x);
+        }
+
+        public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression)
+        {
+            return new ECPoint.Fp(this, fromBigInteger(x), fromBigInteger(y), withCompression);
+        }
+
+        /**
+         * Decode a point on this curve from its ASN.1 encoding. The different
+         * encodings are taken account of, including point compression for
+         * <code>F<sub>p</sub></code> (X9.62 s 4.2.1 pg 17).
+         * @return The decoded point.
+         */
+        public ECPoint decodePoint(byte[] encoded)
+        {
+            ECPoint p = null;
+
+            switch (encoded[0])
+            {
+                // infinity
+            case 0x00:
+                if (encoded.length > 1)
+                {
+                    throw new RuntimeException("Invalid point encoding");
+                }
+                p = getInfinity();
+                break;
+                // compressed
+            case 0x02:
+            case 0x03:
+                int ytilde = encoded[0] & 1;
+                byte[]  i = new byte[encoded.length - 1];
+
+                System.arraycopy(encoded, 1, i, 0, i.length);
+
+                ECFieldElement x = new ECFieldElement.Fp(this.q, new BigInteger(1, i));
+                ECFieldElement alpha = x.multiply(x.square().add(a)).add(b);
+                ECFieldElement beta = alpha.sqrt();
+
+                //
+                // if we can't find a sqrt we haven't got a point on the
+                // curve - run!
+                //
+                if (beta == null)
+                {
+                    throw new RuntimeException("Invalid point compression");
+                }
+
+                int bit0 = (beta.toBigInteger().testBit(0) ? 1 : 0);
+
+                if (bit0 == ytilde)
+                {
+                    p = new ECPoint.Fp(this, x, beta, true);
+                }
+                else
+                {
+                    p = new ECPoint.Fp(this, x,
+                        new ECFieldElement.Fp(this.q, q.subtract(beta.toBigInteger())), true);
+                }
+                break;
+                // uncompressed
+            case 0x04:
+                // hybrid
+            case 0x06:
+            case 0x07:
+                byte[]  xEnc = new byte[(encoded.length - 1) / 2];
+                byte[]  yEnc = new byte[(encoded.length - 1) / 2];
+
+                System.arraycopy(encoded, 1, xEnc, 0, xEnc.length);
+                System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length);
+
+                p = new ECPoint.Fp(this,
+                        new ECFieldElement.Fp(this.q, new BigInteger(1, xEnc)),
+                        new ECFieldElement.Fp(this.q, new BigInteger(1, yEnc)));
+                break;
+            default:
+                throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16));
+            }
+
+            return p;
+        }
+
+        public ECPoint getInfinity()
+        {
+            return infinity;
+        }
+
+        public boolean equals(
+            Object anObject) 
+        {
+            if (anObject == this) 
+            {
+                return true;
+            }
+
+            if (!(anObject instanceof ECCurve.Fp)) 
+            {
+                return false;
+            }
+
+            ECCurve.Fp other = (ECCurve.Fp) anObject;
+
+            return this.q.equals(other.q) 
+                    && a.equals(other.a) && b.equals(other.b);
+        }
+
+        public int hashCode() 
+        {
+            return a.hashCode() ^ b.hashCode() ^ q.hashCode();
+        }
+    }
+
+    /**
+     * Elliptic curves over F2m. The Weierstrass equation is given by
+     * <code>y<sup>2</sup> + xy = x<sup>3</sup> + ax<sup>2</sup> + b</code>.
+     */
+    public static class F2m extends ECCurve
+    {
+        /**
+         * The exponent <code>m</code> of <code>F<sub>2<sup>m</sup></sub></code>.
+         */
+        private int m;  // can't be final - JDK 1.1
+
+        /**
+         * TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
+         * x<sup>k</sup> + 1</code> represents the reduction polynomial
+         * <code>f(z)</code>.<br>
+         * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.<br>
+         */
+        private int k1;  // can't be final - JDK 1.1
+
+        /**
+         * TPB: Always set to <code>0</code><br>
+         * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.<br>
+         */
+        private int k2;  // can't be final - JDK 1.1
+
+        /**
+         * TPB: Always set to <code>0</code><br>
+         * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.<br>
+         */
+        private int k3;  // can't be final - JDK 1.1
+
+        /**
+         * The order of the base point of the curve.
+         */
+        private BigInteger n;  // can't be final - JDK 1.1
+
+        /**
+         * The cofactor of the curve.
+         */
+        private BigInteger h;  // can't be final - JDK 1.1
+        
+         /**
+         * The point at infinity on this curve.
+         */
+        private ECPoint.F2m infinity;  // can't be final - JDK 1.1
+
+        /**
+         * The parameter <code>&mu;</code> of the elliptic curve if this is
+         * a Koblitz curve.
+         */
+        private byte mu = 0;
+
+        /**
+         * The auxiliary values <code>s<sub>0</sub></code> and
+         * <code>s<sub>1</sub></code> used for partial modular reduction for
+         * Koblitz curves.
+         */
+        private BigInteger[] si = null;
+
+        /**
+         * Constructor for Trinomial Polynomial Basis (TPB).
+         * @param m  The exponent <code>m</code> of
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param k The integer <code>k</code> where <code>x<sup>m</sup> +
+         * x<sup>k</sup> + 1</code> represents the reduction
+         * polynomial <code>f(z)</code>.
+         * @param a The coefficient <code>a</code> in the Weierstrass equation
+         * for non-supersingular elliptic curves over
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param b The coefficient <code>b</code> in the Weierstrass equation
+         * for non-supersingular elliptic curves over
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         */
+        public F2m(
+            int m,
+            int k,
+            BigInteger a,
+            BigInteger b)
+        {
+            this(m, k, 0, 0, a, b, null, null);
+        }
+
+        /**
+         * Constructor for Trinomial Polynomial Basis (TPB).
+         * @param m  The exponent <code>m</code> of
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param k The integer <code>k</code> where <code>x<sup>m</sup> +
+         * x<sup>k</sup> + 1</code> represents the reduction
+         * polynomial <code>f(z)</code>.
+         * @param a The coefficient <code>a</code> in the Weierstrass equation
+         * for non-supersingular elliptic curves over
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param b The coefficient <code>b</code> in the Weierstrass equation
+         * for non-supersingular elliptic curves over
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param n The order of the main subgroup of the elliptic curve.
+         * @param h The cofactor of the elliptic curve, i.e.
+         * <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
+         */
+        public F2m(
+            int m, 
+            int k, 
+            BigInteger a, 
+            BigInteger b,
+            BigInteger n,
+            BigInteger h)
+        {
+            this(m, k, 0, 0, a, b, n, h);
+        }
+
+        /**
+         * Constructor for Pentanomial Polynomial Basis (PPB).
+         * @param m  The exponent <code>m</code> of
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.
+         * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.
+         * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.
+         * @param a The coefficient <code>a</code> in the Weierstrass equation
+         * for non-supersingular elliptic curves over
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param b The coefficient <code>b</code> in the Weierstrass equation
+         * for non-supersingular elliptic curves over
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         */
+        public F2m(
+            int m,
+            int k1,
+            int k2,
+            int k3,
+            BigInteger a,
+            BigInteger b)
+        {
+            this(m, k1, k2, k3, a, b, null, null);
+        }
+
+        /**
+         * Constructor for Pentanomial Polynomial Basis (PPB).
+         * @param m  The exponent <code>m</code> of
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.
+         * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.
+         * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.
+         * @param a The coefficient <code>a</code> in the Weierstrass equation
+         * for non-supersingular elliptic curves over
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param b The coefficient <code>b</code> in the Weierstrass equation
+         * for non-supersingular elliptic curves over
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param n The order of the main subgroup of the elliptic curve.
+         * @param h The cofactor of the elliptic curve, i.e.
+         * <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
+         */
+        public F2m(
+            int m, 
+            int k1, 
+            int k2, 
+            int k3,
+            BigInteger a, 
+            BigInteger b,
+            BigInteger n,
+            BigInteger h)
+        {
+            this.m = m;
+            this.k1 = k1;
+            this.k2 = k2;
+            this.k3 = k3;
+            this.n = n;
+            this.h = h;
+
+            if (k1 == 0)
+            {
+                throw new IllegalArgumentException("k1 must be > 0");
+            }
+
+            if (k2 == 0)
+            {
+                if (k3 != 0)
+                {
+                    throw new IllegalArgumentException("k3 must be 0 if k2 == 0");
+                }
+            }
+            else
+            {
+                if (k2 <= k1)
+                {
+                    throw new IllegalArgumentException("k2 must be > k1");
+                }
+
+                if (k3 <= k2)
+                {
+                    throw new IllegalArgumentException("k3 must be > k2");
+                }
+            }
+
+            this.a = fromBigInteger(a);
+            this.b = fromBigInteger(b);
+            this.infinity = new ECPoint.F2m(this, null, null);
+        }
+
+        public int getFieldSize()
+        {
+            return m;
+        }
+
+        public ECFieldElement fromBigInteger(BigInteger x)
+        {
+            return new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3, x);
+        }
+
+        public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression)
+        {
+            return new ECPoint.F2m(this, fromBigInteger(x), fromBigInteger(y), withCompression);
+        }
+
+        /* (non-Javadoc)
+         * @see org.bouncycastle.math.ec.ECCurve#decodePoint(byte[])
+         */
+        public ECPoint decodePoint(byte[] encoded)
+        {
+            ECPoint p = null;
+
+            switch (encoded[0])
+            {
+                // infinity
+            case 0x00:
+                if (encoded.length > 1)
+                {
+                    throw new RuntimeException("Invalid point encoding");
+                }
+                p = getInfinity();
+                break;
+                // compressed
+            case 0x02:
+            case 0x03:
+                byte[] enc = new byte[encoded.length - 1];
+                System.arraycopy(encoded, 1, enc, 0, enc.length);
+                if (encoded[0] == 0x02) 
+                {
+                        p = decompressPoint(enc, 0);
+                }
+                else 
+                {
+                        p = decompressPoint(enc, 1);
+                }
+                break;
+                // uncompressed
+            case 0x04:
+                // hybrid
+            case 0x06:
+            case 0x07:
+                byte[] xEnc = new byte[(encoded.length - 1) / 2];
+                byte[] yEnc = new byte[(encoded.length - 1) / 2];
+
+                System.arraycopy(encoded, 1, xEnc, 0, xEnc.length);
+                System.arraycopy(encoded, xEnc.length + 1, yEnc, 0, yEnc.length);
+
+                p = new ECPoint.F2m(this,
+                    new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3,
+                        new BigInteger(1, xEnc)),
+                    new ECFieldElement.F2m(this.m, this.k1, this.k2, this.k3,
+                        new BigInteger(1, yEnc)), false);
+                break;
+
+            default:
+                throw new RuntimeException("Invalid point encoding 0x" + Integer.toString(encoded[0], 16));
+            }
+
+            return p;
+        }
+
+        public ECPoint getInfinity()
+        {
+            return infinity;
+        }
+
+        /**
+         * Returns true if this is a Koblitz curve (ABC curve).
+         * @return true if this is a Koblitz curve (ABC curve), false otherwise
+         */
+        public boolean isKoblitz()
+        {
+            return ((n != null) && (h != null) &&
+                    ((a.toBigInteger().equals(ECConstants.ZERO)) ||
+                    (a.toBigInteger().equals(ECConstants.ONE))) &&
+                    (b.toBigInteger().equals(ECConstants.ONE)));
+        }
+
+        /**
+         * Returns the parameter <code>&mu;</code> of the elliptic curve.
+         * @return <code>&mu;</code> of the elliptic curve.
+         * @throws IllegalArgumentException if the given ECCurve is not a
+         * Koblitz curve.
+         */
+        synchronized byte getMu()
+        {
+            if (mu == 0)
+            {
+                mu = Tnaf.getMu(this);
+            }
+            return mu;
+        }
+
+        /**
+         * @return the auxiliary values <code>s<sub>0</sub></code> and
+         * <code>s<sub>1</sub></code> used for partial modular reduction for
+         * Koblitz curves.
+         */
+        synchronized BigInteger[] getSi()
+        {
+            if (si == null)
+            {
+                si = Tnaf.getSi(this);
+            }
+            return si;
+        }
+
+        /**
+         * Decompresses a compressed point P = (xp, yp) (X9.62 s 4.2.2).
+         * 
+         * @param xEnc
+         *            The encoding of field element xp.
+         * @param ypBit
+         *            ~yp, an indication bit for the decompression of yp.
+         * @return the decompressed point.
+         */
+        private ECPoint decompressPoint(
+            byte[] xEnc, 
+            int ypBit)
+        {
+            ECFieldElement xp = new ECFieldElement.F2m(
+                    this.m, this.k1, this.k2, this.k3, new BigInteger(1, xEnc));
+            ECFieldElement yp = null;
+            if (xp.toBigInteger().equals(ECConstants.ZERO))
+            {
+                yp = (ECFieldElement.F2m)b;
+                for (int i = 0; i < m - 1; i++)
+                {
+                    yp = yp.square();
+                }
+            }
+            else
+            {
+                ECFieldElement beta = xp.add(a).add(
+                        b.multiply(xp.square().invert()));
+                ECFieldElement z = solveQuadradicEquation(beta);
+                if (z == null)
+                {
+                    throw new RuntimeException("Invalid point compression");
+                }
+                int zBit = 0;
+                if (z.toBigInteger().testBit(0))
+                {
+                    zBit = 1;
+                }
+                if (zBit != ypBit)
+                {
+                    z = z.add(new ECFieldElement.F2m(this.m, this.k1, this.k2,
+                            this.k3, ECConstants.ONE));
+                }
+                yp = xp.multiply(z);
+            }
+            
+            return new ECPoint.F2m(this, xp, yp);
+        }
+        
+        /**
+         * Solves a quadratic equation <code>z<sup>2</sup> + z = beta</code>(X9.62
+         * D.1.6) The other solution is <code>z + 1</code>.
+         * 
+         * @param beta
+         *            The value to solve the qradratic equation for.
+         * @return the solution for <code>z<sup>2</sup> + z = beta</code> or
+         *         <code>null</code> if no solution exists.
+         */
+        private ECFieldElement solveQuadradicEquation(ECFieldElement beta)
+        {
+            ECFieldElement zeroElement = new ECFieldElement.F2m(
+                    this.m, this.k1, this.k2, this.k3, ECConstants.ZERO);
+
+            if (beta.toBigInteger().equals(ECConstants.ZERO))
+            {
+                return zeroElement;
+            }
+
+            ECFieldElement z = null;
+            ECFieldElement gamma = zeroElement;
+
+            Random rand = new Random();
+            do
+            {
+                ECFieldElement t = new ECFieldElement.F2m(this.m, this.k1,
+                        this.k2, this.k3, new BigInteger(m, rand));
+                z = zeroElement;
+                ECFieldElement w = beta;
+                for (int i = 1; i <= m - 1; i++)
+                {
+                    ECFieldElement w2 = w.square();
+                    z = z.square().add(w2.multiply(t));
+                    w = w2.add(beta);
+                }
+                if (!w.toBigInteger().equals(ECConstants.ZERO))
+                {
+                    return null;
+                }
+                gamma = z.square().add(z);
+            }
+            while (gamma.toBigInteger().equals(ECConstants.ZERO));
+
+            return z;
+        }
+        
+        public boolean equals(
+            Object anObject)
+        {
+            if (anObject == this) 
+            {
+                return true;
+            }
+
+            if (!(anObject instanceof ECCurve.F2m)) 
+            {
+                return false;
+            }
+
+            ECCurve.F2m other = (ECCurve.F2m)anObject;
+            
+            return (this.m == other.m) && (this.k1 == other.k1)
+                && (this.k2 == other.k2) && (this.k3 == other.k3)
+                && a.equals(other.a) && b.equals(other.b);
+        }
+
+        public int hashCode()
+        {
+            return this.a.hashCode() ^ this.b.hashCode() ^ m ^ k1 ^ k2 ^ k3;
+        }
+
+        public int getM()
+        {
+            return m;
+        }
+
+        /**
+         * Return true if curve uses a Trinomial basis.
+         * 
+         * @return true if curve Trinomial, false otherwise.
+         */
+        public boolean isTrinomial()
+        {
+            return k2 == 0 && k3 == 0;
+        }
+        
+        public int getK1()
+        {
+            return k1;
+        }
+
+        public int getK2()
+        {
+            return k2;
+        }
+
+        public int getK3()
+        {
+            return k3;
+        }
+
+        public BigInteger getN()
+        {
+            return n;
+        }
+
+        public BigInteger getH()
+        {
+            return h;
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java b/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java
new file mode 100644
index 0000000..b5e9aa5
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECFieldElement.java
@@ -0,0 +1,1196 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+import java.util.Random;
+
+public abstract class ECFieldElement
+    implements ECConstants
+{
+
+    public abstract BigInteger     toBigInteger();
+    public abstract String         getFieldName();
+    public abstract int            getFieldSize();
+    public abstract ECFieldElement add(ECFieldElement b);
+    public abstract ECFieldElement subtract(ECFieldElement b);
+    public abstract ECFieldElement multiply(ECFieldElement b);
+    public abstract ECFieldElement divide(ECFieldElement b);
+    public abstract ECFieldElement negate();
+    public abstract ECFieldElement square();
+    public abstract ECFieldElement invert();
+    public abstract ECFieldElement sqrt();
+
+    public String toString()
+    {
+        return this.toBigInteger().toString(2);
+    }
+
+    public static class Fp extends ECFieldElement
+    {
+        BigInteger x;
+
+        BigInteger q;
+        
+        public Fp(BigInteger q, BigInteger x)
+        {
+            this.x = x;
+            
+            if (x.compareTo(q) >= 0)
+            {
+                throw new IllegalArgumentException("x value too large in field element");
+            }
+
+            this.q = q;
+        }
+
+        public BigInteger toBigInteger()
+        {
+            return x;
+        }
+
+        /**
+         * return the field name for this field.
+         *
+         * @return the string "Fp".
+         */
+        public String getFieldName()
+        {
+            return "Fp";
+        }
+
+        public int getFieldSize()
+        {
+            return q.bitLength();
+        }
+
+        public BigInteger getQ()
+        {
+            return q;
+        }
+        
+        public ECFieldElement add(ECFieldElement b)
+        {
+            return new Fp(q, x.add(b.toBigInteger()).mod(q));
+        }
+
+        public ECFieldElement subtract(ECFieldElement b)
+        {
+            return new Fp(q, x.subtract(b.toBigInteger()).mod(q));
+        }
+
+        public ECFieldElement multiply(ECFieldElement b)
+        {
+            return new Fp(q, x.multiply(b.toBigInteger()).mod(q));
+        }
+
+        public ECFieldElement divide(ECFieldElement b)
+        {
+            return new Fp(q, x.multiply(b.toBigInteger().modInverse(q)).mod(q));
+        }
+
+        public ECFieldElement negate()
+        {
+            return new Fp(q, x.negate().mod(q));
+        }
+
+        public ECFieldElement square()
+        {
+            return new Fp(q, x.multiply(x).mod(q));
+        }
+
+        public ECFieldElement invert()
+        {
+            return new Fp(q, x.modInverse(q));
+        }
+
+        // D.1.4 91
+        /**
+         * return a sqrt root - the routine verifies that the calculation
+         * returns the right value - if none exists it returns null.
+         */
+        public ECFieldElement sqrt()
+        {
+            if (!q.testBit(0))
+            {
+                throw new RuntimeException("not done yet");
+            }
+
+            // note: even though this class implements ECConstants don't be tempted to
+            // remove the explicit declaration, some J2ME environments don't cope.
+            // p mod 4 == 3
+            if (q.testBit(1))
+            {
+                // z = g^(u+1) + p, p = 4u + 3
+                ECFieldElement z = new Fp(q, x.modPow(q.shiftRight(2).add(ECConstants.ONE), q));
+
+                return z.square().equals(this) ? z : null;
+            }
+
+            // p mod 4 == 1
+            BigInteger qMinusOne = q.subtract(ECConstants.ONE);
+
+            BigInteger legendreExponent = qMinusOne.shiftRight(1);
+            if (!(x.modPow(legendreExponent, q).equals(ECConstants.ONE)))
+            {
+                return null;
+            }
+
+            BigInteger u = qMinusOne.shiftRight(2);
+            BigInteger k = u.shiftLeft(1).add(ECConstants.ONE);
+
+            BigInteger Q = this.x;
+            BigInteger fourQ = Q.shiftLeft(2).mod(q);
+
+            BigInteger U, V;
+            Random rand = new Random();
+            do
+            {
+                BigInteger P;
+                do
+                {
+                    P = new BigInteger(q.bitLength(), rand);
+                }
+                while (P.compareTo(q) >= 0
+                    || !(P.multiply(P).subtract(fourQ).modPow(legendreExponent, q).equals(qMinusOne)));
+
+                BigInteger[] result = lucasSequence(q, P, Q, k);
+                U = result[0];
+                V = result[1];
+
+                if (V.multiply(V).mod(q).equals(fourQ))
+                {
+                    // Integer division by 2, mod q
+                    if (V.testBit(0))
+                    {
+                        V = V.add(q);
+                    }
+
+                    V = V.shiftRight(1);
+
+                    //assert V.multiply(V).mod(q).equals(x);
+
+                    return new ECFieldElement.Fp(q, V);
+                }
+            }
+            while (U.equals(ECConstants.ONE) || U.equals(qMinusOne));
+
+            return null;
+
+//            BigInteger qMinusOne = q.subtract(ECConstants.ONE);
+//            BigInteger legendreExponent = qMinusOne.shiftRight(1); //divide(ECConstants.TWO);
+//            if (!(x.modPow(legendreExponent, q).equals(ECConstants.ONE)))
+//            {
+//                return null;
+//            }
+//
+//            Random rand = new Random();
+//            BigInteger fourX = x.shiftLeft(2);
+//
+//            BigInteger r;
+//            do
+//            {
+//                r = new BigInteger(q.bitLength(), rand);
+//            }
+//            while (r.compareTo(q) >= 0
+//                || !(r.multiply(r).subtract(fourX).modPow(legendreExponent, q).equals(qMinusOne)));
+//
+//            BigInteger n1 = qMinusOne.shiftRight(2); //.divide(ECConstants.FOUR);
+//            BigInteger n2 = n1.add(ECConstants.ONE); //q.add(ECConstants.THREE).divide(ECConstants.FOUR);
+//
+//            BigInteger wOne = WOne(r, x, q);
+//            BigInteger wSum = W(n1, wOne, q).add(W(n2, wOne, q)).mod(q);
+//            BigInteger twoR = r.shiftLeft(1); //ECConstants.TWO.multiply(r);
+//
+//            BigInteger root = twoR.modPow(q.subtract(ECConstants.TWO), q)
+//                .multiply(x).mod(q)
+//                .multiply(wSum).mod(q);
+//
+//            return new Fp(q, root);
+        }
+
+//        private static BigInteger W(BigInteger n, BigInteger wOne, BigInteger p)
+//        {
+//            if (n.equals(ECConstants.ONE))
+//            {
+//                return wOne;
+//            }
+//            boolean isEven = !n.testBit(0);
+//            n = n.shiftRight(1);//divide(ECConstants.TWO);
+//            if (isEven)
+//            {
+//                BigInteger w = W(n, wOne, p);
+//                return w.multiply(w).subtract(ECConstants.TWO).mod(p);
+//            }
+//            BigInteger w1 = W(n.add(ECConstants.ONE), wOne, p);
+//            BigInteger w2 = W(n, wOne, p);
+//            return w1.multiply(w2).subtract(wOne).mod(p);
+//        }
+//
+//        private BigInteger WOne(BigInteger r, BigInteger x, BigInteger p)
+//        {
+//            return r.multiply(r).multiply(x.modPow(q.subtract(ECConstants.TWO), q)).subtract(ECConstants.TWO).mod(p);
+//        }
+
+        private static BigInteger[] lucasSequence(
+            BigInteger  p,
+            BigInteger  P,
+            BigInteger  Q,
+            BigInteger  k)
+        {
+            int n = k.bitLength();
+            int s = k.getLowestSetBit();
+
+            BigInteger Uh = ECConstants.ONE;
+            BigInteger Vl = ECConstants.TWO;
+            BigInteger Vh = P;
+            BigInteger Ql = ECConstants.ONE;
+            BigInteger Qh = ECConstants.ONE;
+
+            for (int j = n - 1; j >= s + 1; --j)
+            {
+                Ql = Ql.multiply(Qh).mod(p);
+
+                if (k.testBit(j))
+                {
+                    Qh = Ql.multiply(Q).mod(p);
+                    Uh = Uh.multiply(Vh).mod(p);
+                    Vl = Vh.multiply(Vl).subtract(P.multiply(Ql)).mod(p);
+                    Vh = Vh.multiply(Vh).subtract(Qh.shiftLeft(1)).mod(p);
+                }
+                else
+                {
+                    Qh = Ql;
+                    Uh = Uh.multiply(Vl).subtract(Ql).mod(p);
+                    Vh = Vh.multiply(Vl).subtract(P.multiply(Ql)).mod(p);
+                    Vl = Vl.multiply(Vl).subtract(Ql.shiftLeft(1)).mod(p);
+                }
+            }
+
+            Ql = Ql.multiply(Qh).mod(p);
+            Qh = Ql.multiply(Q).mod(p);
+            Uh = Uh.multiply(Vl).subtract(Ql).mod(p);
+            Vl = Vh.multiply(Vl).subtract(P.multiply(Ql)).mod(p);
+            Ql = Ql.multiply(Qh).mod(p);
+
+            for (int j = 1; j <= s; ++j)
+            {
+                Uh = Uh.multiply(Vl).mod(p);
+                Vl = Vl.multiply(Vl).subtract(Ql.shiftLeft(1)).mod(p);
+                Ql = Ql.multiply(Ql).mod(p);
+            }
+
+            return new BigInteger[]{ Uh, Vl };
+        }
+        
+        public boolean equals(Object other)
+        {
+            if (other == this)
+            {
+                return true;
+            }
+
+            if (!(other instanceof ECFieldElement.Fp))
+            {
+                return false;
+            }
+            
+            ECFieldElement.Fp o = (ECFieldElement.Fp)other;
+            return q.equals(o.q) && x.equals(o.x);
+        }
+
+        public int hashCode()
+        {
+            return q.hashCode() ^ x.hashCode();
+        }
+    }
+
+//    /**
+//     * Class representing the Elements of the finite field
+//     * <code>F<sub>2<sup>m</sup></sub></code> in polynomial basis (PB)
+//     * representation. Both trinomial (TPB) and pentanomial (PPB) polynomial
+//     * basis representations are supported. Gaussian normal basis (GNB)
+//     * representation is not supported.
+//     */
+//    public static class F2m extends ECFieldElement
+//    {
+//        BigInteger x;
+//
+//        /**
+//         * Indicates gaussian normal basis representation (GNB). Number chosen
+//         * according to X9.62. GNB is not implemented at present.
+//         */
+//        public static final int GNB = 1;
+//
+//        /**
+//         * Indicates trinomial basis representation (TPB). Number chosen
+//         * according to X9.62.
+//         */
+//        public static final int TPB = 2;
+//
+//        /**
+//         * Indicates pentanomial basis representation (PPB). Number chosen
+//         * according to X9.62.
+//         */
+//        public static final int PPB = 3;
+//
+//        /**
+//         * TPB or PPB.
+//         */
+//        private int representation;
+//
+//        /**
+//         * The exponent <code>m</code> of <code>F<sub>2<sup>m</sup></sub></code>.
+//         */
+//        private int m;
+//
+//        /**
+//         * TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
+//         * x<sup>k</sup> + 1</code> represents the reduction polynomial
+//         * <code>f(z)</code>.<br>
+//         * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
+//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+//         * represents the reduction polynomial <code>f(z)</code>.<br>
+//         */
+//        private int k1;
+//
+//        /**
+//         * TPB: Always set to <code>0</code><br>
+//         * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
+//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+//         * represents the reduction polynomial <code>f(z)</code>.<br>
+//         */
+//        private int k2;
+//
+//        /**
+//         * TPB: Always set to <code>0</code><br>
+//         * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
+//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+//         * represents the reduction polynomial <code>f(z)</code>.<br>
+//         */
+//        private int k3;
+//        
+//        /**
+//         * Constructor for PPB.
+//         * @param m  The exponent <code>m</code> of
+//         * <code>F<sub>2<sup>m</sup></sub></code>.
+//         * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+//         * represents the reduction polynomial <code>f(z)</code>.
+//         * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
+//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+//         * represents the reduction polynomial <code>f(z)</code>.
+//         * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
+//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+//         * represents the reduction polynomial <code>f(z)</code>.
+//         * @param x The BigInteger representing the value of the field element.
+//         */
+//        public F2m(
+//            int m, 
+//            int k1, 
+//            int k2, 
+//            int k3,
+//            BigInteger x)
+//        {
+////            super(x);
+//            this.x = x;
+//
+//            if ((k2 == 0) && (k3 == 0))
+//            {
+//                this.representation = TPB;
+//            }
+//            else
+//            {
+//                if (k2 >= k3)
+//                {
+//                    throw new IllegalArgumentException(
+//                            "k2 must be smaller than k3");
+//                }
+//                if (k2 <= 0)
+//                {
+//                    throw new IllegalArgumentException(
+//                            "k2 must be larger than 0");
+//                }
+//                this.representation = PPB;
+//            }
+//
+//            if (x.signum() < 0)
+//            {
+//                throw new IllegalArgumentException("x value cannot be negative");
+//            }
+//
+//            this.m = m;
+//            this.k1 = k1;
+//            this.k2 = k2;
+//            this.k3 = k3;
+//        }
+//
+//        /**
+//         * Constructor for TPB.
+//         * @param m  The exponent <code>m</code> of
+//         * <code>F<sub>2<sup>m</sup></sub></code>.
+//         * @param k The integer <code>k</code> where <code>x<sup>m</sup> +
+//         * x<sup>k</sup> + 1</code> represents the reduction
+//         * polynomial <code>f(z)</code>.
+//         * @param x The BigInteger representing the value of the field element.
+//         */
+//        public F2m(int m, int k, BigInteger x)
+//        {
+//            // Set k1 to k, and set k2 and k3 to 0
+//            this(m, k, 0, 0, x);
+//        }
+//
+//        public BigInteger toBigInteger()
+//        {
+//            return x;
+//        }
+//
+//        public String getFieldName()
+//        {
+//            return "F2m";
+//        }
+//
+//        public int getFieldSize()
+//        {
+//            return m;
+//        }
+//
+//        /**
+//         * Checks, if the ECFieldElements <code>a</code> and <code>b</code>
+//         * are elements of the same field <code>F<sub>2<sup>m</sup></sub></code>
+//         * (having the same representation).
+//         * @param a field element.
+//         * @param b field element to be compared.
+//         * @throws IllegalArgumentException if <code>a</code> and <code>b</code>
+//         * are not elements of the same field
+//         * <code>F<sub>2<sup>m</sup></sub></code> (having the same
+//         * representation). 
+//         */
+//        public static void checkFieldElements(
+//            ECFieldElement a,
+//            ECFieldElement b)
+//        {
+//            if ((!(a instanceof F2m)) || (!(b instanceof F2m)))
+//            {
+//                throw new IllegalArgumentException("Field elements are not "
+//                        + "both instances of ECFieldElement.F2m");
+//            }
+//
+//            if ((a.toBigInteger().signum() < 0) || (b.toBigInteger().signum() < 0))
+//            {
+//                throw new IllegalArgumentException(
+//                        "x value may not be negative");
+//            }
+//
+//            ECFieldElement.F2m aF2m = (ECFieldElement.F2m)a;
+//            ECFieldElement.F2m bF2m = (ECFieldElement.F2m)b;
+//
+//            if ((aF2m.m != bF2m.m) || (aF2m.k1 != bF2m.k1)
+//                    || (aF2m.k2 != bF2m.k2) || (aF2m.k3 != bF2m.k3))
+//            {
+//                throw new IllegalArgumentException("Field elements are not "
+//                        + "elements of the same field F2m");
+//            }
+//
+//            if (aF2m.representation != bF2m.representation)
+//            {
+//                // Should never occur
+//                throw new IllegalArgumentException(
+//                        "One of the field "
+//                                + "elements are not elements has incorrect representation");
+//            }
+//        }
+//
+//        /**
+//         * Computes <code>z * a(z) mod f(z)</code>, where <code>f(z)</code> is
+//         * the reduction polynomial of <code>this</code>.
+//         * @param a The polynomial <code>a(z)</code> to be multiplied by
+//         * <code>z mod f(z)</code>.
+//         * @return <code>z * a(z) mod f(z)</code>
+//         */
+//        private BigInteger multZModF(final BigInteger a)
+//        {
+//            // Left-shift of a(z)
+//            BigInteger az = a.shiftLeft(1);
+//            if (az.testBit(this.m)) 
+//            {
+//                // If the coefficient of z^m in a(z) equals 1, reduction
+//                // modulo f(z) is performed: Add f(z) to to a(z):
+//                // Step 1: Unset mth coeffient of a(z)
+//                az = az.clearBit(this.m);
+//
+//                // Step 2: Add r(z) to a(z), where r(z) is defined as
+//                // f(z) = z^m + r(z), and k1, k2, k3 are the positions of
+//                // the non-zero coefficients in r(z)
+//                az = az.flipBit(0);
+//                az = az.flipBit(this.k1);
+//                if (this.representation == PPB) 
+//                {
+//                    az = az.flipBit(this.k2);
+//                    az = az.flipBit(this.k3);
+//                }
+//            }
+//            return az;
+//        }
+//
+//        public ECFieldElement add(final ECFieldElement b)
+//        {
+//            // No check performed here for performance reasons. Instead the
+//            // elements involved are checked in ECPoint.F2m
+//            // checkFieldElements(this, b);
+//            if (b.toBigInteger().signum() == 0)
+//            {
+//                return this;
+//            }
+//
+//            return new F2m(this.m, this.k1, this.k2, this.k3, this.x.xor(b.toBigInteger()));
+//        }
+//
+//        public ECFieldElement subtract(final ECFieldElement b)
+//        {
+//            // Addition and subtraction are the same in F2m
+//            return add(b);
+//        }
+//
+//
+//        public ECFieldElement multiply(final ECFieldElement b)
+//        {
+//            // Left-to-right shift-and-add field multiplication in F2m
+//            // Input: Binary polynomials a(z) and b(z) of degree at most m-1
+//            // Output: c(z) = a(z) * b(z) mod f(z)
+//
+//            // No check performed here for performance reasons. Instead the
+//            // elements involved are checked in ECPoint.F2m
+//            // checkFieldElements(this, b);
+//            final BigInteger az = this.x;
+//            BigInteger bz = b.toBigInteger();
+//            BigInteger cz;
+//
+//            // Compute c(z) = a(z) * b(z) mod f(z)
+//            if (az.testBit(0)) 
+//            {
+//                cz = bz;
+//            } 
+//            else 
+//            {
+//                cz = ECConstants.ZERO;
+//            }
+//
+//            for (int i = 1; i < this.m; i++) 
+//            {
+//                // b(z) := z * b(z) mod f(z)
+//                bz = multZModF(bz);
+//
+//                if (az.testBit(i)) 
+//                {
+//                    // If the coefficient of x^i in a(z) equals 1, b(z) is added
+//                    // to c(z)
+//                    cz = cz.xor(bz);
+//                }
+//            }
+//            return new ECFieldElement.F2m(m, this.k1, this.k2, this.k3, cz);
+//        }
+//
+//
+//        public ECFieldElement divide(final ECFieldElement b)
+//        {
+//            // There may be more efficient implementations
+//            ECFieldElement bInv = b.invert();
+//            return multiply(bInv);
+//        }
+//
+//        public ECFieldElement negate()
+//        {
+//            // -x == x holds for all x in F2m
+//            return this;
+//        }
+//
+//        public ECFieldElement square()
+//        {
+//            // Naive implementation, can probably be speeded up using modular
+//            // reduction
+//            return multiply(this);
+//        }
+//
+//        public ECFieldElement invert()
+//        {
+//            // Inversion in F2m using the extended Euclidean algorithm
+//            // Input: A nonzero polynomial a(z) of degree at most m-1
+//            // Output: a(z)^(-1) mod f(z)
+//
+//            // u(z) := a(z)
+//            BigInteger uz = this.x;
+//            if (uz.signum() <= 0) 
+//            {
+//                throw new ArithmeticException("x is zero or negative, " +
+//                        "inversion is impossible");
+//            }
+//
+//            // v(z) := f(z)
+//            BigInteger vz = ECConstants.ZERO.setBit(m);
+//            vz = vz.setBit(0);
+//            vz = vz.setBit(this.k1);
+//            if (this.representation == PPB) 
+//            {
+//                vz = vz.setBit(this.k2);
+//                vz = vz.setBit(this.k3);
+//            }
+//
+//            // g1(z) := 1, g2(z) := 0
+//            BigInteger g1z = ECConstants.ONE;
+//            BigInteger g2z = ECConstants.ZERO;
+//
+//            // while u != 1
+//            while (!(uz.equals(ECConstants.ZERO))) 
+//            {
+//                // j := deg(u(z)) - deg(v(z))
+//                int j = uz.bitLength() - vz.bitLength();
+//
+//                // If j < 0 then: u(z) <-> v(z), g1(z) <-> g2(z), j := -j
+//                if (j < 0) 
+//                {
+//                    final BigInteger uzCopy = uz;
+//                    uz = vz;
+//                    vz = uzCopy;
+//
+//                    final BigInteger g1zCopy = g1z;
+//                    g1z = g2z;
+//                    g2z = g1zCopy;
+//
+//                    j = -j;
+//                }
+//
+//                // u(z) := u(z) + z^j * v(z)
+//                // Note, that no reduction modulo f(z) is required, because
+//                // deg(u(z) + z^j * v(z)) <= max(deg(u(z)), j + deg(v(z)))
+//                // = max(deg(u(z)), deg(u(z)) - deg(v(z)) + deg(v(z))
+//                // = deg(u(z))
+//                uz = uz.xor(vz.shiftLeft(j));
+//
+//                // g1(z) := g1(z) + z^j * g2(z)
+//                g1z = g1z.xor(g2z.shiftLeft(j));
+////                if (g1z.bitLength() > this.m) {
+////                    throw new ArithmeticException(
+////                            "deg(g1z) >= m, g1z = " + g1z.toString(2));
+////                }
+//            }
+//            return new ECFieldElement.F2m(
+//                    this.m, this.k1, this.k2, this.k3, g2z);
+//        }
+//
+//        public ECFieldElement sqrt()
+//        {
+//            throw new RuntimeException("Not implemented");
+//        }
+//
+//        /**
+//         * @return the representation of the field
+//         * <code>F<sub>2<sup>m</sup></sub></code>, either of
+//         * TPB (trinomial
+//         * basis representation) or
+//         * PPB (pentanomial
+//         * basis representation).
+//         */
+//        public int getRepresentation()
+//        {
+//            return this.representation;
+//        }
+//
+//        /**
+//         * @return the degree <code>m</code> of the reduction polynomial
+//         * <code>f(z)</code>.
+//         */
+//        public int getM()
+//        {
+//            return this.m;
+//        }
+//
+//        /**
+//         * @return TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
+//         * x<sup>k</sup> + 1</code> represents the reduction polynomial
+//         * <code>f(z)</code>.<br>
+//         * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
+//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+//         * represents the reduction polynomial <code>f(z)</code>.<br>
+//         */
+//        public int getK1()
+//        {
+//            return this.k1;
+//        }
+//
+//        /**
+//         * @return TPB: Always returns <code>0</code><br>
+//         * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
+//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+//         * represents the reduction polynomial <code>f(z)</code>.<br>
+//         */
+//        public int getK2()
+//        {
+//            return this.k2;
+//        }
+//
+//        /**
+//         * @return TPB: Always set to <code>0</code><br>
+//         * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
+//         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+//         * represents the reduction polynomial <code>f(z)</code>.<br>
+//         */
+//        public int getK3()
+//        {
+//            return this.k3;
+//        }
+//
+//        public boolean equals(Object anObject)
+//        {
+//            if (anObject == this) 
+//            {
+//                return true;
+//            }
+//
+//            if (!(anObject instanceof ECFieldElement.F2m)) 
+//            {
+//                return false;
+//            }
+//
+//            ECFieldElement.F2m b = (ECFieldElement.F2m)anObject;
+//            
+//            return ((this.m == b.m) && (this.k1 == b.k1) && (this.k2 == b.k2)
+//                && (this.k3 == b.k3)
+//                && (this.representation == b.representation)
+//                && (this.x.equals(b.x)));
+//        }
+//
+//        public int hashCode()
+//        {
+//            return x.hashCode() ^ m ^ k1 ^ k2 ^ k3;
+//        }
+//    }
+
+    /**
+     * Class representing the Elements of the finite field
+     * <code>F<sub>2<sup>m</sup></sub></code> in polynomial basis (PB)
+     * representation. Both trinomial (TPB) and pentanomial (PPB) polynomial
+     * basis representations are supported. Gaussian normal basis (GNB)
+     * representation is not supported.
+     */
+    public static class F2m extends ECFieldElement
+    {
+        /**
+         * Indicates gaussian normal basis representation (GNB). Number chosen
+         * according to X9.62. GNB is not implemented at present.
+         */
+        public static final int GNB = 1;
+
+        /**
+         * Indicates trinomial basis representation (TPB). Number chosen
+         * according to X9.62.
+         */
+        public static final int TPB = 2;
+
+        /**
+         * Indicates pentanomial basis representation (PPB). Number chosen
+         * according to X9.62.
+         */
+        public static final int PPB = 3;
+
+        /**
+         * TPB or PPB.
+         */
+        private int representation;
+
+        /**
+         * The exponent <code>m</code> of <code>F<sub>2<sup>m</sup></sub></code>.
+         */
+        private int m;
+
+        /**
+         * TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
+         * x<sup>k</sup> + 1</code> represents the reduction polynomial
+         * <code>f(z)</code>.<br>
+         * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.<br>
+         */
+        private int k1;
+
+        /**
+         * TPB: Always set to <code>0</code><br>
+         * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.<br>
+         */
+        private int k2;
+
+        /**
+         * TPB: Always set to <code>0</code><br>
+         * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.<br>
+         */
+        private int k3;
+
+        /**
+         * The <code>IntArray</code> holding the bits.
+         */
+        private IntArray x;
+
+        /**
+         * The number of <code>int</code>s required to hold <code>m</code> bits.
+         */
+        private int t;
+
+        /**
+         * Constructor for PPB.
+         * @param m  The exponent <code>m</code> of
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.
+         * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.
+         * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.
+         * @param x The BigInteger representing the value of the field element.
+         */
+        public F2m(
+            int m, 
+            int k1, 
+            int k2, 
+            int k3,
+            BigInteger x)
+        {
+            // t = m / 32 rounded up to the next integer
+            t = (m + 31) >> 5;
+            this.x = new IntArray(x, t);
+
+            if ((k2 == 0) && (k3 == 0))
+            {
+                this.representation = TPB;
+            }
+            else
+            {
+                if (k2 >= k3)
+                {
+                    throw new IllegalArgumentException(
+                            "k2 must be smaller than k3");
+                }
+                if (k2 <= 0)
+                {
+                    throw new IllegalArgumentException(
+                            "k2 must be larger than 0");
+                }
+                this.representation = PPB;
+            }
+
+            if (x.signum() < 0)
+            {
+                throw new IllegalArgumentException("x value cannot be negative");
+            }
+
+            this.m = m;
+            this.k1 = k1;
+            this.k2 = k2;
+            this.k3 = k3;
+        }
+
+        /**
+         * Constructor for TPB.
+         * @param m  The exponent <code>m</code> of
+         * <code>F<sub>2<sup>m</sup></sub></code>.
+         * @param k The integer <code>k</code> where <code>x<sup>m</sup> +
+         * x<sup>k</sup> + 1</code> represents the reduction
+         * polynomial <code>f(z)</code>.
+         * @param x The BigInteger representing the value of the field element.
+         */
+        public F2m(int m, int k, BigInteger x)
+        {
+            // Set k1 to k, and set k2 and k3 to 0
+            this(m, k, 0, 0, x);
+        }
+
+        private F2m(int m, int k1, int k2, int k3, IntArray x)
+        {
+            t = (m + 31) >> 5;
+            this.x = x;
+            this.m = m;
+            this.k1 = k1;
+            this.k2 = k2;
+            this.k3 = k3;
+
+            if ((k2 == 0) && (k3 == 0))
+            {
+                this.representation = TPB;
+            }
+            else
+            {
+                this.representation = PPB;
+            }
+
+        }
+
+        public BigInteger toBigInteger()
+        {
+            return x.toBigInteger();
+        }
+
+        public String getFieldName()
+        {
+            return "F2m";
+        }
+
+        public int getFieldSize()
+        {
+            return m;
+        }
+
+        /**
+         * Checks, if the ECFieldElements <code>a</code> and <code>b</code>
+         * are elements of the same field <code>F<sub>2<sup>m</sup></sub></code>
+         * (having the same representation).
+         * @param a field element.
+         * @param b field element to be compared.
+         * @throws IllegalArgumentException if <code>a</code> and <code>b</code>
+         * are not elements of the same field
+         * <code>F<sub>2<sup>m</sup></sub></code> (having the same
+         * representation). 
+         */
+        public static void checkFieldElements(
+            ECFieldElement a,
+            ECFieldElement b)
+        {
+            if ((!(a instanceof F2m)) || (!(b instanceof F2m)))
+            {
+                throw new IllegalArgumentException("Field elements are not "
+                        + "both instances of ECFieldElement.F2m");
+            }
+
+            ECFieldElement.F2m aF2m = (ECFieldElement.F2m)a;
+            ECFieldElement.F2m bF2m = (ECFieldElement.F2m)b;
+
+            if ((aF2m.m != bF2m.m) || (aF2m.k1 != bF2m.k1)
+                    || (aF2m.k2 != bF2m.k2) || (aF2m.k3 != bF2m.k3))
+            {
+                throw new IllegalArgumentException("Field elements are not "
+                        + "elements of the same field F2m");
+            }
+
+            if (aF2m.representation != bF2m.representation)
+            {
+                // Should never occur
+                throw new IllegalArgumentException(
+                        "One of the field "
+                                + "elements are not elements has incorrect representation");
+            }
+        }
+
+        public ECFieldElement add(final ECFieldElement b)
+        {
+            // No check performed here for performance reasons. Instead the
+            // elements involved are checked in ECPoint.F2m
+            // checkFieldElements(this, b);
+            IntArray iarrClone = (IntArray)this.x.clone();
+            F2m bF2m = (F2m)b;
+            iarrClone.addShifted(bF2m.x, 0);
+            return new F2m(m, k1, k2, k3, iarrClone);
+        }
+
+        public ECFieldElement subtract(final ECFieldElement b)
+        {
+            // Addition and subtraction are the same in F2m
+            return add(b);
+        }
+
+        public ECFieldElement multiply(final ECFieldElement b)
+        {
+            // Right-to-left comb multiplication in the IntArray
+            // Input: Binary polynomials a(z) and b(z) of degree at most m-1
+            // Output: c(z) = a(z) * b(z) mod f(z)
+
+            // No check performed here for performance reasons. Instead the
+            // elements involved are checked in ECPoint.F2m
+            // checkFieldElements(this, b);
+            F2m bF2m = (F2m)b;
+            IntArray mult = x.multiply(bF2m.x, m);
+            mult.reduce(m, new int[]{k1, k2, k3});
+            return new F2m(m, k1, k2, k3, mult);
+        }
+
+        public ECFieldElement divide(final ECFieldElement b)
+        {
+            // There may be more efficient implementations
+            ECFieldElement bInv = b.invert();
+            return multiply(bInv);
+        }
+
+        public ECFieldElement negate()
+        {
+            // -x == x holds for all x in F2m
+            return this;
+        }
+
+        public ECFieldElement square()
+        {
+            IntArray squared = x.square(m);
+            squared.reduce(m, new int[]{k1, k2, k3});
+            return new F2m(m, k1, k2, k3, squared);
+        }
+
+
+        public ECFieldElement invert()
+        {
+            // Inversion in F2m using the extended Euclidean algorithm
+            // Input: A nonzero polynomial a(z) of degree at most m-1
+            // Output: a(z)^(-1) mod f(z)
+
+            // u(z) := a(z)
+            IntArray uz = (IntArray)this.x.clone();
+
+            // v(z) := f(z)
+            IntArray vz = new IntArray(t);
+            vz.setBit(m);
+            vz.setBit(0);
+            vz.setBit(this.k1);
+            if (this.representation == PPB) 
+            {
+                vz.setBit(this.k2);
+                vz.setBit(this.k3);
+            }
+
+            // g1(z) := 1, g2(z) := 0
+            IntArray g1z = new IntArray(t);
+            g1z.setBit(0);
+            IntArray g2z = new IntArray(t);
+
+            // while u != 0
+            while (!uz.isZero())
+//            while (uz.getUsedLength() > 0)
+//            while (uz.bitLength() > 1)
+            {
+                // j := deg(u(z)) - deg(v(z))
+                int j = uz.bitLength() - vz.bitLength();
+
+                // If j < 0 then: u(z) <-> v(z), g1(z) <-> g2(z), j := -j
+                if (j < 0) 
+                {
+                    final IntArray uzCopy = uz;
+                    uz = vz;
+                    vz = uzCopy;
+
+                    final IntArray g1zCopy = g1z;
+                    g1z = g2z;
+                    g2z = g1zCopy;
+
+                    j = -j;
+                }
+
+                // u(z) := u(z) + z^j * v(z)
+                // Note, that no reduction modulo f(z) is required, because
+                // deg(u(z) + z^j * v(z)) <= max(deg(u(z)), j + deg(v(z)))
+                // = max(deg(u(z)), deg(u(z)) - deg(v(z)) + deg(v(z))
+                // = deg(u(z))
+                // uz = uz.xor(vz.shiftLeft(j));
+                // jInt = n / 32
+                int jInt = j >> 5;
+                // jInt = n % 32
+                int jBit = j & 0x1F;
+                IntArray vzShift = vz.shiftLeft(jBit);
+                uz.addShifted(vzShift, jInt);
+
+                // g1(z) := g1(z) + z^j * g2(z)
+//                g1z = g1z.xor(g2z.shiftLeft(j));
+                IntArray g2zShift = g2z.shiftLeft(jBit);
+                g1z.addShifted(g2zShift, jInt);
+                
+            }
+            return new ECFieldElement.F2m(
+                    this.m, this.k1, this.k2, this.k3, g2z);
+        }
+
+        public ECFieldElement sqrt()
+        {
+            throw new RuntimeException("Not implemented");
+        }
+
+        /**
+         * @return the representation of the field
+         * <code>F<sub>2<sup>m</sup></sub></code>, either of
+         * TPB (trinomial
+         * basis representation) or
+         * PPB (pentanomial
+         * basis representation).
+         */
+        public int getRepresentation()
+        {
+            return this.representation;
+        }
+
+        /**
+         * @return the degree <code>m</code> of the reduction polynomial
+         * <code>f(z)</code>.
+         */
+        public int getM()
+        {
+            return this.m;
+        }
+
+        /**
+         * @return TPB: The integer <code>k</code> where <code>x<sup>m</sup> +
+         * x<sup>k</sup> + 1</code> represents the reduction polynomial
+         * <code>f(z)</code>.<br>
+         * PPB: The integer <code>k1</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.<br>
+         */
+        public int getK1()
+        {
+            return this.k1;
+        }
+
+        /**
+         * @return TPB: Always returns <code>0</code><br>
+         * PPB: The integer <code>k2</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.<br>
+         */
+        public int getK2()
+        {
+            return this.k2;
+        }
+
+        /**
+         * @return TPB: Always set to <code>0</code><br>
+         * PPB: The integer <code>k3</code> where <code>x<sup>m</sup> +
+         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
+         * represents the reduction polynomial <code>f(z)</code>.<br>
+         */
+        public int getK3()
+        {
+            return this.k3;
+        }
+
+        public boolean equals(Object anObject)
+        {
+            if (anObject == this) 
+            {
+                return true;
+            }
+
+            if (!(anObject instanceof ECFieldElement.F2m)) 
+            {
+                return false;
+            }
+
+            ECFieldElement.F2m b = (ECFieldElement.F2m)anObject;
+            
+            return ((this.m == b.m) && (this.k1 == b.k1) && (this.k2 == b.k2)
+                && (this.k3 == b.k3)
+                && (this.representation == b.representation)
+                && (this.x.equals(b.x)));
+        }
+
+        public int hashCode()
+        {
+            return x.hashCode() ^ m ^ k1 ^ k2 ^ k3;
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECMultiplier.java b/src/main/java/org/bouncycastle/math/ec/ECMultiplier.java
new file mode 100644
index 0000000..4d72e33
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECMultiplier.java
@@ -0,0 +1,19 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Interface for classes encapsulating a point multiplication algorithm
+ * for <code>ECPoint</code>s.
+ */
+interface ECMultiplier
+{
+    /**
+     * Multiplies the <code>ECPoint p</code> by <code>k</code>, i.e.
+     * <code>p</code> is added <code>k</code> times to itself.
+     * @param p The <code>ECPoint</code> to be multiplied.
+     * @param k The factor by which <code>p</code> i multiplied.
+     * @return <code>p</code> multiplied by <code>k</code>.
+     */
+    ECPoint multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo);
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ECPoint.java b/src/main/java/org/bouncycastle/math/ec/ECPoint.java
new file mode 100644
index 0000000..b14e4c1
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ECPoint.java
@@ -0,0 +1,588 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.x9.X9IntegerConverter;
+
+/**
+ * base class for points on elliptic curves.
+ */
+public abstract class ECPoint
+{
+    ECCurve        curve;
+    ECFieldElement x;
+    ECFieldElement y;
+
+    protected boolean withCompression;
+
+    protected ECMultiplier multiplier = null;
+
+    protected PreCompInfo preCompInfo = null;
+
+    private static X9IntegerConverter converter = new X9IntegerConverter();
+
+    protected ECPoint(ECCurve curve, ECFieldElement x, ECFieldElement y)
+    {
+        this.curve = curve;
+        this.x = x;
+        this.y = y;
+    }
+    
+    public ECCurve getCurve()
+    {
+        return curve;
+    }
+    
+    public ECFieldElement getX()
+    {
+        return x;
+    }
+
+    public ECFieldElement getY()
+    {
+        return y;
+    }
+
+    public boolean isInfinity()
+    {
+        return x == null && y == null;
+    }
+
+    public boolean isCompressed()
+    {
+        return withCompression;
+    }
+
+    public boolean equals(
+        Object  other)
+    {
+        if (other == this)
+        {
+            return true;
+        }
+
+        if (!(other instanceof ECPoint))
+        {
+            return false;
+        }
+
+        ECPoint o = (ECPoint)other;
+
+        if (this.isInfinity())
+        {
+            return o.isInfinity();
+        }
+
+        return x.equals(o.x) && y.equals(o.y);
+    }
+
+    public int hashCode()
+    {
+        if (this.isInfinity())
+        {
+            return 0;
+        }
+        
+        return x.hashCode() ^ y.hashCode();
+    }
+
+//    /**
+//     * Mainly for testing. Explicitly set the <code>ECMultiplier</code>.
+//     * @param multiplier The <code>ECMultiplier</code> to be used to multiply
+//     * this <code>ECPoint</code>.
+//     */
+//    public void setECMultiplier(ECMultiplier multiplier)
+//    {
+//        this.multiplier = multiplier;
+//    }
+
+    /**
+     * Sets the <code>PreCompInfo</code>. Used by <code>ECMultiplier</code>s
+     * to save the precomputation for this <code>ECPoint</code> to store the
+     * precomputation result for use by subsequent multiplication.
+     * @param preCompInfo The values precomputed by the
+     * <code>ECMultiplier</code>.
+     */
+    void setPreCompInfo(PreCompInfo preCompInfo)
+    {
+        this.preCompInfo = preCompInfo;
+    }
+
+    public abstract byte[] getEncoded();
+
+    public abstract ECPoint add(ECPoint b);
+    public abstract ECPoint subtract(ECPoint b);
+    public abstract ECPoint negate();
+    public abstract ECPoint twice();
+
+    /**
+     * Sets the default <code>ECMultiplier</code>, unless already set. 
+     */
+    synchronized void assertECMultiplier()
+    {
+        if (this.multiplier == null)
+        {
+            this.multiplier = new FpNafMultiplier();
+        }
+    }
+
+    /**
+     * Multiplies this <code>ECPoint</code> by the given number.
+     * @param k The multiplicator.
+     * @return <code>k * this</code>.
+     */
+    public ECPoint multiply(BigInteger k)
+    {
+        if (k.signum() < 0)
+        {
+            throw new IllegalArgumentException("The multiplicator cannot be negative");
+        }
+
+        if (this.isInfinity())
+        {
+            return this;
+        }
+
+        if (k.signum() == 0)
+        {
+            return this.curve.getInfinity();
+        }
+
+        assertECMultiplier();
+        return this.multiplier.multiply(this, k, preCompInfo);
+    }
+
+    /**
+     * Elliptic curve points over Fp
+     */
+    public static class Fp extends ECPoint
+    {
+        
+        /**
+         * Create a point which encodes with point compression.
+         * 
+         * @param curve the curve to use
+         * @param x affine x co-ordinate
+         * @param y affine y co-ordinate
+         */
+        public Fp(ECCurve curve, ECFieldElement x, ECFieldElement y)
+        {
+            this(curve, x, y, false);
+        }
+
+        /**
+         * Create a point that encodes with or without point compresion.
+         * 
+         * @param curve the curve to use
+         * @param x affine x co-ordinate
+         * @param y affine y co-ordinate
+         * @param withCompression if true encode with point compression
+         */
+        public Fp(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+        {
+            super(curve, x, y);
+
+            if ((x != null && y == null) || (x == null && y != null))
+            {
+                throw new IllegalArgumentException("Exactly one of the field elements is null");
+            }
+
+            this.withCompression = withCompression;
+        }
+         
+        /**
+         * return the field element encoded with point compression. (S 4.3.6)
+         */
+        public byte[] getEncoded()
+        {
+            if (this.isInfinity()) 
+            {
+                return new byte[1];
+            }
+
+            int qLength = converter.getByteLength(x);
+            
+            if (withCompression)
+            {
+                byte    PC;
+    
+                if (this.getY().toBigInteger().testBit(0))
+                {
+                    PC = 0x03;
+                }
+                else
+                {
+                    PC = 0x02;
+                }
+    
+                byte[]  X = converter.integerToBytes(this.getX().toBigInteger(), qLength);
+                byte[]  PO = new byte[X.length + 1];
+    
+                PO[0] = PC;
+                System.arraycopy(X, 0, PO, 1, X.length);
+    
+                return PO;
+            }
+            else
+            {
+                byte[]  X = converter.integerToBytes(this.getX().toBigInteger(), qLength);
+                byte[]  Y = converter.integerToBytes(this.getY().toBigInteger(), qLength);
+                byte[]  PO = new byte[X.length + Y.length + 1];
+                
+                PO[0] = 0x04;
+                System.arraycopy(X, 0, PO, 1, X.length);
+                System.arraycopy(Y, 0, PO, X.length + 1, Y.length);
+
+                return PO;
+            }
+        }
+
+        // B.3 pg 62
+        public ECPoint add(ECPoint b)
+        {
+            if (this.isInfinity())
+            {
+                return b;
+            }
+
+            if (b.isInfinity())
+            {
+                return this;
+            }
+
+            // Check if b = this or b = -this
+            if (this.x.equals(b.x))
+            {
+                if (this.y.equals(b.y))
+                {
+                    // this = b, i.e. this must be doubled
+                    return this.twice();
+                }
+
+                // this = -b, i.e. the result is the point at infinity
+                return this.curve.getInfinity();
+            }
+
+            ECFieldElement gamma = b.y.subtract(this.y).divide(b.x.subtract(this.x));
+
+            ECFieldElement x3 = gamma.square().subtract(this.x).subtract(b.x);
+            ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y);
+
+            return new ECPoint.Fp(curve, x3, y3);
+        }
+
+        // B.3 pg 62
+        public ECPoint twice()
+        {
+            if (this.isInfinity())
+            {
+                // Twice identity element (point at infinity) is identity
+                return this;
+            }
+
+            if (this.y.toBigInteger().signum() == 0) 
+            {
+                // if y1 == 0, then (x1, y1) == (x1, -y1)
+                // and hence this = -this and thus 2(x1, y1) == infinity
+                return this.curve.getInfinity();
+            }
+
+            ECFieldElement TWO = this.curve.fromBigInteger(BigInteger.valueOf(2));
+            ECFieldElement THREE = this.curve.fromBigInteger(BigInteger.valueOf(3));
+            ECFieldElement gamma = this.x.square().multiply(THREE).add(curve.a).divide(y.multiply(TWO));
+
+            ECFieldElement x3 = gamma.square().subtract(this.x.multiply(TWO));
+            ECFieldElement y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y);
+                
+            return new ECPoint.Fp(curve, x3, y3, this.withCompression);
+        }
+
+        // D.3.2 pg 102 (see Note:)
+        public ECPoint subtract(ECPoint b)
+        {
+            if (b.isInfinity())
+            {
+                return this;
+            }
+
+            // Add -b
+            return add(b.negate());
+        }
+
+        public ECPoint negate()
+        {
+            return new ECPoint.Fp(curve, this.x, this.y.negate(), this.withCompression);
+        }
+
+        /**
+         * Sets the default <code>ECMultiplier</code>, unless already set. 
+         */
+        synchronized void assertECMultiplier()
+        {
+            if (this.multiplier == null)
+            {
+                this.multiplier = new WNafMultiplier();
+            }
+        }
+    }
+
+    /**
+     * Elliptic curve points over F2m
+     */
+    public static class F2m extends ECPoint
+    {
+        /**
+         * @param curve base curve
+         * @param x x point
+         * @param y y point
+         */
+        public F2m(ECCurve curve, ECFieldElement x, ECFieldElement y)
+        {
+            this(curve, x, y, false);
+        }
+        
+        /**
+         * @param curve base curve
+         * @param x x point
+         * @param y y point
+         * @param withCompression true if encode with point compression.
+         */
+        public F2m(ECCurve curve, ECFieldElement x, ECFieldElement y, boolean withCompression)
+        {
+            super(curve, x, y);
+
+            if ((x != null && y == null) || (x == null && y != null))
+            {
+                throw new IllegalArgumentException("Exactly one of the field elements is null");
+            }
+            
+            if (x != null)
+            {
+                // Check if x and y are elements of the same field
+                ECFieldElement.F2m.checkFieldElements(this.x, this.y);
+    
+                // Check if x and a are elements of the same field
+                if (curve != null)
+                {
+                    ECFieldElement.F2m.checkFieldElements(this.x, this.curve.getA());
+                }
+            }
+            
+            this.withCompression = withCompression;
+        }
+
+        /* (non-Javadoc)
+         * @see org.bouncycastle.math.ec.ECPoint#getEncoded()
+         */
+        public byte[] getEncoded()
+        {
+            if (this.isInfinity()) 
+            {
+                return new byte[1];
+            }
+
+            int byteCount = converter.getByteLength(this.x);
+            byte[] X = converter.integerToBytes(this.getX().toBigInteger(), byteCount);
+            byte[] PO;
+
+            if (withCompression)
+            {
+                // See X9.62 4.3.6 and 4.2.2
+                PO = new byte[byteCount + 1];
+
+                PO[0] = 0x02;
+                // X9.62 4.2.2 and 4.3.6:
+                // if x = 0 then ypTilde := 0, else ypTilde is the rightmost
+                // bit of y * x^(-1)
+                // if ypTilde = 0, then PC := 02, else PC := 03
+                // Note: PC === PO[0]
+                if (!(this.getX().toBigInteger().equals(ECConstants.ZERO)))
+                {
+                    if (this.getY().multiply(this.getX().invert())
+                            .toBigInteger().testBit(0))
+                    {
+                        // ypTilde = 1, hence PC = 03
+                        PO[0] = 0x03;
+                    }
+                }
+
+                System.arraycopy(X, 0, PO, 1, byteCount);
+            }
+            else
+            {
+                byte[] Y = converter.integerToBytes(this.getY().toBigInteger(), byteCount);
+    
+                PO = new byte[byteCount + byteCount + 1];
+    
+                PO[0] = 0x04;
+                System.arraycopy(X, 0, PO, 1, byteCount);
+                System.arraycopy(Y, 0, PO, byteCount + 1, byteCount);    
+            }
+
+            return PO;
+        }
+
+        /**
+         * Check, if two <code>ECPoint</code>s can be added or subtracted.
+         * @param a The first <code>ECPoint</code> to check.
+         * @param b The second <code>ECPoint</code> to check.
+         * @throws IllegalArgumentException if <code>a</code> and <code>b</code>
+         * cannot be added.
+         */
+        private static void checkPoints(ECPoint a, ECPoint b)
+        {
+            // Check, if points are on the same curve
+            if (!(a.curve.equals(b.curve)))
+            {
+                throw new IllegalArgumentException("Only points on the same "
+                        + "curve can be added or subtracted");
+            }
+
+//            ECFieldElement.F2m.checkFieldElements(a.x, b.x);
+        }
+
+        /* (non-Javadoc)
+         * @see org.bouncycastle.math.ec.ECPoint#add(org.bouncycastle.math.ec.ECPoint)
+         */
+        public ECPoint add(ECPoint b)
+        {
+            checkPoints(this, b);
+            return addSimple((ECPoint.F2m)b);
+        }
+
+        /**
+         * Adds another <code>ECPoints.F2m</code> to <code>this</code> without
+         * checking if both points are on the same curve. Used by multiplication
+         * algorithms, because there all points are a multiple of the same point
+         * and hence the checks can be omitted.
+         * @param b The other <code>ECPoints.F2m</code> to add to
+         * <code>this</code>.
+         * @return <code>this + b</code>
+         */
+        public ECPoint.F2m addSimple(ECPoint.F2m b)
+        {
+            ECPoint.F2m other = b;
+            if (this.isInfinity())
+            {
+                return other;
+            }
+
+            if (other.isInfinity())
+            {
+                return this;
+            }
+
+            ECFieldElement.F2m x2 = (ECFieldElement.F2m)other.getX();
+            ECFieldElement.F2m y2 = (ECFieldElement.F2m)other.getY();
+
+            // Check if other = this or other = -this
+            if (this.x.equals(x2))
+            {
+                if (this.y.equals(y2))
+                {
+                    // this = other, i.e. this must be doubled
+                    return (ECPoint.F2m)this.twice();
+                }
+
+                // this = -other, i.e. the result is the point at infinity
+                return (ECPoint.F2m)this.curve.getInfinity();
+            }
+
+            ECFieldElement.F2m lambda
+                = (ECFieldElement.F2m)(this.y.add(y2)).divide(this.x.add(x2));
+
+            ECFieldElement.F2m x3
+                = (ECFieldElement.F2m)lambda.square().add(lambda).add(this.x).add(x2).add(this.curve.getA());
+
+            ECFieldElement.F2m y3
+                = (ECFieldElement.F2m)lambda.multiply(this.x.add(x3)).add(x3).add(this.y);
+
+            return new ECPoint.F2m(curve, x3, y3, withCompression);
+        }
+
+        /* (non-Javadoc)
+         * @see org.bouncycastle.math.ec.ECPoint#subtract(org.bouncycastle.math.ec.ECPoint)
+         */
+        public ECPoint subtract(ECPoint b)
+        {
+            checkPoints(this, b);
+            return subtractSimple((ECPoint.F2m)b);
+        }
+
+        /**
+         * Subtracts another <code>ECPoints.F2m</code> from <code>this</code>
+         * without checking if both points are on the same curve. Used by
+         * multiplication algorithms, because there all points are a multiple
+         * of the same point and hence the checks can be omitted.
+         * @param b The other <code>ECPoints.F2m</code> to subtract from
+         * <code>this</code>.
+         * @return <code>this - b</code>
+         */
+        public ECPoint.F2m subtractSimple(ECPoint.F2m b)
+        {
+            if (b.isInfinity())
+            {
+                return this;
+            }
+
+            // Add -b
+            return addSimple((ECPoint.F2m)b.negate());
+        }
+
+        /* (non-Javadoc)
+         * @see org.bouncycastle.math.ec.ECPoint#twice()
+         */
+        public ECPoint twice()
+        {
+            if (this.isInfinity()) 
+            {
+                // Twice identity element (point at infinity) is identity
+                return this;
+            }
+
+            if (this.x.toBigInteger().signum() == 0) 
+            {
+                // if x1 == 0, then (x1, y1) == (x1, x1 + y1)
+                // and hence this = -this and thus 2(x1, y1) == infinity
+                return this.curve.getInfinity();
+            }
+
+            ECFieldElement.F2m lambda
+                = (ECFieldElement.F2m)this.x.add(this.y.divide(this.x));
+
+            ECFieldElement.F2m x3
+                = (ECFieldElement.F2m)lambda.square().add(lambda).
+                    add(this.curve.getA());
+
+            ECFieldElement ONE = this.curve.fromBigInteger(ECConstants.ONE);
+            ECFieldElement.F2m y3
+                = (ECFieldElement.F2m)this.x.square().add(
+                    x3.multiply(lambda.add(ONE)));
+
+            return new ECPoint.F2m(this.curve, x3, y3, withCompression);
+        }
+
+        public ECPoint negate()
+        {
+            return new ECPoint.F2m(curve, this.getX(), this.getY().add(this.getX()), withCompression);
+        }
+
+        /**
+         * Sets the appropriate <code>ECMultiplier</code>, unless already set. 
+         */
+        synchronized void assertECMultiplier()
+        {
+            if (this.multiplier == null)
+            {
+                if (((ECCurve.F2m)this.curve).isKoblitz())
+                {
+                    this.multiplier = new WTauNafMultiplier();
+                }
+                else
+                {
+                    this.multiplier = new WNafMultiplier();
+                }
+            }
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/FpNafMultiplier.java b/src/main/java/org/bouncycastle/math/ec/FpNafMultiplier.java
new file mode 100644
index 0000000..35e601d
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/FpNafMultiplier.java
@@ -0,0 +1,39 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class implementing the NAF (Non-Adjacent Form) multiplication algorithm.
+ */
+class FpNafMultiplier implements ECMultiplier
+{
+    /**
+     * D.3.2 pg 101
+     * @see org.bouncycastle.math.ec.ECMultiplier#multiply(org.bouncycastle.math.ec.ECPoint, java.math.BigInteger)
+     */
+    public ECPoint multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo)
+    {
+        // TODO Probably should try to add this
+        // BigInteger e = k.mod(n); // n == order of p
+        BigInteger e = k;
+        BigInteger h = e.multiply(BigInteger.valueOf(3));
+
+        ECPoint neg = p.negate();
+        ECPoint R = p;
+
+        for (int i = h.bitLength() - 2; i > 0; --i)
+        {             
+            R = R.twice();
+
+            boolean hBit = h.testBit(i);
+            boolean eBit = e.testBit(i);
+
+            if (hBit != eBit)
+            {
+                R = R.add(hBit ? p : neg);
+            }
+        }
+
+        return R;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/IntArray.java b/src/main/java/org/bouncycastle/math/ec/IntArray.java
new file mode 100644
index 0000000..ead38c4
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/IntArray.java
@@ -0,0 +1,518 @@
+package org.bouncycastle.math.ec;
+
+import org.bouncycastle.util.Arrays;
+
+import java.math.BigInteger;
+
+class IntArray
+{
+    // TODO make m fixed for the IntArray, and hence compute T once and for all
+
+    private int[] m_ints;
+
+    public IntArray(int intLen)
+    {
+        m_ints = new int[intLen];
+    }
+
+    public IntArray(int[] ints)
+    {
+        m_ints = ints;
+    }
+
+    public IntArray(BigInteger bigInt)
+    {
+        this(bigInt, 0);
+    }
+
+    public IntArray(BigInteger bigInt, int minIntLen)
+    {
+        if (bigInt.signum() == -1)
+        {
+            throw new IllegalArgumentException("Only positive Integers allowed");
+        }
+        if (bigInt.equals(ECConstants.ZERO))
+        {
+            m_ints = new int[] { 0 };
+            return;
+        }
+
+        byte[] barr = bigInt.toByteArray();
+        int barrLen = barr.length;
+        int barrStart = 0;
+        if (barr[0] == 0)
+        {
+            // First byte is 0 to enforce highest (=sign) bit is zero.
+            // In this case ignore barr[0].
+            barrLen--;
+            barrStart = 1;
+        }
+        int intLen = (barrLen + 3) / 4;
+        if (intLen < minIntLen)
+        {
+            m_ints = new int[minIntLen];
+        }
+        else
+        {
+            m_ints = new int[intLen];
+        }
+
+        int iarrJ = intLen - 1;
+        int rem = barrLen % 4 + barrStart;
+        int temp = 0;
+        int barrI = barrStart;
+        if (barrStart < rem)
+        {
+            for (; barrI < rem; barrI++)
+            {
+                temp <<= 8;
+                int barrBarrI = barr[barrI];
+                if (barrBarrI < 0)
+                {
+                    barrBarrI += 256;
+                }
+                temp |= barrBarrI;
+            }
+            m_ints[iarrJ--] = temp;
+        }
+
+        for (; iarrJ >= 0; iarrJ--)
+        {
+            temp = 0;
+            for (int i = 0; i < 4; i++)
+            {
+                temp <<= 8;
+                int barrBarrI = barr[barrI++];
+                if (barrBarrI < 0)
+                {
+                    barrBarrI += 256;
+                }
+                temp |= barrBarrI;
+            }
+            m_ints[iarrJ] = temp;
+        }
+    }
+
+    public boolean isZero()
+    {
+        return m_ints.length == 0
+            || (m_ints[0] == 0 && getUsedLength() == 0);
+    }
+
+    public int getUsedLength()
+    {
+        int highestIntPos = m_ints.length;
+
+        if (highestIntPos < 1)
+        {
+            return 0;
+        }
+
+        // Check if first element will act as sentinel
+        if (m_ints[0] != 0)
+        {
+            while (m_ints[--highestIntPos] == 0)
+            {
+            }
+            return highestIntPos + 1;
+        }
+
+        do
+        {
+            if (m_ints[--highestIntPos] != 0)
+            {
+                return highestIntPos + 1;
+            }
+        }
+        while (highestIntPos > 0);
+
+        return 0;
+    }
+
+    public int bitLength()
+    {
+        // JDK 1.5: see Integer.numberOfLeadingZeros()
+        int intLen = getUsedLength();
+        if (intLen == 0)
+        {
+            return 0;
+        }
+
+        int last = intLen - 1;
+        int highest = m_ints[last];
+        int bits = (last << 5) + 1;
+
+        // A couple of binary search steps
+        if ((highest & 0xffff0000) != 0)
+        {
+            if ((highest & 0xff000000) != 0)
+            {
+                bits += 24;
+                highest >>>= 24;
+            }
+            else
+            {
+                bits += 16;
+                highest >>>= 16;
+            }
+        }
+        else if (highest > 0x000000ff)
+        {
+            bits += 8;
+            highest >>>= 8;
+        }
+
+        while (highest != 1)
+        {
+            ++bits;
+            highest >>>= 1;
+        }
+
+        return bits;
+    }
+
+    private int[] resizedInts(int newLen)
+    {
+        int[] newInts = new int[newLen];
+        int oldLen = m_ints.length;
+        int copyLen = oldLen < newLen ? oldLen : newLen;
+        System.arraycopy(m_ints, 0, newInts, 0, copyLen);
+        return newInts;
+    }
+
+    public BigInteger toBigInteger()
+    {
+        int usedLen = getUsedLength();
+        if (usedLen == 0)
+        {
+            return ECConstants.ZERO;
+        }
+
+        int highestInt = m_ints[usedLen - 1];
+        byte[] temp = new byte[4];
+        int barrI = 0;
+        boolean trailingZeroBytesDone = false;
+        for (int j = 3; j >= 0; j--)
+        {
+            byte thisByte = (byte) (highestInt >>> (8 * j));
+            if (trailingZeroBytesDone || (thisByte != 0))
+            {
+                trailingZeroBytesDone = true;
+                temp[barrI++] = thisByte;
+            }
+        }
+
+        int barrLen = 4 * (usedLen - 1) + barrI;
+        byte[] barr = new byte[barrLen];
+        for (int j = 0; j < barrI; j++)
+        {
+            barr[j] = temp[j];
+        }
+        // Highest value int is done now
+
+        for (int iarrJ = usedLen - 2; iarrJ >= 0; iarrJ--)
+        {
+            for (int j = 3; j >= 0; j--)
+            {
+                barr[barrI++] = (byte) (m_ints[iarrJ] >>> (8 * j));
+            }
+        }
+        return new BigInteger(1, barr);
+    }
+
+    public void shiftLeft()
+    {
+        int usedLen = getUsedLength();
+        if (usedLen == 0)
+        {
+            return;
+        }
+        if (m_ints[usedLen - 1] < 0)
+        {
+            // highest bit of highest used byte is set, so shifting left will
+            // make the IntArray one byte longer
+            usedLen++;
+            if (usedLen > m_ints.length)
+            {
+                // make the m_ints one byte longer, because we need one more
+                // byte which is not available in m_ints
+                m_ints = resizedInts(m_ints.length + 1);
+            }
+        }
+
+        boolean carry = false;
+        for (int i = 0; i < usedLen; i++)
+        {
+            // nextCarry is true if highest bit is set
+            boolean nextCarry = m_ints[i] < 0;
+            m_ints[i] <<= 1;
+            if (carry)
+            {
+                // set lowest bit
+                m_ints[i] |= 1;
+            }
+            carry = nextCarry;
+        }
+    }
+
+    public IntArray shiftLeft(int n)
+    {
+        int usedLen = getUsedLength();
+        if (usedLen == 0)
+        {
+            return this;
+        }
+
+        if (n == 0)
+        {
+            return this;
+        }
+
+        if (n > 31)
+        {
+            throw new IllegalArgumentException("shiftLeft() for max 31 bits "
+                + ", " + n + "bit shift is not possible");
+        }
+
+        int[] newInts = new int[usedLen + 1];
+
+        int nm32 = 32 - n;
+        newInts[0] = m_ints[0] << n;
+        for (int i = 1; i < usedLen; i++)
+        {
+            newInts[i] = (m_ints[i] << n) | (m_ints[i - 1] >>> nm32);
+        }
+        newInts[usedLen] = m_ints[usedLen - 1] >>> nm32;
+
+        return new IntArray(newInts);
+    }
+
+    public void addShifted(IntArray other, int shift)
+    {
+        int usedLenOther = other.getUsedLength();
+        int newMinUsedLen = usedLenOther + shift;
+        if (newMinUsedLen > m_ints.length)
+        {
+            m_ints = resizedInts(newMinUsedLen);
+            //System.out.println("Resize required");
+        }
+
+        for (int i = 0; i < usedLenOther; i++)
+        {
+            m_ints[i + shift] ^= other.m_ints[i];
+        }
+    }
+
+    public int getLength()
+    {
+        return m_ints.length;
+    }
+
+    public boolean testBit(int n)
+    {
+        // theInt = n / 32
+        int theInt = n >> 5;
+        // theBit = n % 32
+        int theBit = n & 0x1F;
+        int tester = 1 << theBit;
+        return ((m_ints[theInt] & tester) != 0);
+    }
+
+    public void flipBit(int n)
+    {
+        // theInt = n / 32
+        int theInt = n >> 5;
+        // theBit = n % 32
+        int theBit = n & 0x1F;
+        int flipper = 1 << theBit;
+        m_ints[theInt] ^= flipper;
+    }
+
+    public void setBit(int n)
+    {
+        // theInt = n / 32
+        int theInt = n >> 5;
+        // theBit = n % 32
+        int theBit = n & 0x1F;
+        int setter = 1 << theBit;
+        m_ints[theInt] |= setter;
+    }
+
+    public IntArray multiply(IntArray other, int m)
+    {
+        // Lenght of c is 2m bits rounded up to the next int (32 bit)
+        int t = (m + 31) >> 5;
+        if (m_ints.length < t)
+        {
+            m_ints = resizedInts(t);
+        }
+
+        IntArray b = new IntArray(other.resizedInts(other.getLength() + 1));
+        IntArray c = new IntArray((m + m + 31) >> 5);
+        // IntArray c = new IntArray(t + t);
+        int testBit = 1;
+        for (int k = 0; k < 32; k++)
+        {
+            for (int j = 0; j < t; j++)
+            {
+                if ((m_ints[j] & testBit) != 0)
+                {
+                    // The kth bit of m_ints[j] is set
+                    c.addShifted(b, j);
+                }
+            }
+            testBit <<= 1;
+            b.shiftLeft();
+        }
+        return c;
+    }
+
+    // public IntArray multiplyLeftToRight(IntArray other, int m) {
+    // // Lenght of c is 2m bits rounded up to the next int (32 bit)
+    // int t = (m + 31) / 32;
+    // if (m_ints.length < t) {
+    // m_ints = resizedInts(t);
+    // }
+    //
+    // IntArray b = new IntArray(other.resizedInts(other.getLength() + 1));
+    // IntArray c = new IntArray((m + m + 31) / 32);
+    // // IntArray c = new IntArray(t + t);
+    // int testBit = 1 << 31;
+    // for (int k = 31; k >= 0; k--) {
+    // for (int j = 0; j < t; j++) {
+    // if ((m_ints[j] & testBit) != 0) {
+    // // The kth bit of m_ints[j] is set
+    // c.addShifted(b, j);
+    // }
+    // }
+    // testBit >>>= 1;
+    // if (k > 0) {
+    // c.shiftLeft();
+    // }
+    // }
+    // return c;
+    // }
+
+    // TODO note, redPol.length must be 3 for TPB and 5 for PPB
+    public void reduce(int m, int[] redPol)
+    {
+        for (int i = m + m - 2; i >= m; i--)
+        {
+            if (testBit(i))
+            {
+                int bit = i - m;
+                flipBit(bit);
+                flipBit(i);
+                int l = redPol.length;
+                while (--l >= 0)
+                {
+                    flipBit(redPol[l] + bit);
+                }
+            }
+        }
+        m_ints = resizedInts((m + 31) >> 5);
+    }
+
+    public IntArray square(int m)
+    {
+        // TODO make the table static final
+        final int[] table = { 0x0, 0x1, 0x4, 0x5, 0x10, 0x11, 0x14, 0x15, 0x40,
+            0x41, 0x44, 0x45, 0x50, 0x51, 0x54, 0x55 };
+
+        int t = (m + 31) >> 5;
+        if (m_ints.length < t)
+        {
+            m_ints = resizedInts(t);
+        }
+
+        IntArray c = new IntArray(t + t);
+
+        // TODO twice the same code, put in separate private method
+        for (int i = 0; i < t; i++)
+        {
+            int v0 = 0;
+            for (int j = 0; j < 4; j++)
+            {
+                v0 = v0 >>> 8;
+                int u = (m_ints[i] >>> (j * 4)) & 0xF;
+                int w = table[u] << 24;
+                v0 |= w;
+            }
+            c.m_ints[i + i] = v0;
+
+            v0 = 0;
+            int upper = m_ints[i] >>> 16;
+            for (int j = 0; j < 4; j++)
+            {
+                v0 = v0 >>> 8;
+                int u = (upper >>> (j * 4)) & 0xF;
+                int w = table[u] << 24;
+                v0 |= w;
+            }
+            c.m_ints[i + i + 1] = v0;
+        }
+        return c;
+    }
+
+    public boolean equals(Object o)
+    {
+        if (!(o instanceof IntArray))
+        {
+            return false;
+        }
+        IntArray other = (IntArray) o;
+        int usedLen = getUsedLength();
+        if (other.getUsedLength() != usedLen)
+        {
+            return false;
+        }
+        for (int i = 0; i < usedLen; i++)
+        {
+            if (m_ints[i] != other.m_ints[i])
+            {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public int hashCode()
+    {
+        int usedLen = getUsedLength();
+        int hash = 1;
+        for (int i = 0; i < usedLen; i++)
+        {
+            hash = hash * 31 + m_ints[i];
+        }
+        return hash;
+    }
+
+    public Object clone()
+    {
+        return new IntArray(Arrays.clone(m_ints));
+    }
+
+    public String toString()
+    {
+        int usedLen = getUsedLength();
+        if (usedLen == 0)
+        {
+            return "0";
+        }
+
+        StringBuffer sb = new StringBuffer(Integer
+            .toBinaryString(m_ints[usedLen - 1]));
+        for (int iarrJ = usedLen - 2; iarrJ >= 0; iarrJ--)
+        {
+            String hexString = Integer.toBinaryString(m_ints[iarrJ]);
+
+            // Add leading zeroes, except for highest significant int
+            for (int i = hexString.length(); i < 8; i++)
+            {
+                hexString = "0" + hexString;
+            }
+            sb.append(hexString);
+        }
+        return sb.toString();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/PreCompInfo.java b/src/main/java/org/bouncycastle/math/ec/PreCompInfo.java
new file mode 100644
index 0000000..804dcf7
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/PreCompInfo.java
@@ -0,0 +1,10 @@
+package org.bouncycastle.math.ec;
+
+/**
+ * Interface for classes storing precomputation data for multiplication
+ * algorithms. Used as a Memento (see GOF patterns) for
+ * <code>WNafMultiplier</code>.
+ */
+interface PreCompInfo
+{
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java b/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java
new file mode 100644
index 0000000..96e666d
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/SimpleBigDecimal.java
@@ -0,0 +1,253 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class representing a simple version of a big decimal. A
+ * <code>SimpleBigDecimal</code> is basically a
+ * {@link java.math.BigInteger BigInteger} with a few digits on the right of
+ * the decimal point. The number of (binary) digits on the right of the decimal
+ * point is called the <code>scale</code> of the <code>SimpleBigDecimal</code>.
+ * Unlike in {@link java.math.BigDecimal BigDecimal}, the scale is not adjusted
+ * automatically, but must be set manually. All <code>SimpleBigDecimal</code>s
+ * taking part in the same arithmetic operation must have equal scale. The
+ * result of a multiplication of two <code>SimpleBigDecimal</code>s returns a
+ * <code>SimpleBigDecimal</code> with double scale.
+ */
+class SimpleBigDecimal
+    //extends Number   // not in J2ME - add compatibility class?
+{
+    private static final long serialVersionUID = 1L;
+
+    private final BigInteger bigInt;
+    private final int scale;
+
+    /**
+     * Returns a <code>SimpleBigDecimal</code> representing the same numerical
+     * value as <code>value</code>.
+     * @param value The value of the <code>SimpleBigDecimal</code> to be
+     * created. 
+     * @param scale The scale of the <code>SimpleBigDecimal</code> to be
+     * created. 
+     * @return The such created <code>SimpleBigDecimal</code>.
+     */
+    public static SimpleBigDecimal getInstance(BigInteger value, int scale)
+    {
+        return new SimpleBigDecimal(value.shiftLeft(scale), scale);
+    }
+
+    /**
+     * Constructor for <code>SimpleBigDecimal</code>. The value of the
+     * constructed <code>SimpleBigDecimal</code> equals <code>bigInt / 
+     * 2<sup>scale</sup></code>.
+     * @param bigInt The <code>bigInt</code> value parameter.
+     * @param scale The scale of the constructed <code>SimpleBigDecimal</code>.
+     */
+    public SimpleBigDecimal(BigInteger bigInt, int scale)
+    {
+        if (scale < 0)
+        {
+            throw new IllegalArgumentException("scale may not be negative");
+        }
+
+        this.bigInt = bigInt;
+        this.scale = scale;
+    }
+
+    private SimpleBigDecimal(SimpleBigDecimal limBigDec)
+    {
+        bigInt = limBigDec.bigInt;
+        scale = limBigDec.scale;
+    }
+
+    private void checkScale(SimpleBigDecimal b)
+    {
+        if (scale != b.scale)
+        {
+            throw new IllegalArgumentException("Only SimpleBigDecimal of " +
+                "same scale allowed in arithmetic operations");
+        }
+    }
+
+    public SimpleBigDecimal adjustScale(int newScale)
+    {
+        if (newScale < 0)
+        {
+            throw new IllegalArgumentException("scale may not be negative");
+        }
+
+        if (newScale == scale)
+        {
+            return new SimpleBigDecimal(this);
+        }
+
+        return new SimpleBigDecimal(bigInt.shiftLeft(newScale - scale),
+                newScale);
+    }
+
+    public SimpleBigDecimal add(SimpleBigDecimal b)
+    {
+        checkScale(b);
+        return new SimpleBigDecimal(bigInt.add(b.bigInt), scale);
+    }
+
+    public SimpleBigDecimal add(BigInteger b)
+    {
+        return new SimpleBigDecimal(bigInt.add(b.shiftLeft(scale)), scale);
+    }
+
+    public SimpleBigDecimal negate()
+    {
+        return new SimpleBigDecimal(bigInt.negate(), scale);
+    }
+
+    public SimpleBigDecimal subtract(SimpleBigDecimal b)
+    {
+        return add(b.negate());
+    }
+
+    public SimpleBigDecimal subtract(BigInteger b)
+    {
+        return new SimpleBigDecimal(bigInt.subtract(b.shiftLeft(scale)),
+                scale);
+    }
+
+    public SimpleBigDecimal multiply(SimpleBigDecimal b)
+    {
+        checkScale(b);
+        return new SimpleBigDecimal(bigInt.multiply(b.bigInt), scale + scale);
+    }
+
+    public SimpleBigDecimal multiply(BigInteger b)
+    {
+        return new SimpleBigDecimal(bigInt.multiply(b), scale);
+    }
+
+    public SimpleBigDecimal divide(SimpleBigDecimal b)
+    {
+        checkScale(b);
+        BigInteger dividend = bigInt.shiftLeft(scale);
+        return new SimpleBigDecimal(dividend.divide(b.bigInt), scale);
+    }
+
+    public SimpleBigDecimal divide(BigInteger b)
+    {
+        return new SimpleBigDecimal(bigInt.divide(b), scale);
+    }
+
+    public SimpleBigDecimal shiftLeft(int n)
+    {
+        return new SimpleBigDecimal(bigInt.shiftLeft(n), scale);
+    }
+
+    public int compareTo(SimpleBigDecimal val)
+    {
+        checkScale(val);
+        return bigInt.compareTo(val.bigInt);
+    }
+
+    public int compareTo(BigInteger val)
+    {
+        return bigInt.compareTo(val.shiftLeft(scale));
+    }
+
+    public BigInteger floor()
+    {
+        return bigInt.shiftRight(scale);
+    }
+
+    public BigInteger round()
+    {
+        SimpleBigDecimal oneHalf = new SimpleBigDecimal(ECConstants.ONE, 1);
+        return add(oneHalf.adjustScale(scale)).floor();
+    }
+
+    public int intValue()
+    {
+        return floor().intValue();
+    }
+    
+    public long longValue()
+    {
+        return floor().longValue();
+    }
+          /* NON-J2ME compliant.
+    public double doubleValue()
+    {
+        return Double.valueOf(toString()).doubleValue();
+    }
+
+    public float floatValue()
+    {
+        return Float.valueOf(toString()).floatValue();
+    }
+       */
+    public int getScale()
+    {
+        return scale;
+    }
+
+    public String toString()
+    {
+        if (scale == 0)
+        {
+            return bigInt.toString();
+        }
+
+        BigInteger floorBigInt = floor();
+        
+        BigInteger fract = bigInt.subtract(floorBigInt.shiftLeft(scale));
+        if (bigInt.signum() == -1)
+        {
+            fract = ECConstants.ONE.shiftLeft(scale).subtract(fract);
+        }
+
+        if ((floorBigInt.signum() == -1) && (!(fract.equals(ECConstants.ZERO))))
+        {
+            floorBigInt = floorBigInt.add(ECConstants.ONE);
+        }
+        String leftOfPoint = floorBigInt.toString();
+
+        char[] fractCharArr = new char[scale];
+        String fractStr = fract.toString(2);
+        int fractLen = fractStr.length();
+        int zeroes = scale - fractLen;
+        for (int i = 0; i < zeroes; i++)
+        {
+            fractCharArr[i] = '0';
+        }
+        for (int j = 0; j < fractLen; j++)
+        {
+            fractCharArr[zeroes + j] = fractStr.charAt(j);
+        }
+        String rightOfPoint = new String(fractCharArr);
+
+        StringBuffer sb = new StringBuffer(leftOfPoint);
+        sb.append(".");
+        sb.append(rightOfPoint);
+
+        return sb.toString();
+    }
+
+    public boolean equals(Object o)
+    {
+        if (this == o)
+        {
+            return true;
+        }
+
+        if (!(o instanceof SimpleBigDecimal))
+        {
+            return false;
+        }
+
+        SimpleBigDecimal other = (SimpleBigDecimal)o;
+        return ((bigInt.equals(other.bigInt)) && (scale == other.scale));
+    }
+
+    public int hashCode()
+    {
+        return bigInt.hashCode() ^ scale;
+    }
+
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/Tnaf.java b/src/main/java/org/bouncycastle/math/ec/Tnaf.java
new file mode 100644
index 0000000..af4355f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/Tnaf.java
@@ -0,0 +1,844 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class holding methods for point multiplication based on the window
+ * &tau;-adic nonadjacent form (WTNAF). The algorithms are based on the
+ * paper "Improved Algorithms for Arithmetic on Anomalous Binary Curves"
+ * by Jerome A. Solinas. The paper first appeared in the Proceedings of
+ * Crypto 1997.
+ */
+class Tnaf
+{
+    private static final BigInteger MINUS_ONE = ECConstants.ONE.negate();
+    private static final BigInteger MINUS_TWO = ECConstants.TWO.negate();
+    private static final BigInteger MINUS_THREE = ECConstants.THREE.negate();
+
+    /**
+     * The window width of WTNAF. The standard value of 4 is slightly less
+     * than optimal for running time, but keeps space requirements for
+     * precomputation low. For typical curves, a value of 5 or 6 results in
+     * a better running time. When changing this value, the
+     * <code>&alpha;<sub>u</sub></code>'s must be computed differently, see
+     * e.g. "Guide to Elliptic Curve Cryptography", Darrel Hankerson,
+     * Alfred Menezes, Scott Vanstone, Springer-Verlag New York Inc., 2004,
+     * p. 121-122
+     */
+    public static final byte WIDTH = 4;
+
+    /**
+     * 2<sup>4</sup>
+     */
+    public static final byte POW_2_WIDTH = 16;
+
+    /**
+     * The <code>&alpha;<sub>u</sub></code>'s for <code>a=0</code> as an array
+     * of <code>ZTauElement</code>s.
+     */
+    public static final ZTauElement[] alpha0 = {
+        null,
+        new ZTauElement(ECConstants.ONE, ECConstants.ZERO), null,
+        new ZTauElement(MINUS_THREE, MINUS_ONE), null,
+        new ZTauElement(MINUS_ONE, MINUS_ONE), null,
+        new ZTauElement(ECConstants.ONE, MINUS_ONE), null
+    };
+
+    /**
+     * The <code>&alpha;<sub>u</sub></code>'s for <code>a=0</code> as an array
+     * of TNAFs.
+     */
+    public static final byte[][] alpha0Tnaf = {
+        null, {1}, null, {-1, 0, 1}, null, {1, 0, 1}, null, {-1, 0, 0, 1}
+    };
+
+    /**
+     * The <code>&alpha;<sub>u</sub></code>'s for <code>a=1</code> as an array
+     * of <code>ZTauElement</code>s.
+     */
+    public static final ZTauElement[] alpha1 = {null,
+        new ZTauElement(ECConstants.ONE, ECConstants.ZERO), null,
+        new ZTauElement(MINUS_THREE, ECConstants.ONE), null,
+        new ZTauElement(MINUS_ONE, ECConstants.ONE), null,
+        new ZTauElement(ECConstants.ONE, ECConstants.ONE), null
+    };
+
+    /**
+     * The <code>&alpha;<sub>u</sub></code>'s for <code>a=1</code> as an array
+     * of TNAFs.
+     */
+    public static final byte[][] alpha1Tnaf = {
+        null, {1}, null, {-1, 0, 1}, null, {1, 0, 1}, null, {-1, 0, 0, -1}
+    };
+
+    /**
+     * Computes the norm of an element <code>&lambda;</code> of
+     * <code><b>Z</b>[&tau;]</code>.
+     * @param mu The parameter <code>&mu;</code> of the elliptic curve.
+     * @param lambda The element <code>&lambda;</code> of
+     * <code><b>Z</b>[&tau;]</code>.
+     * @return The norm of <code>&lambda;</code>.
+     */
+    public static BigInteger norm(final byte mu, ZTauElement lambda)
+    {
+        BigInteger norm;
+
+        // s1 = u^2
+        BigInteger s1 = lambda.u.multiply(lambda.u);
+
+        // s2 = u * v
+        BigInteger s2 = lambda.u.multiply(lambda.v);
+
+        // s3 = 2 * v^2
+        BigInteger s3 = lambda.v.multiply(lambda.v).shiftLeft(1);
+
+        if (mu == 1)
+        {
+            norm = s1.add(s2).add(s3);
+        }
+        else if (mu == -1)
+        {
+            norm = s1.subtract(s2).add(s3);
+        }
+        else
+        {
+            throw new IllegalArgumentException("mu must be 1 or -1");
+        }
+
+        return norm;
+    }
+
+    /**
+     * Computes the norm of an element <code>&lambda;</code> of
+     * <code><b>R</b>[&tau;]</code>, where <code>&lambda; = u + v&tau;</code>
+     * and <code>u</code> and <code>u</code> are real numbers (elements of
+     * <code><b>R</b></code>). 
+     * @param mu The parameter <code>&mu;</code> of the elliptic curve.
+     * @param u The real part of the element <code>&lambda;</code> of
+     * <code><b>R</b>[&tau;]</code>.
+     * @param v The <code>&tau;</code>-adic part of the element
+     * <code>&lambda;</code> of <code><b>R</b>[&tau;]</code>.
+     * @return The norm of <code>&lambda;</code>.
+     */
+    public static SimpleBigDecimal norm(final byte mu, SimpleBigDecimal u,
+            SimpleBigDecimal v)
+    {
+        SimpleBigDecimal norm;
+
+        // s1 = u^2
+        SimpleBigDecimal s1 = u.multiply(u);
+
+        // s2 = u * v
+        SimpleBigDecimal s2 = u.multiply(v);
+
+        // s3 = 2 * v^2
+        SimpleBigDecimal s3 = v.multiply(v).shiftLeft(1);
+
+        if (mu == 1)
+        {
+            norm = s1.add(s2).add(s3);
+        }
+        else if (mu == -1)
+        {
+            norm = s1.subtract(s2).add(s3);
+        }
+        else
+        {
+            throw new IllegalArgumentException("mu must be 1 or -1");
+        }
+
+        return norm;
+    }
+
+    /**
+     * Rounds an element <code>&lambda;</code> of <code><b>R</b>[&tau;]</code>
+     * to an element of <code><b>Z</b>[&tau;]</code>, such that their difference
+     * has minimal norm. <code>&lambda;</code> is given as
+     * <code>&lambda; = &lambda;<sub>0</sub> + &lambda;<sub>1</sub>&tau;</code>.
+     * @param lambda0 The component <code>&lambda;<sub>0</sub></code>.
+     * @param lambda1 The component <code>&lambda;<sub>1</sub></code>.
+     * @param mu The parameter <code>&mu;</code> of the elliptic curve. Must
+     * equal 1 or -1.
+     * @return The rounded element of <code><b>Z</b>[&tau;]</code>.
+     * @throws IllegalArgumentException if <code>lambda0</code> and
+     * <code>lambda1</code> do not have same scale.
+     */
+    public static ZTauElement round(SimpleBigDecimal lambda0,
+            SimpleBigDecimal lambda1, byte mu)
+    {
+        int scale = lambda0.getScale();
+        if (lambda1.getScale() != scale)
+        {
+            throw new IllegalArgumentException("lambda0 and lambda1 do not " +
+                    "have same scale");
+        }
+
+        if (!((mu == 1) || (mu == -1)))
+        {
+            throw new IllegalArgumentException("mu must be 1 or -1");
+        }
+
+        BigInteger f0 = lambda0.round();
+        BigInteger f1 = lambda1.round();
+
+        SimpleBigDecimal eta0 = lambda0.subtract(f0);
+        SimpleBigDecimal eta1 = lambda1.subtract(f1);
+
+        // eta = 2*eta0 + mu*eta1
+        SimpleBigDecimal eta = eta0.add(eta0);
+        if (mu == 1)
+        {
+            eta = eta.add(eta1);
+        }
+        else
+        {
+            // mu == -1
+            eta = eta.subtract(eta1);
+        }
+
+        // check1 = eta0 - 3*mu*eta1
+        // check2 = eta0 + 4*mu*eta1
+        SimpleBigDecimal threeEta1 = eta1.add(eta1).add(eta1);
+        SimpleBigDecimal fourEta1 = threeEta1.add(eta1);
+        SimpleBigDecimal check1;
+        SimpleBigDecimal check2;
+        if (mu == 1)
+        {
+            check1 = eta0.subtract(threeEta1);
+            check2 = eta0.add(fourEta1);
+        }
+        else
+        {
+            // mu == -1
+            check1 = eta0.add(threeEta1);
+            check2 = eta0.subtract(fourEta1);
+        }
+
+        byte h0 = 0;
+        byte h1 = 0;
+
+        // if eta >= 1
+        if (eta.compareTo(ECConstants.ONE) >= 0)
+        {
+            if (check1.compareTo(MINUS_ONE) < 0)
+            {
+                h1 = mu;
+            }
+            else
+            {
+                h0 = 1;
+            }
+        }
+        else
+        {
+            // eta < 1
+            if (check2.compareTo(ECConstants.TWO) >= 0)
+            {
+                h1 = mu;
+            }
+        }
+
+        // if eta < -1
+        if (eta.compareTo(MINUS_ONE) < 0)
+        {
+            if (check1.compareTo(ECConstants.ONE) >= 0)
+            {
+                h1 = (byte)-mu;
+            }
+            else
+            {
+                h0 = -1;
+            }
+        }
+        else
+        {
+            // eta >= -1
+            if (check2.compareTo(MINUS_TWO) < 0)
+            {
+                h1 = (byte)-mu;
+            }
+        }
+
+        BigInteger q0 = f0.add(BigInteger.valueOf(h0));
+        BigInteger q1 = f1.add(BigInteger.valueOf(h1));
+        return new ZTauElement(q0, q1);
+    }
+
+    /**
+     * Approximate division by <code>n</code>. For an integer
+     * <code>k</code>, the value <code>&lambda; = s k / n</code> is
+     * computed to <code>c</code> bits of accuracy.
+     * @param k The parameter <code>k</code>.
+     * @param s The curve parameter <code>s<sub>0</sub></code> or
+     * <code>s<sub>1</sub></code>.
+     * @param vm The Lucas Sequence element <code>V<sub>m</sub></code>.
+     * @param a The parameter <code>a</code> of the elliptic curve.
+     * @param m The bit length of the finite field
+     * <code><b>F</b><sub>m</sub></code>.
+     * @param c The number of bits of accuracy, i.e. the scale of the returned
+     * <code>SimpleBigDecimal</code>.
+     * @return The value <code>&lambda; = s k / n</code> computed to
+     * <code>c</code> bits of accuracy.
+     */
+    public static SimpleBigDecimal approximateDivisionByN(BigInteger k,
+            BigInteger s, BigInteger vm, byte a, int m, int c)
+    {
+        int _k = (m + 5)/2 + c;
+        BigInteger ns = k.shiftRight(m - _k - 2 + a);
+
+        BigInteger gs = s.multiply(ns);
+
+        BigInteger hs = gs.shiftRight(m);
+
+        BigInteger js = vm.multiply(hs);
+
+        BigInteger gsPlusJs = gs.add(js);
+        BigInteger ls = gsPlusJs.shiftRight(_k-c);
+        if (gsPlusJs.testBit(_k-c-1))
+        {
+            // round up
+            ls = ls.add(ECConstants.ONE);
+        }
+
+        return new SimpleBigDecimal(ls, c);
+    }
+
+    /**
+     * Computes the <code>&tau;</code>-adic NAF (non-adjacent form) of an
+     * element <code>&lambda;</code> of <code><b>Z</b>[&tau;]</code>.
+     * @param mu The parameter <code>&mu;</code> of the elliptic curve.
+     * @param lambda The element <code>&lambda;</code> of
+     * <code><b>Z</b>[&tau;]</code>.
+     * @return The <code>&tau;</code>-adic NAF of <code>&lambda;</code>.
+     */
+    public static byte[] tauAdicNaf(byte mu, ZTauElement lambda)
+    {
+        if (!((mu == 1) || (mu == -1)))
+        {
+            throw new IllegalArgumentException("mu must be 1 or -1");
+        }
+        
+        BigInteger norm = norm(mu, lambda);
+
+        // Ceiling of log2 of the norm 
+        int log2Norm = norm.bitLength();
+
+        // If length(TNAF) > 30, then length(TNAF) < log2Norm + 3.52
+        int maxLength = log2Norm > 30 ? log2Norm + 4 : 34;
+
+        // The array holding the TNAF
+        byte[] u = new byte[maxLength];
+        int i = 0;
+
+        // The actual length of the TNAF
+        int length = 0;
+
+        BigInteger r0 = lambda.u;
+        BigInteger r1 = lambda.v;
+
+        while(!((r0.equals(ECConstants.ZERO)) && (r1.equals(ECConstants.ZERO))))
+        {
+            // If r0 is odd
+            if (r0.testBit(0))
+            {
+                u[i] = (byte) ECConstants.TWO.subtract((r0.subtract(r1.shiftLeft(1))).mod(ECConstants.FOUR)).intValue();
+
+                // r0 = r0 - u[i]
+                if (u[i] == 1)
+                {
+                    r0 = r0.clearBit(0);
+                }
+                else
+                {
+                    // u[i] == -1
+                    r0 = r0.add(ECConstants.ONE);
+                }
+                length = i;
+            }
+            else
+            {
+                u[i] = 0;
+            }
+
+            BigInteger t = r0;
+            BigInteger s = r0.shiftRight(1);
+            if (mu == 1)
+            {
+                r0 = r1.add(s);
+            }
+            else
+            {
+                // mu == -1
+                r0 = r1.subtract(s);
+            }
+
+            r1 = t.shiftRight(1).negate();
+            i++;
+        }
+
+        length++;
+
+        // Reduce the TNAF array to its actual length
+        byte[] tnaf = new byte[length];
+        System.arraycopy(u, 0, tnaf, 0, length);
+        return tnaf;
+    }
+
+    /**
+     * Applies the operation <code>&tau;()</code> to an
+     * <code>ECPoint.F2m</code>. 
+     * @param p The ECPoint.F2m to which <code>&tau;()</code> is applied.
+     * @return <code>&tau;(p)</code>
+     */
+    public static ECPoint.F2m tau(ECPoint.F2m p)
+    {
+        if (p.isInfinity())
+        {
+            return p;
+        }
+
+        ECFieldElement x = p.getX();
+        ECFieldElement y = p.getY();
+
+        return new ECPoint.F2m(p.getCurve(), x.square(), y.square(), p.isCompressed());
+    }
+
+    /**
+     * Returns the parameter <code>&mu;</code> of the elliptic curve.
+     * @param curve The elliptic curve from which to obtain <code>&mu;</code>.
+     * The curve must be a Koblitz curve, i.e. <code>a</code> equals
+     * <code>0</code> or <code>1</code> and <code>b</code> equals
+     * <code>1</code>. 
+     * @return <code>&mu;</code> of the elliptic curve.
+     * @throws IllegalArgumentException if the given ECCurve is not a Koblitz
+     * curve.
+     */
+    public static byte getMu(ECCurve.F2m curve)
+    {
+        BigInteger a = curve.getA().toBigInteger();
+        byte mu;
+
+        if (a.equals(ECConstants.ZERO))
+        {
+            mu = -1;
+        }
+        else if (a.equals(ECConstants.ONE))
+        {
+            mu = 1;
+        }
+        else
+        {
+            throw new IllegalArgumentException("No Koblitz curve (ABC), " +
+                    "TNAF multiplication not possible");
+        }
+        return mu;
+    }
+
+    /**
+     * Calculates the Lucas Sequence elements <code>U<sub>k-1</sub></code> and
+     * <code>U<sub>k</sub></code> or <code>V<sub>k-1</sub></code> and
+     * <code>V<sub>k</sub></code>.
+     * @param mu The parameter <code>&mu;</code> of the elliptic curve.
+     * @param k The index of the second element of the Lucas Sequence to be
+     * returned.
+     * @param doV If set to true, computes <code>V<sub>k-1</sub></code> and
+     * <code>V<sub>k</sub></code>, otherwise <code>U<sub>k-1</sub></code> and
+     * <code>U<sub>k</sub></code>.
+     * @return An array with 2 elements, containing <code>U<sub>k-1</sub></code>
+     * and <code>U<sub>k</sub></code> or <code>V<sub>k-1</sub></code>
+     * and <code>V<sub>k</sub></code>.
+     */
+    public static BigInteger[] getLucas(byte mu, int k, boolean doV)
+    {
+        if (!((mu == 1) || (mu == -1)))
+        {
+            throw new IllegalArgumentException("mu must be 1 or -1");
+        }
+
+        BigInteger u0;
+        BigInteger u1;
+        BigInteger u2;
+
+        if (doV)
+        {
+            u0 = ECConstants.TWO;
+            u1 = BigInteger.valueOf(mu);
+        }
+        else
+        {
+            u0 = ECConstants.ZERO;
+            u1 = ECConstants.ONE;
+        }
+
+        for (int i = 1; i < k; i++)
+        {
+            // u2 = mu*u1 - 2*u0;
+            BigInteger s = null;
+            if (mu == 1)
+            {
+                s = u1;
+            }
+            else
+            {
+                // mu == -1
+                s = u1.negate();
+            }
+            
+            u2 = s.subtract(u0.shiftLeft(1));
+            u0 = u1;
+            u1 = u2;
+//            System.out.println(i + ": " + u2);
+//            System.out.println();
+        }
+
+        BigInteger[] retVal = {u0, u1};
+        return retVal;
+    }
+
+    /**
+     * Computes the auxiliary value <code>t<sub>w</sub></code>. If the width is
+     * 4, then for <code>mu = 1</code>, <code>t<sub>w</sub> = 6</code> and for
+     * <code>mu = -1</code>, <code>t<sub>w</sub> = 10</code> 
+     * @param mu The parameter <code>&mu;</code> of the elliptic curve.
+     * @param w The window width of the WTNAF.
+     * @return the auxiliary value <code>t<sub>w</sub></code>
+     */
+    public static BigInteger getTw(byte mu, int w)
+    {
+        if (w == 4)
+        {
+            if (mu == 1)
+            {
+                return BigInteger.valueOf(6);
+            }
+            else
+            {
+                // mu == -1
+                return BigInteger.valueOf(10);
+            }
+        }
+        else
+        {
+            // For w <> 4, the values must be computed
+            BigInteger[] us = getLucas(mu, w, false);
+            BigInteger twoToW = ECConstants.ZERO.setBit(w);
+            BigInteger u1invert = us[1].modInverse(twoToW);
+            BigInteger tw;
+            tw = ECConstants.TWO.multiply(us[0]).multiply(u1invert).mod(twoToW);
+//            System.out.println("mu = " + mu);
+//            System.out.println("tw = " + tw);
+            return tw;
+        }
+    }
+
+    /**
+     * Computes the auxiliary values <code>s<sub>0</sub></code> and
+     * <code>s<sub>1</sub></code> used for partial modular reduction. 
+     * @param curve The elliptic curve for which to compute
+     * <code>s<sub>0</sub></code> and <code>s<sub>1</sub></code>.
+     * @throws IllegalArgumentException if <code>curve</code> is not a
+     * Koblitz curve (Anomalous Binary Curve, ABC).
+     */
+    public static BigInteger[] getSi(ECCurve.F2m curve)
+    {
+        if (!curve.isKoblitz())
+        {
+            throw new IllegalArgumentException("si is defined for Koblitz curves only");
+        }
+
+        int m = curve.getM();
+        int a = curve.getA().toBigInteger().intValue();
+        byte mu = curve.getMu();
+        int h = curve.getH().intValue();
+        int index = m + 3 - a;
+        BigInteger[] ui = getLucas(mu, index, false);
+
+        BigInteger dividend0;
+        BigInteger dividend1;
+        if (mu == 1)
+        {
+            dividend0 = ECConstants.ONE.subtract(ui[1]);
+            dividend1 = ECConstants.ONE.subtract(ui[0]);
+        }
+        else if (mu == -1)
+        {
+            dividend0 = ECConstants.ONE.add(ui[1]);
+            dividend1 = ECConstants.ONE.add(ui[0]);
+        }
+        else
+        {
+            throw new IllegalArgumentException("mu must be 1 or -1");
+        }
+
+        BigInteger[] si = new BigInteger[2];
+
+        if (h == 2)
+        {
+            si[0] = dividend0.shiftRight(1);
+            si[1] = dividend1.shiftRight(1).negate();
+        }
+        else if (h == 4)
+        {
+            si[0] = dividend0.shiftRight(2);
+            si[1] = dividend1.shiftRight(2).negate();
+        }
+        else
+        {
+            throw new IllegalArgumentException("h (Cofactor) must be 2 or 4");
+        }
+
+        return si;
+    }
+
+    /**
+     * Partial modular reduction modulo
+     * <code>(&tau;<sup>m</sup> - 1)/(&tau; - 1)</code>.
+     * @param k The integer to be reduced.
+     * @param m The bitlength of the underlying finite field.
+     * @param a The parameter <code>a</code> of the elliptic curve.
+     * @param s The auxiliary values <code>s<sub>0</sub></code> and
+     * <code>s<sub>1</sub></code>.
+     * @param mu The parameter &mu; of the elliptic curve.
+     * @param c The precision (number of bits of accuracy) of the partial
+     * modular reduction.
+     * @return <code>&rho; := k partmod (&tau;<sup>m</sup> - 1)/(&tau; - 1)</code>
+     */
+    public static ZTauElement partModReduction(BigInteger k, int m, byte a,
+            BigInteger[] s, byte mu, byte c)
+    {
+        // d0 = s[0] + mu*s[1]; mu is either 1 or -1
+        BigInteger d0;
+        if (mu == 1)
+        {
+            d0 = s[0].add(s[1]);
+        }
+        else
+        {
+            d0 = s[0].subtract(s[1]);
+        }
+
+        BigInteger[] v = getLucas(mu, m, true);
+        BigInteger vm = v[1];
+
+        SimpleBigDecimal lambda0 = approximateDivisionByN(
+                k, s[0], vm, a, m, c);
+        
+        SimpleBigDecimal lambda1 = approximateDivisionByN(
+                k, s[1], vm, a, m, c);
+
+        ZTauElement q = round(lambda0, lambda1, mu);
+
+        // r0 = n - d0*q0 - 2*s1*q1
+        BigInteger r0 = k.subtract(d0.multiply(q.u)).subtract(
+                BigInteger.valueOf(2).multiply(s[1]).multiply(q.v));
+
+        // r1 = s1*q0 - s0*q1
+        BigInteger r1 = s[1].multiply(q.u).subtract(s[0].multiply(q.v));
+        
+        return new ZTauElement(r0, r1);
+    }
+
+    /**
+     * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+     * by a <code>BigInteger</code> using the reduced <code>&tau;</code>-adic
+     * NAF (RTNAF) method.
+     * @param p The ECPoint.F2m to multiply.
+     * @param k The <code>BigInteger</code> by which to multiply <code>p</code>.
+     * @return <code>k * p</code>
+     */
+    public static ECPoint.F2m multiplyRTnaf(ECPoint.F2m p, BigInteger k)
+    {
+        ECCurve.F2m curve = (ECCurve.F2m) p.getCurve();
+        int m = curve.getM();
+        byte a = (byte) curve.getA().toBigInteger().intValue();
+        byte mu = curve.getMu();
+        BigInteger[] s = curve.getSi();
+        ZTauElement rho = partModReduction(k, m, a, s, mu, (byte)10);
+
+        return multiplyTnaf(p, rho);
+    }
+
+    /**
+     * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+     * by an element <code>&lambda;</code> of <code><b>Z</b>[&tau;]</code>
+     * using the <code>&tau;</code>-adic NAF (TNAF) method.
+     * @param p The ECPoint.F2m to multiply.
+     * @param lambda The element <code>&lambda;</code> of
+     * <code><b>Z</b>[&tau;]</code>.
+     * @return <code>&lambda; * p</code>
+     */
+    public static ECPoint.F2m multiplyTnaf(ECPoint.F2m p, ZTauElement lambda)
+    {
+        ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
+        byte mu = curve.getMu();
+        byte[] u = tauAdicNaf(mu, lambda);
+
+        ECPoint.F2m q = multiplyFromTnaf(p, u);
+
+        return q;
+    }
+
+    /**
+    * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+    * by an element <code>&lambda;</code> of <code><b>Z</b>[&tau;]</code>
+    * using the <code>&tau;</code>-adic NAF (TNAF) method, given the TNAF
+    * of <code>&lambda;</code>.
+    * @param p The ECPoint.F2m to multiply.
+    * @param u The the TNAF of <code>&lambda;</code>..
+    * @return <code>&lambda; * p</code>
+    */
+    public static ECPoint.F2m multiplyFromTnaf(ECPoint.F2m p, byte[] u)
+    {
+        ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
+        ECPoint.F2m q = (ECPoint.F2m) curve.getInfinity();
+        for (int i = u.length - 1; i >= 0; i--)
+        {
+            q = tau(q);
+            if (u[i] == 1)
+            {
+                q = (ECPoint.F2m)q.addSimple(p);
+            }
+            else if (u[i] == -1)
+            {
+                q = (ECPoint.F2m)q.subtractSimple(p);
+            }
+        }
+        return q;
+    }
+
+    /**
+     * Computes the <code>[&tau;]</code>-adic window NAF of an element
+     * <code>&lambda;</code> of <code><b>Z</b>[&tau;]</code>.
+     * @param mu The parameter &mu; of the elliptic curve.
+     * @param lambda The element <code>&lambda;</code> of
+     * <code><b>Z</b>[&tau;]</code> of which to compute the
+     * <code>[&tau;]</code>-adic NAF.
+     * @param width The window width of the resulting WNAF.
+     * @param pow2w 2<sup>width</sup>.
+     * @param tw The auxiliary value <code>t<sub>w</sub></code>.
+     * @param alpha The <code>&alpha;<sub>u</sub></code>'s for the window width.
+     * @return The <code>[&tau;]</code>-adic window NAF of
+     * <code>&lambda;</code>.
+     */
+    public static byte[] tauAdicWNaf(byte mu, ZTauElement lambda,
+            byte width, BigInteger pow2w, BigInteger tw, ZTauElement[] alpha)
+    {
+        if (!((mu == 1) || (mu == -1)))
+        {
+            throw new IllegalArgumentException("mu must be 1 or -1");
+        }
+
+        BigInteger norm = norm(mu, lambda);
+
+        // Ceiling of log2 of the norm 
+        int log2Norm = norm.bitLength();
+
+        // If length(TNAF) > 30, then length(TNAF) < log2Norm + 3.52
+        int maxLength = log2Norm > 30 ? log2Norm + 4 + width : 34 + width;
+
+        // The array holding the TNAF
+        byte[] u = new byte[maxLength];
+
+        // 2^(width - 1)
+        BigInteger pow2wMin1 = pow2w.shiftRight(1);
+
+        // Split lambda into two BigIntegers to simplify calculations
+        BigInteger r0 = lambda.u;
+        BigInteger r1 = lambda.v;
+        int i = 0;
+
+        // while lambda <> (0, 0)
+        while (!((r0.equals(ECConstants.ZERO))&&(r1.equals(ECConstants.ZERO))))
+        {
+            // if r0 is odd
+            if (r0.testBit(0))
+            {
+                // uUnMod = r0 + r1*tw mod 2^width
+                BigInteger uUnMod
+                    = r0.add(r1.multiply(tw)).mod(pow2w);
+                
+                byte uLocal;
+                // if uUnMod >= 2^(width - 1)
+                if (uUnMod.compareTo(pow2wMin1) >= 0)
+                {
+                    uLocal = (byte) uUnMod.subtract(pow2w).intValue();
+                }
+                else
+                {
+                    uLocal = (byte) uUnMod.intValue();
+                }
+                // uLocal is now in [-2^(width-1), 2^(width-1)-1]
+
+                u[i] = uLocal;
+                boolean s = true;
+                if (uLocal < 0)
+                {
+                    s = false;
+                    uLocal = (byte)-uLocal;
+                }
+                // uLocal is now >= 0
+
+                if (s)
+                {
+                    r0 = r0.subtract(alpha[uLocal].u);
+                    r1 = r1.subtract(alpha[uLocal].v);
+                }
+                else
+                {
+                    r0 = r0.add(alpha[uLocal].u);
+                    r1 = r1.add(alpha[uLocal].v);
+                }
+            }
+            else
+            {
+                u[i] = 0;
+            }
+
+            BigInteger t = r0;
+
+            if (mu == 1)
+            {
+                r0 = r1.add(r0.shiftRight(1));
+            }
+            else
+            {
+                // mu == -1
+                r0 = r1.subtract(r0.shiftRight(1));
+            }
+            r1 = t.shiftRight(1).negate();
+            i++;
+        }
+        return u;
+    }
+
+    /**
+     * Does the precomputation for WTNAF multiplication.
+     * @param p The <code>ECPoint</code> for which to do the precomputation.
+     * @param a The parameter <code>a</code> of the elliptic curve.
+     * @return The precomputation array for <code>p</code>. 
+     */
+    public static ECPoint.F2m[] getPreComp(ECPoint.F2m p, byte a)
+    {
+        ECPoint.F2m[] pu;
+        pu = new ECPoint.F2m[16];
+        pu[1] = p;
+        byte[][] alphaTnaf;
+        if (a == 0)
+        {
+            alphaTnaf = Tnaf.alpha0Tnaf;
+        }
+        else
+        {
+            // a == 1
+            alphaTnaf = Tnaf.alpha1Tnaf;
+        }
+
+        int precompLen = alphaTnaf.length;
+        for (int i = 3; i < precompLen; i = i + 2)
+        {
+            pu[i] = Tnaf.multiplyFromTnaf(p, alphaTnaf[i]);
+        }
+        
+        return pu;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/WNafMultiplier.java b/src/main/java/org/bouncycastle/math/ec/WNafMultiplier.java
new file mode 100644
index 0000000..10c8ed2
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/WNafMultiplier.java
@@ -0,0 +1,240 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class implementing the WNAF (Window Non-Adjacent Form) multiplication
+ * algorithm.
+ */
+class WNafMultiplier implements ECMultiplier
+{
+    /**
+     * Computes the Window NAF (non-adjacent Form) of an integer.
+     * @param width The width <code>w</code> of the Window NAF. The width is
+     * defined as the minimal number <code>w</code>, such that for any
+     * <code>w</code> consecutive digits in the resulting representation, at
+     * most one is non-zero.
+     * @param k The integer of which the Window NAF is computed.
+     * @return The Window NAF of the given width, such that the following holds:
+     * <code>k = &sum;<sub>i=0</sub><sup>l-1</sup> k<sub>i</sub>2<sup>i</sup>
+     * </code>, where the <code>k<sub>i</sub></code> denote the elements of the
+     * returned <code>byte[]</code>.
+     */
+    public byte[] windowNaf(byte width, BigInteger k)
+    {
+        // The window NAF is at most 1 element longer than the binary
+        // representation of the integer k. byte can be used instead of short or
+        // int unless the window width is larger than 8. For larger width use
+        // short or int. However, a width of more than 8 is not efficient for
+        // m = log2(q) smaller than 2305 Bits. Note: Values for m larger than
+        // 1000 Bits are currently not used in practice.
+        byte[] wnaf = new byte[k.bitLength() + 1];
+
+        // 2^width as short and BigInteger
+        short pow2wB = (short)(1 << width);
+        BigInteger pow2wBI = BigInteger.valueOf(pow2wB);
+
+        int i = 0;
+
+        // The actual length of the WNAF
+        int length = 0;
+
+        // while k >= 1
+        while (k.signum() > 0)
+        {
+            // if k is odd
+            if (k.testBit(0))
+            {
+                // k mod 2^width
+                BigInteger remainder = k.mod(pow2wBI);
+
+                // if remainder > 2^(width - 1) - 1
+                if (remainder.testBit(width - 1))
+                {
+                    wnaf[i] = (byte)(remainder.intValue() - pow2wB);
+                }
+                else
+                {
+                    wnaf[i] = (byte)remainder.intValue();
+                }
+                // wnaf[i] is now in [-2^(width-1), 2^(width-1)-1]
+
+                k = k.subtract(BigInteger.valueOf(wnaf[i]));
+                length = i;
+            }
+            else
+            {
+                wnaf[i] = 0;
+            }
+
+            // k = k/2
+            k = k.shiftRight(1);
+            i++;
+        }
+
+        length++;
+
+        // Reduce the WNAF array to its actual length
+        byte[] wnafShort = new byte[length];
+        System.arraycopy(wnaf, 0, wnafShort, 0, length);
+        return wnafShort;
+    }
+
+    /**
+     * Multiplies <code>this</code> by an integer <code>k</code> using the
+     * Window NAF method.
+     * @param k The integer by which <code>this</code> is multiplied.
+     * @return A new <code>ECPoint</code> which equals <code>this</code>
+     * multiplied by <code>k</code>.
+     */
+    public ECPoint multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo)
+    {
+        WNafPreCompInfo wnafPreCompInfo;
+
+        if ((preCompInfo != null) && (preCompInfo instanceof WNafPreCompInfo))
+        {
+            wnafPreCompInfo = (WNafPreCompInfo)preCompInfo;
+        }
+        else
+        {
+            // Ignore empty PreCompInfo or PreCompInfo of incorrect type
+            wnafPreCompInfo = new WNafPreCompInfo();
+        }
+
+        // floor(log2(k))
+        int m = k.bitLength();
+
+        // width of the Window NAF
+        byte width;
+
+        // Required length of precomputation array
+        int reqPreCompLen;
+
+        // Determine optimal width and corresponding length of precomputation
+        // array based on literature values
+        if (m < 13)
+        {
+            width = 2;
+            reqPreCompLen = 1;
+        }
+        else
+        {
+            if (m < 41)
+            {
+                width = 3;
+                reqPreCompLen = 2;
+            }
+            else
+            {
+                if (m < 121)
+                {
+                    width = 4;
+                    reqPreCompLen = 4;
+                }
+                else
+                {
+                    if (m < 337)
+                    {
+                        width = 5;
+                        reqPreCompLen = 8;
+                    }
+                    else
+                    {
+                        if (m < 897)
+                        {
+                            width = 6;
+                            reqPreCompLen = 16;
+                        }
+                        else
+                        {
+                            if (m < 2305)
+                            {
+                                width = 7;
+                                reqPreCompLen = 32;
+                            }
+                            else
+                            {
+                                width = 8;
+                                reqPreCompLen = 127;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        // The length of the precomputation array
+        int preCompLen = 1;
+
+        ECPoint[] preComp = wnafPreCompInfo.getPreComp();
+        ECPoint twiceP = wnafPreCompInfo.getTwiceP();
+
+        // Check if the precomputed ECPoints already exist
+        if (preComp == null)
+        {
+            // Precomputation must be performed from scratch, create an empty
+            // precomputation array of desired length
+            preComp = new ECPoint[]{ p };
+        }
+        else
+        {
+            // Take the already precomputed ECPoints to start with
+            preCompLen = preComp.length;
+        }
+
+        if (twiceP == null)
+        {
+            // Compute twice(p)
+            twiceP = p.twice();
+        }
+
+        if (preCompLen < reqPreCompLen)
+        {
+            // Precomputation array must be made bigger, copy existing preComp
+            // array into the larger new preComp array
+            ECPoint[] oldPreComp = preComp;
+            preComp = new ECPoint[reqPreCompLen];
+            System.arraycopy(oldPreComp, 0, preComp, 0, preCompLen);
+
+            for (int i = preCompLen; i < reqPreCompLen; i++)
+            {
+                // Compute the new ECPoints for the precomputation array.
+                // The values 1, 3, 5, ..., 2^(width-1)-1 times p are
+                // computed
+                preComp[i] = twiceP.add(preComp[i - 1]);
+            }            
+        }
+
+        // Compute the Window NAF of the desired width
+        byte[] wnaf = windowNaf(width, k);
+        int l = wnaf.length;
+
+        // Apply the Window NAF to p using the precomputed ECPoint values.
+        ECPoint q = p.getCurve().getInfinity();
+        for (int i = l - 1; i >= 0; i--)
+        {
+            q = q.twice();
+
+            if (wnaf[i] != 0)
+            {
+                if (wnaf[i] > 0)
+                {
+                    q = q.add(preComp[(wnaf[i] - 1)/2]);
+                }
+                else
+                {
+                    // wnaf[i] < 0
+                    q = q.subtract(preComp[(-wnaf[i] - 1)/2]);
+                }
+            }
+        }
+
+        // Set PreCompInfo in ECPoint, such that it is available for next
+        // multiplication.
+        wnafPreCompInfo.setPreComp(preComp);
+        wnafPreCompInfo.setTwiceP(twiceP);
+        p.setPreCompInfo(wnafPreCompInfo);
+        return q;
+    }
+
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java b/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java
new file mode 100644
index 0000000..fc0d5fe
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/WNafPreCompInfo.java
@@ -0,0 +1,44 @@
+package org.bouncycastle.math.ec;
+
+/**
+ * Class holding precomputation data for the WNAF (Window Non-Adjacent Form)
+ * algorithm.
+ */
+class WNafPreCompInfo implements PreCompInfo
+{
+    /**
+     * Array holding the precomputed <code>ECPoint</code>s used for the Window
+     * NAF multiplication in <code>
+     * {@link org.bouncycastle.math.ec.multiplier.WNafMultiplier.multiply()
+     * WNafMultiplier.multiply()}</code>.
+     */
+    private ECPoint[] preComp = null;
+
+    /**
+     * Holds an <code>ECPoint</code> representing twice(this). Used for the
+     * Window NAF multiplication in <code>
+     * {@link org.bouncycastle.math.ec.multiplier.WNafMultiplier.multiply()
+     * WNafMultiplier.multiply()}</code>.
+     */
+    private ECPoint twiceP = null;
+
+    protected ECPoint[] getPreComp()
+    {
+        return preComp;
+    }
+
+    protected void setPreComp(ECPoint[] preComp)
+    {
+        this.preComp = preComp;
+    }
+
+    protected ECPoint getTwiceP()
+    {
+        return twiceP;
+    }
+
+    protected void setTwiceP(ECPoint twiceThis)
+    {
+        this.twiceP = twiceThis;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java b/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java
new file mode 100644
index 0000000..2353979
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/WTauNafMultiplier.java
@@ -0,0 +1,119 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class implementing the WTNAF (Window
+ * <code>&tau;</code>-adic Non-Adjacent Form) algorithm.
+ */
+class WTauNafMultiplier implements ECMultiplier
+{
+    /**
+     * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+     * by <code>k</code> using the reduced <code>&tau;</code>-adic NAF (RTNAF)
+     * method.
+     * @param p The ECPoint.F2m to multiply.
+     * @param k The integer by which to multiply <code>k</code>.
+     * @return <code>p</code> multiplied by <code>k</code>.
+     */
+    public ECPoint multiply(ECPoint point, BigInteger k, PreCompInfo preCompInfo)
+    {
+        if (!(point instanceof ECPoint.F2m))
+        {
+            throw new IllegalArgumentException("Only ECPoint.F2m can be " +
+                    "used in WTauNafMultiplier");
+        }
+
+        ECPoint.F2m p = (ECPoint.F2m)point;
+
+        ECCurve.F2m curve = (ECCurve.F2m) p.getCurve();
+        int m = curve.getM();
+        byte a = curve.getA().toBigInteger().byteValue();
+        byte mu = curve.getMu();
+        BigInteger[] s = curve.getSi();
+
+        ZTauElement rho = Tnaf.partModReduction(k, m, a, s, mu, (byte)10);
+
+        return multiplyWTnaf(p, rho, preCompInfo, a, mu);
+    }
+
+    /**
+     * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+     * by an element <code>&lambda;</code> of <code><b>Z</b>[&tau;]</code> using
+     * the <code>&tau;</code>-adic NAF (TNAF) method.
+     * @param p The ECPoint.F2m to multiply.
+     * @param lambda The element <code>&lambda;</code> of
+     * <code><b>Z</b>[&tau;]</code> of which to compute the
+     * <code>[&tau;]</code>-adic NAF.
+     * @return <code>p</code> multiplied by <code>&lambda;</code>.
+     */
+    private ECPoint.F2m multiplyWTnaf(ECPoint.F2m p, ZTauElement lambda,
+            PreCompInfo preCompInfo, byte a, byte mu)
+    {
+        ZTauElement[] alpha;
+        if (a == 0)
+        {
+            alpha = Tnaf.alpha0;
+        }
+        else
+        {
+            // a == 1
+            alpha = Tnaf.alpha1;
+        }
+
+        BigInteger tw = Tnaf.getTw(mu, Tnaf.WIDTH);
+
+        byte[]u = Tnaf.tauAdicWNaf(mu, lambda, Tnaf.WIDTH,
+                BigInteger.valueOf(Tnaf.POW_2_WIDTH), tw, alpha);
+
+        return multiplyFromWTnaf(p, u, preCompInfo);
+    }
+
+    /**
+     * Multiplies a {@link org.bouncycastle.math.ec.ECPoint.F2m ECPoint.F2m}
+     * by an element <code>&lambda;</code> of <code><b>Z</b>[&tau;]</code>
+     * using the window <code>&tau;</code>-adic NAF (TNAF) method, given the
+     * WTNAF of <code>&lambda;</code>.
+     * @param p The ECPoint.F2m to multiply.
+     * @param u The the WTNAF of <code>&lambda;</code>..
+     * @return <code>&lambda; * p</code>
+     */
+    private static ECPoint.F2m multiplyFromWTnaf(ECPoint.F2m p, byte[] u,
+            PreCompInfo preCompInfo)
+    {
+        ECCurve.F2m curve = (ECCurve.F2m)p.getCurve();
+        byte a = curve.getA().toBigInteger().byteValue();
+
+        ECPoint.F2m[] pu;
+        if ((preCompInfo == null) || !(preCompInfo instanceof WTauNafPreCompInfo))
+        {
+            pu = Tnaf.getPreComp(p, a);
+            p.setPreCompInfo(new WTauNafPreCompInfo(pu));
+        }
+        else
+        {
+            pu = ((WTauNafPreCompInfo)preCompInfo).getPreComp();
+        }
+
+        // q = infinity
+        ECPoint.F2m q = (ECPoint.F2m) p.getCurve().getInfinity();
+        for (int i = u.length - 1; i >= 0; i--)
+        {
+            q = Tnaf.tau(q);
+            if (u[i] != 0)
+            {
+                if (u[i] > 0)
+                {
+                    q = q.addSimple(pu[u[i]]);
+                }
+                else
+                {
+                    // u[i] < 0
+                    q = q.subtractSimple(pu[-u[i]]);
+                }
+            }
+        }
+
+        return q;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java b/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java
new file mode 100644
index 0000000..d7c583f
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/WTauNafPreCompInfo.java
@@ -0,0 +1,39 @@
+package org.bouncycastle.math.ec;
+
+/**
+ * Class holding precomputation data for the WTNAF (Window
+ * <code>&tau;</code>-adic Non-Adjacent Form) algorithm.
+ */
+class WTauNafPreCompInfo implements PreCompInfo
+{
+    /**
+     * Array holding the precomputed <code>ECPoint.F2m</code>s used for the
+     * WTNAF multiplication in <code>
+     * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
+     * WTauNafMultiplier.multiply()}</code>.
+     */
+    private ECPoint.F2m[] preComp = null;
+
+    /**
+     * Constructor for <code>WTauNafPreCompInfo</code>
+     * @param preComp Array holding the precomputed <code>ECPoint.F2m</code>s
+     * used for the WTNAF multiplication in <code>
+     * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
+     * WTauNafMultiplier.multiply()}</code>.
+     */
+    WTauNafPreCompInfo(ECPoint.F2m[] preComp)
+    {
+        this.preComp = preComp;
+    }
+
+    /**
+     * @return the array holding the precomputed <code>ECPoint.F2m</code>s
+     * used for the WTNAF multiplication in <code>
+     * {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply()
+     * WTauNafMultiplier.multiply()}</code>.
+     */
+    protected ECPoint.F2m[] getPreComp()
+    {
+        return preComp;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/math/ec/ZTauElement.java b/src/main/java/org/bouncycastle/math/ec/ZTauElement.java
new file mode 100644
index 0000000..7402f22
--- /dev/null
+++ b/src/main/java/org/bouncycastle/math/ec/ZTauElement.java
@@ -0,0 +1,37 @@
+package org.bouncycastle.math.ec;
+
+import java.math.BigInteger;
+
+/**
+ * Class representing an element of <code><b>Z</b>[&tau;]</code>. Let
+ * <code>&lambda;</code> be an element of <code><b>Z</b>[&tau;]</code>. Then
+ * <code>&lambda;</code> is given as <code>&lambda; = u + v&tau;</code>. The
+ * components <code>u</code> and <code>v</code> may be used directly, there
+ * are no accessor methods.
+ * Immutable class.
+ */
+class ZTauElement
+{
+    /**
+     * The &quot;real&quot; part of <code>&lambda;</code>.
+     */
+    public final BigInteger u;
+
+    /**
+     * The &quot;<code>&tau;</code>-adic&quot; part of <code>&lambda;</code>.
+     */
+    public final BigInteger v;
+
+    /**
+     * Constructor for an element <code>&lambda;</code> of
+     * <code><b>Z</b>[&tau;]</code>.
+     * @param u The &quot;real&quot; part of <code>&lambda;</code>.
+     * @param v The &quot;<code>&tau;</code>-adic&quot; part of
+     * <code>&lambda;</code>.
+     */
+    public ZTauElement(BigInteger u, BigInteger v)
+    {
+        this.u = u;
+        this.v = v;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java b/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java
new file mode 100644
index 0000000..5793007
--- /dev/null
+++ b/src/main/java/org/bouncycastle/openssl/MiscPEMGenerator.java
@@ -0,0 +1,335 @@
+package org.bouncycastle.openssl;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.CRLException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.DSAParams;
+import java.security.interfaces.DSAPrivateKey;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
+import org.bouncycastle.asn1.x509.DSAParameter;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
+import org.bouncycastle.util.Strings;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.io.pem.PemGenerationException;
+import org.bouncycastle.util.io.pem.PemHeader;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemObjectGenerator;
+import org.bouncycastle.x509.X509AttributeCertificate;
+import org.bouncycastle.x509.X509V2AttributeCertificate;
+
+/**
+ * PEM generator for the original set of PEM objects used in Open SSL.
+ */
+public class MiscPEMGenerator
+    implements PemObjectGenerator
+{
+    private Object obj;
+    private String algorithm;
+    private char[] password;
+    private SecureRandom random;
+    private Provider provider;
+
+    public MiscPEMGenerator(Object o)
+    {
+        this.obj = o;
+    }
+
+    public MiscPEMGenerator(
+        Object       obj,
+        String       algorithm,
+        char[]       password,
+        SecureRandom random,
+        Provider     provider)
+    {
+        this.obj = obj;
+        this.algorithm = algorithm;
+        this.password = password;
+        this.random = random;
+        this.provider = provider;
+    }
+
+    public MiscPEMGenerator(
+        Object       obj,
+        String       algorithm,
+        char[]       password,
+        SecureRandom random,
+        String       provider)
+        throws NoSuchProviderException
+    {
+        this.obj = obj;
+        this.algorithm = algorithm;
+        this.password = password;
+        this.random = random;
+
+        if (provider != null)
+        {
+            this.provider = Security.getProvider(provider);
+            if (this.provider == null)
+            {
+                throw new NoSuchProviderException("cannot find provider: " + provider);
+            }
+        }
+    }
+
+    private PemObject createPemObject(Object o)
+        throws IOException
+    {
+        String  type;
+        byte[]  encoding;
+
+        if (o instanceof PemObject)
+        {
+            return (PemObject)o;
+        }
+        if (o instanceof PemObjectGenerator)
+        {
+            return ((PemObjectGenerator)o).generate();
+        }
+        if (o instanceof X509Certificate)
+        {
+            type = "CERTIFICATE";
+            try
+            {
+                encoding = ((X509Certificate)o).getEncoded();
+            }
+            catch (CertificateEncodingException e)
+            {
+                throw new PemGenerationException("Cannot encode object: " + e.toString());
+            }
+        }
+        else if (o instanceof X509CRL)
+        {
+            type = "X509 CRL";
+            try
+            {
+                encoding = ((X509CRL)o).getEncoded();
+            }
+            catch (CRLException e)
+            {
+                throw new PemGenerationException("Cannot encode object: " + e.toString());
+            }
+        }
+        else if (o instanceof KeyPair)
+        {
+            return createPemObject(((KeyPair)o).getPrivate());
+        }
+        else if (o instanceof PrivateKey)
+        {
+            PrivateKeyInfo info = new PrivateKeyInfo(
+                (ASN1Sequence) ASN1Object.fromByteArray(((Key)o).getEncoded()));
+
+            if (o instanceof RSAPrivateKey)
+            {
+                type = "RSA PRIVATE KEY";
+
+                encoding = info.getPrivateKey().getEncoded();
+            }
+            else if (o instanceof DSAPrivateKey)
+            {
+                type = "DSA PRIVATE KEY";
+
+                DSAParameter p = DSAParameter.getInstance(info.getAlgorithmId().getParameters());
+                ASN1EncodableVector v = new ASN1EncodableVector();
+
+                v.add(new DERInteger(0));
+                v.add(new DERInteger(p.getP()));
+                v.add(new DERInteger(p.getQ()));
+                v.add(new DERInteger(p.getG()));
+
+                BigInteger x = ((DSAPrivateKey)o).getX();
+                BigInteger y = p.getG().modPow(x, p.getP());
+
+                v.add(new DERInteger(y));
+                v.add(new DERInteger(x));
+
+                encoding = new DERSequence(v).getEncoded();
+            }
+            else if (((PrivateKey)o).getAlgorithm().equals("ECDSA"))
+            {
+                type = "EC PRIVATE KEY";
+
+                encoding = info.getPrivateKey().getEncoded();
+            }
+            else
+            {
+                throw new IOException("Cannot identify private key");
+            }
+        }
+        else if (o instanceof PublicKey)
+        {
+            type = "PUBLIC KEY";
+
+            encoding = ((PublicKey)o).getEncoded();
+        }
+        else if (o instanceof X509AttributeCertificate)
+        {
+            type = "ATTRIBUTE CERTIFICATE";
+            encoding = ((X509V2AttributeCertificate)o).getEncoded();
+        }
+        else if (o instanceof PKCS10CertificationRequest)
+        {
+            type = "CERTIFICATE REQUEST";
+            encoding = ((PKCS10CertificationRequest)o).getEncoded();
+        }
+        else if (o instanceof ContentInfo)
+        {
+            type = "PKCS7";
+            encoding = ((ContentInfo)o).getEncoded();
+        }
+        else
+        {
+            throw new PemGenerationException("unknown object passed - can't encode.");
+        }
+
+        return new PemObject(type, encoding);
+    }
+
+    private String getHexEncoded(byte[] bytes)
+        throws IOException
+    {
+        bytes = Hex.encode(bytes);
+
+        char[] chars = new char[bytes.length];
+
+        for (int i = 0; i != bytes.length; i++)
+        {
+            chars[i] = (char)bytes[i];
+        }
+
+        return new String(chars);
+    }
+
+    private PemObject createPemObject(
+        Object       obj,
+        String       algorithm,
+        char[]       password,
+        SecureRandom random)
+        throws IOException
+    {
+        if (obj instanceof KeyPair)
+        {
+            return createPemObject(((KeyPair)obj).getPrivate(), algorithm, password, random);
+        }
+
+        String type = null;
+        byte[] keyData = null;
+
+        if (obj instanceof RSAPrivateCrtKey)
+        {
+            type = "RSA PRIVATE KEY";
+
+            RSAPrivateCrtKey k = (RSAPrivateCrtKey)obj;
+
+            RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure(
+                k.getModulus(),
+                k.getPublicExponent(),
+                k.getPrivateExponent(),
+                k.getPrimeP(),
+                k.getPrimeQ(),
+                k.getPrimeExponentP(),
+                k.getPrimeExponentQ(),
+                k.getCrtCoefficient());
+
+            // convert to bytearray
+            keyData = keyStruct.getEncoded();
+        }
+        else if (obj instanceof DSAPrivateKey)
+        {
+            type = "DSA PRIVATE KEY";
+
+            DSAPrivateKey       k = (DSAPrivateKey)obj;
+            DSAParams p = k.getParams();
+            ASN1EncodableVector v = new ASN1EncodableVector();
+
+            v.add(new DERInteger(0));
+            v.add(new DERInteger(p.getP()));
+            v.add(new DERInteger(p.getQ()));
+            v.add(new DERInteger(p.getG()));
+
+            BigInteger x = k.getX();
+            BigInteger y = p.getG().modPow(x, p.getP());
+
+            v.add(new DERInteger(y));
+            v.add(new DERInteger(x));
+
+            keyData = new DERSequence(v).getEncoded();
+        }
+        else if (obj instanceof PrivateKey && "ECDSA".equals(((PrivateKey)obj).getAlgorithm()))
+        {
+            type = "EC PRIVATE KEY";
+
+            PrivateKeyInfo      privInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(((PrivateKey)obj).getEncoded()));
+
+            keyData = privInfo.getPrivateKey().getEncoded();
+        }
+
+        if (type == null || keyData == null)
+        {
+            // TODO Support other types?
+            throw new IllegalArgumentException("Object type not supported: " + obj.getClass().getName());
+        }
+
+        String dekAlgName = Strings.toUpperCase(algorithm);
+
+        // Note: For backward compatibility
+        if (dekAlgName.equals("DESEDE"))
+        {
+            dekAlgName = "DES-EDE3-CBC";
+        }
+
+        int ivLength = dekAlgName.startsWith("AES-") ? 16 : 8;
+
+        byte[] iv = new byte[ivLength];
+        random.nextBytes(iv);
+
+        byte[] encData = PEMUtilities.crypt(true, provider, keyData, password, dekAlgName, iv);
+
+        List headers = new ArrayList(2);
+
+        headers.add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
+        headers.add(new PemHeader("DEK-Info", dekAlgName + "," + getHexEncoded(iv)));
+
+        return new PemObject(type, headers, encData);
+    }
+
+    public PemObject generate()
+        throws PemGenerationException
+    {
+        try
+        {
+            if (algorithm != null)
+            {
+                return createPemObject(obj, algorithm, password, random);
+            }
+
+            return createPemObject(obj);
+        }
+        catch (IOException e)
+        {
+            throw new PemGenerationException("encoding exception: " + e.getMessage(), e);
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/openssl/PEMException.java b/src/main/java/org/bouncycastle/openssl/PEMException.java
new file mode 100644
index 0000000..3753aec
--- /dev/null
+++ b/src/main/java/org/bouncycastle/openssl/PEMException.java
@@ -0,0 +1,34 @@
+package org.bouncycastle.openssl;
+
+import java.io.IOException;
+
+public class PEMException
+    extends IOException
+{
+    Exception    underlying;
+
+    public PEMException(
+        String    message)
+    {
+        super(message);
+    }
+
+    public PEMException(
+        String        message,
+        Exception    underlying)
+    {
+        super(message);
+        this.underlying = underlying;
+    }
+
+    public Exception getUnderlyingException()
+    {
+        return underlying;
+    }
+
+
+    public Throwable getCause()
+    {
+        return underlying;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/openssl/PEMReader.java b/src/main/java/org/bouncycastle/openssl/PEMReader.java
new file mode 100644
index 0000000..92bf8f9
--- /dev/null
+++ b/src/main/java/org/bouncycastle/openssl/PEMReader.java
@@ -0,0 +1,804 @@
+package org.bouncycastle.openssl;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.Reader;
+import java.security.AlgorithmParameters;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.cert.CertificateFactory;
+import java.security.spec.DSAPrivateKeySpec;
+import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
+import org.bouncycastle.asn1.pkcs.EncryptionScheme;
+import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
+import org.bouncycastle.asn1.pkcs.PBEParameter;
+import org.bouncycastle.asn1.pkcs.PBES2Parameters;
+import org.bouncycastle.asn1.pkcs.PBKDF2Params;
+import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.io.pem.PemHeader;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemObjectParser;
+import org.bouncycastle.util.io.pem.PemReader;
+import org.bouncycastle.x509.X509V2AttributeCertificate;
+
+/**
+ * Class for reading OpenSSL PEM encoded streams containing
+ * X509 certificates, PKCS8 encoded keys and PKCS7 objects.
+ * <p>
+ * In the case of PKCS7 objects the reader will return a CMS ContentInfo object. Keys and
+ * Certificates will be returned using the appropriate java.security type (KeyPair, PublicKey, X509Certificate,
+ * or X509CRL). In the case of a Certificate Request a PKCS10CertificationRequest will be returned.
+ * </p>
+ */
+public class PEMReader
+    extends PemReader
+{
+    private final Map parsers = new HashMap();
+
+    private PasswordFinder pFinder;
+
+
+    /**
+     * Create a new PEMReader
+     *
+     * @param reader the Reader
+     */
+    public PEMReader(
+        Reader reader)
+    {
+        this(reader, null, "BC");
+    }
+
+    /**
+     * Create a new PEMReader with a password finder
+     *
+     * @param reader  the Reader
+     * @param pFinder the password finder
+     */
+    public PEMReader(
+        Reader reader,
+        PasswordFinder pFinder)
+    {
+        this(reader, pFinder, "BC");
+    }
+
+    /**
+     * Create a new PEMReader with a password finder
+     *
+     * @param reader   the Reader
+     * @param pFinder  the password finder
+     * @param provider the cryptography provider to use
+     */
+    public PEMReader(
+        Reader reader,
+        PasswordFinder pFinder,
+        String provider)
+    {
+        this(reader, pFinder, provider, provider);
+    }
+
+    /**
+     * Create a new PEMReader with a password finder and differing providers for secret and public key
+     * operations.
+     *
+     * @param reader   the Reader
+     * @param pFinder  the password finder
+     * @param symProvider  provider to use for symmetric operations
+     * @param asymProvider provider to use for asymmetric (public/private key) operations
+     */
+    public PEMReader(
+        Reader reader,
+        PasswordFinder pFinder,
+        String symProvider,
+        String asymProvider)
+    {
+        super(reader);
+
+        this.pFinder = pFinder;
+
+        parsers.put("CERTIFICATE REQUEST", new PKCS10CertificationRequestParser());
+        parsers.put("NEW CERTIFICATE REQUEST", new PKCS10CertificationRequestParser());
+        parsers.put("CERTIFICATE", new X509CertificateParser(asymProvider));
+        parsers.put("X509 CERTIFICATE", new X509CertificateParser(asymProvider));
+        parsers.put("X509 CRL", new X509CRLParser(asymProvider));
+        parsers.put("PKCS7", new PKCS7Parser());
+        parsers.put("ATTRIBUTE CERTIFICATE", new X509AttributeCertificateParser());
+        parsers.put("EC PARAMETERS", new ECNamedCurveSpecParser());
+        parsers.put("PUBLIC KEY", new PublicKeyParser(asymProvider));
+        parsers.put("RSA PUBLIC KEY", new RSAPublicKeyParser(asymProvider));
+        parsers.put("RSA PRIVATE KEY", new RSAKeyPairParser(asymProvider));
+        parsers.put("DSA PRIVATE KEY", new DSAKeyPairParser(asymProvider));
+        parsers.put("EC PRIVATE KEY", new ECDSAKeyPairParser(asymProvider));
+        parsers.put("ENCRYPTED PRIVATE KEY", new EncryptedPrivateKeyParser(symProvider, asymProvider));
+        parsers.put("PRIVATE KEY", new PrivateKeyParser(asymProvider));
+    }
+
+    public Object readObject()
+        throws IOException
+    {
+        PemObject obj = readPemObject();
+
+        if (obj != null)
+        {
+            String type = obj.getType();
+            if (parsers.containsKey(type))
+            {
+                return ((PemObjectParser)parsers.get(type)).parseObject(obj);
+            }
+            else
+            {
+                throw new IOException("unrecognised object: " + type);
+            }
+        }
+
+        return null;
+    }
+
+    private abstract class KeyPairParser
+        implements PemObjectParser
+    {
+        protected String provider;
+
+        public KeyPairParser(String provider)
+        {
+            this.provider = provider;
+        }
+
+        /**
+         * Read a Key Pair
+         */
+        protected ASN1Sequence readKeyPair(
+            PemObject obj)
+            throws IOException
+        {
+            boolean isEncrypted = false;
+            String dekInfo = null;
+            List headers = obj.getHeaders();
+
+            for (Iterator it = headers.iterator(); it.hasNext();)
+            {
+                PemHeader hdr = (PemHeader)it.next();
+
+                if (hdr.getName().equals("Proc-Type") && hdr.getValue().equals("4,ENCRYPTED"))
+                {
+                    isEncrypted = true;
+                }
+                else if (hdr.getName().equals("DEK-Info"))
+                {
+                    dekInfo = hdr.getValue();
+                }
+            }
+
+            //
+            // extract the key
+            //
+            byte[] keyBytes = obj.getContent();
+
+            if (isEncrypted)
+            {
+                if (pFinder == null)
+                {
+                    throw new PasswordException("No password finder specified, but a password is required");
+                }
+
+                char[] password = pFinder.getPassword();
+
+                if (password == null)
+                {
+                    throw new PasswordException("Password is null, but a password is required");
+                }
+
+                StringTokenizer tknz = new StringTokenizer(dekInfo, ",");
+                String dekAlgName = tknz.nextToken();
+                byte[] iv = Hex.decode(tknz.nextToken());
+
+                keyBytes = PEMUtilities.crypt(false, provider, keyBytes, password, dekAlgName, iv);
+            }
+
+            try
+            {
+                return (ASN1Sequence)ASN1Object.fromByteArray(keyBytes);
+            }
+            catch (IOException e)
+            {
+                if (isEncrypted)
+                {
+                    throw new PEMException("exception decoding - please check password and data.", e);
+                }
+                else
+                {
+                    throw new PEMException(e.getMessage(), e);
+                }
+            }
+            catch (ClassCastException e)
+            {
+                if (isEncrypted)
+                {
+                    throw new PEMException("exception decoding - please check password and data.", e);
+                }
+                else
+                {
+                    throw new PEMException(e.getMessage(), e);
+                }
+            }
+        }
+    }
+
+    private class DSAKeyPairParser
+        extends KeyPairParser
+    {
+        public DSAKeyPairParser(String provider)
+        {
+            super(provider);
+        }
+
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            try
+            {
+                ASN1Sequence seq = readKeyPair(obj);
+
+                if (seq.size() != 6)
+                {
+                    throw new PEMException("malformed sequence in DSA private key");
+                }
+
+                //            DERInteger              v = (DERInteger)seq.getObjectAt(0);
+                DERInteger p = (DERInteger)seq.getObjectAt(1);
+                DERInteger q = (DERInteger)seq.getObjectAt(2);
+                DERInteger g = (DERInteger)seq.getObjectAt(3);
+                DERInteger y = (DERInteger)seq.getObjectAt(4);
+                DERInteger x = (DERInteger)seq.getObjectAt(5);
+
+                DSAPrivateKeySpec privSpec = new DSAPrivateKeySpec(
+                    x.getValue(), p.getValue(),
+                    q.getValue(), g.getValue());
+                DSAPublicKeySpec pubSpec = new DSAPublicKeySpec(
+                    y.getValue(), p.getValue(),
+                    q.getValue(), g.getValue());
+
+                KeyFactory fact = KeyFactory.getInstance("DSA", provider);
+
+                return new KeyPair(
+                    fact.generatePublic(pubSpec),
+                    fact.generatePrivate(privSpec));
+            }
+            catch (IOException e)
+            {
+                throw e;
+            }
+            catch (Exception e)
+            {
+                throw new PEMException(
+                    "problem creating DSA private key: " + e.toString(), e);
+            }
+        }
+    }
+
+    private class ECDSAKeyPairParser
+        extends KeyPairParser
+    {
+        public ECDSAKeyPairParser(String provider)
+        {
+            super(provider);
+        }
+
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            try
+            {
+                ASN1Sequence seq = readKeyPair(obj);
+
+                ECPrivateKeyStructure pKey = new ECPrivateKeyStructure(seq);
+                AlgorithmIdentifier algId = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, pKey.getParameters());
+                PrivateKeyInfo privInfo = new PrivateKeyInfo(algId, pKey.getDERObject());
+                SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(algId, pKey.getPublicKey().getBytes());
+
+                PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(privInfo.getEncoded());
+                X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded());
+
+
+                KeyFactory fact = KeyFactory.getInstance("ECDSA", provider);
+
+
+                return new KeyPair(
+                    fact.generatePublic(pubSpec),
+                    fact.generatePrivate(privSpec));
+            }
+            catch (IOException e)
+            {
+                throw e;
+            }
+            catch (Exception e)
+            {
+                throw new PEMException(
+                    "problem creating EC private key: " + e.toString(), e);
+            }
+        }
+    }
+
+    private class RSAKeyPairParser
+        extends KeyPairParser
+    {
+        public RSAKeyPairParser(String provider)
+        {
+            super(provider);
+        }
+
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            try
+            {
+                ASN1Sequence seq = readKeyPair(obj);
+
+                if (seq.size() != 9)
+                {
+                    throw new PEMException("malformed sequence in RSA private key");
+                }
+
+                //            DERInteger              v = (DERInteger)seq.getObjectAt(0);
+                DERInteger mod = (DERInteger)seq.getObjectAt(1);
+                DERInteger pubExp = (DERInteger)seq.getObjectAt(2);
+                DERInteger privExp = (DERInteger)seq.getObjectAt(3);
+                DERInteger p1 = (DERInteger)seq.getObjectAt(4);
+                DERInteger p2 = (DERInteger)seq.getObjectAt(5);
+                DERInteger exp1 = (DERInteger)seq.getObjectAt(6);
+                DERInteger exp2 = (DERInteger)seq.getObjectAt(7);
+                DERInteger crtCoef = (DERInteger)seq.getObjectAt(8);
+
+                RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(
+                    mod.getValue(), pubExp.getValue());
+                RSAPrivateCrtKeySpec privSpec = new RSAPrivateCrtKeySpec(
+                    mod.getValue(), pubExp.getValue(), privExp.getValue(),
+                    p1.getValue(), p2.getValue(),
+                    exp1.getValue(), exp2.getValue(),
+                    crtCoef.getValue());
+
+
+                KeyFactory fact = KeyFactory.getInstance("RSA", provider);
+
+
+                return new KeyPair(
+                    fact.generatePublic(pubSpec),
+                    fact.generatePrivate(privSpec));
+            }
+            catch (IOException e)
+            {
+                throw e;
+            }
+            catch (Exception e)
+            {
+                throw new PEMException(
+                    "problem creating RSA private key: " + e.toString(), e);
+            }
+        }
+    }
+
+    private class PublicKeyParser
+        implements PemObjectParser
+    {
+        private String provider;
+
+        public PublicKeyParser(String provider)
+        {
+            this.provider = provider;
+        }
+
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            KeySpec keySpec = new X509EncodedKeySpec(obj.getContent());
+            String[] algorithms = {"DSA", "RSA"};
+            for (int i = 0; i < algorithms.length; i++)
+            {
+                try
+                {
+                    KeyFactory keyFact = KeyFactory.getInstance(algorithms[i], provider);
+                    PublicKey pubKey = keyFact.generatePublic(keySpec);
+
+                    return pubKey;
+                }
+                catch (NoSuchAlgorithmException e)
+                {
+                    // ignore
+                }
+                catch (InvalidKeySpecException e)
+                {
+                    // ignore
+                }
+                catch (NoSuchProviderException e)
+                {
+                    throw new RuntimeException("can't find provider " + provider);
+                }
+            }
+
+            return null;
+        }
+    }
+
+    private class RSAPublicKeyParser
+        implements PemObjectParser
+    {
+        private String provider;
+
+        public RSAPublicKeyParser(String provider)
+        {
+            this.provider = provider;
+        }
+
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            try
+            {
+                ASN1InputStream ais = new ASN1InputStream(obj.getContent());
+                Object asnObject = ais.readObject();
+                ASN1Sequence sequence = (ASN1Sequence)asnObject;
+                RSAPublicKeyStructure rsaPubStructure = new RSAPublicKeyStructure(sequence);
+                RSAPublicKeySpec keySpec = new RSAPublicKeySpec(
+                    rsaPubStructure.getModulus(),
+                    rsaPubStructure.getPublicExponent());
+
+
+                    KeyFactory keyFact = KeyFactory.getInstance("RSA", provider);
+
+                    return keyFact.generatePublic(keySpec);
+            }
+            catch (IOException e)
+            {
+                throw e;
+            }
+            catch (NoSuchProviderException e)
+            {
+                throw new IOException("can't find provider " + provider);
+            }
+            catch (Exception e)
+            {
+                throw new PEMException("problem extracting key: " + e.toString(), e);
+            }
+        }
+    }
+
+    private class X509CertificateParser
+        implements PemObjectParser
+    {
+        private String provider;
+
+        public X509CertificateParser(String provider)
+        {
+            this.provider = provider;
+        }
+
+        /**
+         * Reads in a X509Certificate.
+         *
+         * @return the X509Certificate
+         * @throws IOException if an I/O error occured
+         */
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            ByteArrayInputStream bIn = new ByteArrayInputStream(obj.getContent());
+
+            try
+            {
+                CertificateFactory certFact
+                    = CertificateFactory.getInstance("X.509", provider);
+
+                return certFact.generateCertificate(bIn);
+            }
+            catch (Exception e)
+            {
+                throw new PEMException("problem parsing cert: " + e.toString(), e);
+            }
+        }
+    }
+
+    private class X509CRLParser
+        implements PemObjectParser
+    {
+        private String provider;
+
+        public X509CRLParser(String provider)
+        {
+            this.provider = provider;
+        }
+
+        /**
+         * Reads in a X509CRL.
+         *
+         * @return the X509Certificate
+         * @throws IOException if an I/O error occured
+         */
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            ByteArrayInputStream bIn = new ByteArrayInputStream(obj.getContent());
+
+            try
+            {
+                CertificateFactory certFact
+                    = CertificateFactory.getInstance("X.509", provider);
+
+                return certFact.generateCRL(bIn);
+            }
+            catch (Exception e)
+            {
+                throw new PEMException("problem parsing cert: " + e.toString(), e);
+            }
+        }
+    }
+
+    private class PKCS10CertificationRequestParser
+        implements PemObjectParser
+    {
+        /**
+         * Reads in a PKCS10 certification request.
+         *
+         * @return the certificate request.
+         * @throws IOException if an I/O error occured
+         */
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            try
+            {
+                return new PKCS10CertificationRequest(obj.getContent());
+            }
+            catch (Exception e)
+            {
+                throw new PEMException("problem parsing certrequest: " + e.toString(), e);
+            }
+        }
+    }
+
+    private class PKCS7Parser
+        implements PemObjectParser
+    {
+        /**
+         * Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS
+         * API.
+         *
+         * @return the X509Certificate
+         * @throws IOException if an I/O error occured
+         */
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            try
+            {
+                ASN1InputStream aIn = new ASN1InputStream(obj.getContent());
+
+                return ContentInfo.getInstance(aIn.readObject());
+            }
+            catch (Exception e)
+            {
+                throw new PEMException("problem parsing PKCS7 object: " + e.toString(), e);
+            }
+        }
+    }
+
+    private class X509AttributeCertificateParser
+        implements PemObjectParser
+    {
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            return new X509V2AttributeCertificate(obj.getContent());
+        }
+    }
+
+    private class ECNamedCurveSpecParser
+        implements PemObjectParser
+    {
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            try
+            {
+                DERObjectIdentifier oid = (DERObjectIdentifier)ASN1Object.fromByteArray(obj.getContent());
+
+                Object params = ECNamedCurveTable.getParameterSpec(oid.getId());
+
+                if (params == null)
+                {
+                    throw new IOException("object ID not found in EC curve table");
+                }
+
+                return params;
+            }
+            catch (IOException e)
+            {
+                throw e;
+            }
+            catch (Exception e)
+            {
+                throw new PEMException("exception extracting EC named curve: " + e.toString());
+            }
+        }
+    }
+
+    private class EncryptedPrivateKeyParser
+        implements PemObjectParser
+    {
+        private String symProvider;
+        private String asymProvider;
+
+        public EncryptedPrivateKeyParser(String symProvider, String asymProvider)
+        {
+            this.symProvider = symProvider;
+            this.asymProvider = asymProvider;
+        }
+
+        /**
+         * Reads in a X509CRL.
+         *
+         * @return the X509Certificate
+         * @throws IOException if an I/O error occured
+         */
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            try
+            {
+                EncryptedPrivateKeyInfo info = EncryptedPrivateKeyInfo.getInstance(ASN1Object.fromByteArray(obj.getContent()));
+                AlgorithmIdentifier algId = info.getEncryptionAlgorithm();
+
+                if (pFinder == null)
+                {
+                    throw new PEMException("no PasswordFinder specified");
+                }
+
+                if (PEMUtilities.isPKCS5Scheme2(algId.getAlgorithm()))
+                {
+                    PBES2Parameters params = PBES2Parameters.getInstance(algId.getParameters());
+                    KeyDerivationFunc func = params.getKeyDerivationFunc();
+                    EncryptionScheme scheme = params.getEncryptionScheme();
+                    PBKDF2Params defParams = (PBKDF2Params)func.getParameters();
+
+                    int iterationCount = defParams.getIterationCount().intValue();
+                    byte[] salt = defParams.getSalt();
+
+                    String algorithm = scheme.getAlgorithm().getId();
+
+                    SecretKey key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(algorithm, pFinder.getPassword(), salt, iterationCount);
+
+                    Cipher cipher = Cipher.getInstance(algorithm, symProvider);
+                    AlgorithmParameters algParams = AlgorithmParameters.getInstance(algorithm, symProvider);
+
+                    algParams.init(scheme.getParameters().getDERObject().getEncoded());
+
+                    cipher.init(Cipher.DECRYPT_MODE, key, algParams);
+
+                    PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData())));
+                    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded());
+
+                    KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider);
+
+                    return keyFact.generatePrivate(keySpec);
+                }
+                else if (PEMUtilities.isPKCS12(algId.getAlgorithm()))
+                {
+                    PKCS12PBEParams params = PKCS12PBEParams.getInstance(algId.getParameters());
+                    String algorithm = algId.getAlgorithm().getId();
+                    PBEKeySpec pbeSpec = new PBEKeySpec(pFinder.getPassword());
+
+                    SecretKeyFactory secKeyFact = SecretKeyFactory.getInstance(algorithm, symProvider);
+                    PBEParameterSpec defParams = new PBEParameterSpec(params.getIV(), params.getIterations().intValue());
+
+                    Cipher cipher = Cipher.getInstance(algorithm, symProvider);
+
+                    cipher.init(Cipher.DECRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams);
+
+                    PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData())));
+                    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded());
+
+                    KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider);
+
+                    return keyFact.generatePrivate(keySpec);
+                }
+                else if (PEMUtilities.isPKCS5Scheme1(algId.getAlgorithm()))
+                {
+                    PBEParameter params = PBEParameter.getInstance(algId.getParameters());
+                    String algorithm = algId.getAlgorithm().getId();
+                    PBEKeySpec pbeSpec = new PBEKeySpec(pFinder.getPassword());
+
+                    SecretKeyFactory secKeyFact = SecretKeyFactory.getInstance(algorithm, symProvider);
+                    PBEParameterSpec defParams = new PBEParameterSpec(params.getSalt(), params.getIterationCount().intValue());
+
+                    Cipher cipher = Cipher.getInstance(algorithm, symProvider);
+
+                    cipher.init(Cipher.DECRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams);
+
+                    PrivateKeyInfo pInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(cipher.doFinal(info.getEncryptedData())));
+                    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pInfo.getEncoded());
+
+                    KeyFactory keyFact = KeyFactory.getInstance(pInfo.getAlgorithmId().getAlgorithm().getId(), asymProvider);
+
+                    return keyFact.generatePrivate(keySpec);
+                }
+                else
+                {
+                    throw new PEMException("Unknown algorithm: " + algId.getAlgorithm());
+                }
+            }
+            catch (IOException e)
+            {
+                throw e;
+            }
+            catch (Exception e)
+            {
+                throw new PEMException("problem parsing ENCRYPTED PRIVATE KEY: " + e.toString(), e);
+            }
+        }
+    }
+
+    private class PrivateKeyParser
+        implements PemObjectParser
+    {
+        private String provider;
+
+        public PrivateKeyParser(String provider)
+        {
+            this.provider = provider;
+        }
+
+        public Object parseObject(PemObject obj)
+            throws IOException
+        {
+            try
+            {
+                PrivateKeyInfo info = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(obj.getContent()));
+                PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(obj.getContent());
+
+                KeyFactory keyFact = KeyFactory.getInstance(info.getAlgorithmId().getAlgorithm().getId(), provider);
+
+                return keyFact.generatePrivate(keySpec);
+            }
+            catch (Exception e)
+            {
+                throw new PEMException("problem parsing PRIVATE KEY: " + e.toString(), e);
+            }
+        }
+    }
+}
diff --git a/src/main/java/org/bouncycastle/openssl/PEMUtilities.java b/src/main/java/org/bouncycastle/openssl/PEMUtilities.java
index eaed72e..c955e4d 100644
--- a/src/main/java/org/bouncycastle/openssl/PEMUtilities.java
+++ b/src/main/java/org/bouncycastle/openssl/PEMUtilities.java
@@ -1,22 +1,120 @@
 package org.bouncycastle.openssl;
 
-import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
+import java.io.IOException;
+import java.security.Key;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.RC2ParameterSpec;
-import java.io.IOException;
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.crypto.PBEParametersGenerator;
+import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
+import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
+import org.bouncycastle.crypto.params.KeyParameter;
 
 final class PEMUtilities
 {
+    private static final Map KEYSIZES = new HashMap();
+    private static final Set PKCS5_SCHEME_1 = new HashSet();
+    private static final Set PKCS5_SCHEME_2 = new HashSet();
+
+    static
+    {
+        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC);
+        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC);
+        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC);
+        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC);
+        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC);
+        PKCS5_SCHEME_1.add(PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC);
+
+        PKCS5_SCHEME_2.add(PKCSObjectIdentifiers.id_PBES2);
+        PKCS5_SCHEME_2.add(PKCSObjectIdentifiers.des_EDE3_CBC);
+        PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes128_CBC);
+        PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes192_CBC);
+        PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes256_CBC);
+
+        // BEGIN android-changed
+        KEYSIZES.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integer.valueOf(192));
+        KEYSIZES.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), Integer.valueOf(128));
+        KEYSIZES.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), Integer.valueOf(192));
+        KEYSIZES.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), Integer.valueOf(256));
+        // END android-changed
+    }
+
+    static int getKeySize(String algorithm)
+    {
+        if (!KEYSIZES.containsKey(algorithm))
+        {
+            throw new IllegalStateException("no key size for algorithm: " + algorithm);
+        }
+        
+        return ((Integer)KEYSIZES.get(algorithm)).intValue();
+    }
+
+    static boolean isPKCS5Scheme1(DERObjectIdentifier algOid)
+    {
+        return PKCS5_SCHEME_1.contains(algOid);
+    }
+
+    static boolean isPKCS5Scheme2(DERObjectIdentifier algOid)
+    {
+        return PKCS5_SCHEME_2.contains(algOid);
+    }
+
+    static boolean isPKCS12(DERObjectIdentifier algOid)
+    {
+        return algOid.getId().startsWith(PKCSObjectIdentifiers.pkcs_12PbeIds.getId());
+    }
+
+    static SecretKey generateSecretKeyForPKCS5Scheme2(String algorithm, char[] password, byte[] salt, int iterationCount)
+    {
+        PBEParametersGenerator generator = new PKCS5S2ParametersGenerator();
+
+        generator.init(
+            PBEParametersGenerator.PKCS5PasswordToBytes(password),
+            salt,
+            iterationCount);
+
+        return new SecretKeySpec(((KeyParameter)generator.generateDerivedParameters(PEMUtilities.getKeySize(algorithm))).getKey(), algorithm);
+    }
+
     static byte[] crypt(
         boolean encrypt,
-        String  provider,
+        String provider,
+        byte[]  bytes,
+        char[]  password,
+        String  dekAlgName,
+        byte[]  iv)
+        throws IOException
+    {
+        Provider prov = null;
+        if (provider != null)
+        {
+            prov = Security.getProvider(provider);
+            if (prov == null)
+            {
+                throw new EncryptionException("cannot find provider: " + provider);
+            }
+        }
+
+        return crypt(encrypt, prov, bytes, password, dekAlgName, iv);
+    }
+
+    static byte[] crypt(
+        boolean encrypt,
+        Provider provider,
         byte[]  bytes,
         char[]  password,
         String  dekAlgName,
@@ -29,7 +127,6 @@
         String                 padding = "PKCS5Padding";
         Key                    sKey;
 
-
         // Figure out block mode and padding.
         if (dekAlgName.endsWith("-CFB"))
         {
diff --git a/src/main/java/org/bouncycastle/openssl/PEMWriter.java b/src/main/java/org/bouncycastle/openssl/PEMWriter.java
index 5c057c6..834252f 100644
--- a/src/main/java/org/bouncycastle/openssl/PEMWriter.java
+++ b/src/main/java/org/bouncycastle/openssl/PEMWriter.java
@@ -1,44 +1,19 @@
 package org.bouncycastle.openssl;
 
-import java.io.BufferedWriter;
 import java.io.IOException;
 import java.io.Writer;
-import java.math.BigInteger;
-import java.security.Key;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.PublicKey;
+import java.security.NoSuchProviderException;
 import java.security.SecureRandom;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.RSAPrivateCrtKey;
-import java.security.interfaces.RSAPrivateKey;
 
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
-import org.bouncycastle.asn1.x509.DSAParameter;
-import org.bouncycastle.jce.PKCS10CertificationRequest;
-import org.bouncycastle.util.Strings;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509V2AttributeCertificate;
+import org.bouncycastle.util.io.pem.PemGenerationException;
+import org.bouncycastle.util.io.pem.PemObjectGenerator;
+import org.bouncycastle.util.io.pem.PemWriter;
 
 /**
  * General purpose writer for OpenSSL PEM objects.
  */
 public class PEMWriter
-    extends BufferedWriter
+    extends PemWriter
 {
     private String provider;
 
@@ -61,149 +36,30 @@
         this.provider = provider;
     }
 
-    private void writeHexEncoded(byte[] bytes)
-        throws IOException
-    {
-        bytes = Hex.encode(bytes);
-        
-        for (int i = 0; i != bytes.length; i++)
-        {
-            this.write((char)bytes[i]);
-        }
-    }
-
-    private void writeEncoded(byte[] bytes) 
-        throws IOException
-    {
-        char[]  buf = new char[64];
-        
-        bytes = Base64.encode(bytes);
-        
-        for (int i = 0; i < bytes.length; i += buf.length)
-        {
-            int index = 0;
-            
-            while (index != buf.length)
-            {
-                if ((i + index) >= bytes.length)
-                {
-                    break;
-                }
-                buf[index] = (char)bytes[i + index];
-                index++;
-            }
-            this.write(buf, 0, index);
-            this.newLine();
-        }
-    }
-    
     public void writeObject(
-        Object  o) 
+        Object  obj)
         throws IOException
     {
-        String  type;
-        byte[]  encoding;
-        
-        if (o instanceof X509Certificate)
+        try
         {
-            type = "CERTIFICATE";
-            try
-            {
-                encoding = ((X509Certificate)o).getEncoded();
-            }
-            catch (CertificateEncodingException e)
-            {
-                throw new IOException("Cannot encode object: " + e.toString());
-            }
+            super.writeObject(new MiscPEMGenerator(obj));
         }
-        else if (o instanceof X509CRL)
+        catch (PemGenerationException e)
         {
-            type = "X509 CRL";
-            try
+            if (e.getCause() instanceof IOException)
             {
-                encoding = ((X509CRL)o).getEncoded();
+                throw (IOException)e.getCause();
             }
-            catch (CRLException e)
-            {
-                throw new IOException("Cannot encode object: " + e.toString());
-            }
-        }
-        else if (o instanceof KeyPair)
-        {
-            writeObject(((KeyPair)o).getPrivate());
-            return;
-        }
-        else if (o instanceof PrivateKey)
-        {
-            PrivateKeyInfo info = new PrivateKeyInfo(
-                (ASN1Sequence) ASN1Object.fromByteArray(((Key)o).getEncoded()));
 
-            if (o instanceof RSAPrivateKey)
-            {
-                type = "RSA PRIVATE KEY";
+            throw e;
+        }
+    }
 
-                encoding = info.getPrivateKey().getEncoded();
-            }
-            else if (o instanceof DSAPrivateKey)
-            {
-                type = "DSA PRIVATE KEY";
-                
-                DSAParameter        p = DSAParameter.getInstance(info.getAlgorithmId().getParameters());
-                ASN1EncodableVector v = new ASN1EncodableVector();
-                
-                v.add(new DERInteger(0));
-                v.add(new DERInteger(p.getP()));
-                v.add(new DERInteger(p.getQ()));
-                v.add(new DERInteger(p.getG()));
-                
-                BigInteger x = ((DSAPrivateKey)o).getX();
-                BigInteger y = p.getG().modPow(x, p.getP());
-                
-                v.add(new DERInteger(y));
-                v.add(new DERInteger(x));
-
-                encoding = new DERSequence(v).getEncoded();
-            }
-            else if (((PrivateKey)o).getAlgorithm().equals("ECDSA"))
-            {
-                type = "EC PRIVATE KEY";
-
-                encoding = info.getPrivateKey().getEncoded();
-            }
-            else
-            {
-                throw new IOException("Cannot identify private key");
-            }
-        }
-        else if (o instanceof PublicKey)
-        {
-            type = "PUBLIC KEY";
-            
-            encoding = ((PublicKey)o).getEncoded();
-        }
-        else if (o instanceof X509AttributeCertificate)
-        {
-            type = "ATTRIBUTE CERTIFICATE";
-            encoding = ((X509V2AttributeCertificate)o).getEncoded();
-        }
-        else if (o instanceof PKCS10CertificationRequest)
-        {
-            type = "CERTIFICATE REQUEST";
-            encoding = ((PKCS10CertificationRequest)o).getEncoded();
-        }
-        else if (o instanceof ContentInfo)
-        {
-            type = "PKCS7";
-            encoding = ((ContentInfo)o).getEncoded();
-        }
-        else
-        {
-            throw new IOException("unknown object passed - can't encode.");
-        }
-
-        writeHeader(type);
-        writeEncoded(encoding);
-        writeFooter(type);
+    public void writeObject(
+        PemObjectGenerator obj)
+        throws IOException
+    {
+        super.writeObject(obj);
     }
 
     public void writeObject(
@@ -213,112 +69,13 @@
         SecureRandom random)
         throws IOException
     {
-        if (obj instanceof KeyPair)
+        try
         {
-            writeObject(((KeyPair)obj).getPrivate());
-            return;
+            super.writeObject(new MiscPEMGenerator(obj, algorithm, password, random, provider));
         }
-
-        String type = null;
-        byte[] keyData = null;
-
-        if (obj instanceof RSAPrivateCrtKey)
+        catch (NoSuchProviderException e)
         {
-            type = "RSA PRIVATE KEY";
-
-            RSAPrivateCrtKey k = (RSAPrivateCrtKey)obj;
-
-            RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure(
-                k.getModulus(),
-                k.getPublicExponent(),
-                k.getPrivateExponent(),
-                k.getPrimeP(),
-                k.getPrimeQ(),
-                k.getPrimeExponentP(),
-                k.getPrimeExponentQ(),
-                k.getCrtCoefficient());
-
-            // convert to bytearray
-            keyData = keyStruct.getEncoded();
+            throw new EncryptionException(e.getMessage(), e);
         }
-        else if (obj instanceof DSAPrivateKey)
-        {
-            type = "DSA PRIVATE KEY";
-
-            DSAPrivateKey       k = (DSAPrivateKey)obj;
-            DSAParams           p = k.getParams();
-            ASN1EncodableVector v = new ASN1EncodableVector();
-
-            v.add(new DERInteger(0));
-            v.add(new DERInteger(p.getP()));
-            v.add(new DERInteger(p.getQ()));
-            v.add(new DERInteger(p.getG()));
-
-            BigInteger x = k.getX();
-            BigInteger y = p.getG().modPow(x, p.getP());
-
-            v.add(new DERInteger(y));
-            v.add(new DERInteger(x));
-
-            keyData = new DERSequence(v).getEncoded();
-        }
-        else if (obj instanceof PrivateKey && "ECDSA".equals(((PrivateKey)obj).getAlgorithm()))
-        {
-            type = "EC PRIVATE KEY";
-
-            PrivateKeyInfo      privInfo = PrivateKeyInfo.getInstance(ASN1Object.fromByteArray(((PrivateKey)obj).getEncoded()));
-
-            keyData = privInfo.getPrivateKey().getEncoded();
-        }
-
-        if (type == null || keyData == null)
-        {
-            // TODO Support other types?
-            throw new IllegalArgumentException("Object type not supported: " + obj.getClass().getName());
-        }
-
-
-        String dekAlgName = Strings.toUpperCase(algorithm);
-
-        // Note: For backward compatibility
-        if (dekAlgName.equals("DESEDE"))
-        {
-            dekAlgName = "DES-EDE3-CBC";
-        }
-
-        int ivLength = dekAlgName.startsWith("AES-") ? 16 : 8;
-
-        byte[] iv = new byte[ivLength];
-        random.nextBytes(iv);
-
-        byte[] encData = PEMUtilities.crypt(true, provider, keyData, password, dekAlgName, iv);
-
-
-        // write the data
-        writeHeader(type);
-        this.write("Proc-Type: 4,ENCRYPTED");
-        this.newLine();
-        this.write("DEK-Info: " + dekAlgName + ",");
-        this.writeHexEncoded(iv);
-        this.newLine();
-        this.newLine();
-        this.writeEncoded(encData);
-        writeFooter(type);
-    }
-
-    private void writeHeader(
-        String type)
-        throws IOException
-    {
-        this.write("-----BEGIN " + type + "-----");
-        this.newLine();
-    }
-
-    private void writeFooter(
-        String type)
-        throws IOException
-    {
-        this.write("-----END " + type + "-----");
-        this.newLine();
     }
 }
diff --git a/src/main/java/org/bouncycastle/openssl/PasswordException.java b/src/main/java/org/bouncycastle/openssl/PasswordException.java
new file mode 100644
index 0000000..c2b8ccd
--- /dev/null
+++ b/src/main/java/org/bouncycastle/openssl/PasswordException.java
@@ -0,0 +1,12 @@
+package org.bouncycastle.openssl;
+
+import java.io.IOException;
+
+public class PasswordException
+    extends IOException
+{
+    public PasswordException(String msg)
+    {
+        super(msg);
+    }
+}
diff --git a/src/main/java/org/bouncycastle/openssl/PasswordFinder.java b/src/main/java/org/bouncycastle/openssl/PasswordFinder.java
new file mode 100644
index 0000000..fb89cf0
--- /dev/null
+++ b/src/main/java/org/bouncycastle/openssl/PasswordFinder.java
@@ -0,0 +1,9 @@
+package org.bouncycastle.openssl;
+
+/**
+ * call back to allow a password to be fetched when one is requested.
+ */
+public interface PasswordFinder
+{
+    public char[] getPassword();
+}
diff --git a/src/main/java/org/bouncycastle/util/Arrays.java b/src/main/java/org/bouncycastle/util/Arrays.java
index 9600fd5..9d6a43b 100644
--- a/src/main/java/org/bouncycastle/util/Arrays.java
+++ b/src/main/java/org/bouncycastle/util/Arrays.java
@@ -41,6 +41,36 @@
     }
 
     public static boolean areEqual(
+        char[]  a,
+        char[]  b)
+    {
+        if (a == b)
+        {
+            return true;
+        }
+
+        if (a == null || b == null)
+        {
+            return false;
+        }
+
+        if (a.length != b.length)
+        {
+            return false;
+        }
+
+        for (int i = 0; i != a.length; i++)
+        {
+            if (a[i] != b[i])
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    public static boolean areEqual(
         byte[]  a,
         byte[]  b)
     {
diff --git a/src/main/java/org/bouncycastle/util/Strings.java b/src/main/java/org/bouncycastle/util/Strings.java
index e69eade..0c081f7 100644
--- a/src/main/java/org/bouncycastle/util/Strings.java
+++ b/src/main/java/org/bouncycastle/util/Strings.java
@@ -199,6 +199,18 @@
         return string;
     }
 
+    public static byte[] toByteArray(char[] chars)
+    {
+        byte[] bytes = new byte[chars.length];
+
+        for (int i = 0; i != bytes.length; i++)
+        {
+            bytes[i] = (byte)chars[i];
+        }
+
+        return bytes;
+    }
+
     public static byte[] toByteArray(String string)
     {
         byte[] bytes = new byte[string.length()];
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java b/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java
new file mode 100644
index 0000000..69a773e
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemGenerationException.java
@@ -0,0 +1,25 @@
+package org.bouncycastle.util.io.pem;
+
+import java.io.IOException;
+
+public class PemGenerationException
+    extends IOException
+{
+    private Throwable cause;
+
+    public PemGenerationException(String message, Throwable cause)
+    {
+        super(message);
+        this.cause = cause;
+    }
+
+    public PemGenerationException(String message)
+    {
+        super(message);
+    }
+
+    public Throwable getCause()
+    {
+        return cause;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java b/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java
new file mode 100644
index 0000000..b201c13
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemHeader.java
@@ -0,0 +1,66 @@
+package org.bouncycastle.util.io.pem;
+
+public class PemHeader
+{
+    private String name;
+    private String value;
+
+    public PemHeader(String name, String value)
+    {
+        this.name = name;
+        this.value = value;
+    }
+
+    public String getName()
+    {
+        return name;
+    }
+
+    public String getValue()
+    {
+        return value;
+    }
+
+    public int hashCode()
+    {
+        return getHashCode(this.name) + 31 * getHashCode(this.value);    
+    }
+
+    public boolean equals(Object o)
+    {
+        if (!(o instanceof PemHeader))
+        {
+            return false;
+        }
+
+        PemHeader other = (PemHeader)o;
+
+        return other == this || (isEqual(this.name, other.name) && isEqual(this.value, other.value));
+    }
+
+    private int getHashCode(String s)
+    {
+        if (s == null)
+        {
+            return 1;
+        }
+
+        return s.hashCode();
+    }
+
+    private boolean isEqual(String s1, String s2)
+    {
+        if (s1 == s2)
+        {
+            return true;
+        }
+
+        if (s1 == null || s2 == null)
+        {
+            return false;
+        }
+
+        return s1.equals(s2);
+    }
+
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemObject.java b/src/main/java/org/bouncycastle/util/io/pem/PemObject.java
new file mode 100644
index 0000000..2199520
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemObject.java
@@ -0,0 +1,61 @@
+package org.bouncycastle.util.io.pem;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public class PemObject
+    implements PemObjectGenerator
+{
+    private static final List EMPTY_LIST = Collections.unmodifiableList(new ArrayList());
+
+    private String type;
+    private List   headers;
+    private byte[] content;
+
+    /**
+     * Generic constructor for object without headers.
+     *
+     * @param type pem object type.
+     * @param content the binary content of the object.
+     */
+    public PemObject(String type, byte[] content)
+    {
+        this(type, EMPTY_LIST, content);
+    }
+
+    /**
+     * Generic constructor for object with headers.
+     *
+     * @param type pem object type.
+     * @param headers a list of PemHeader objects.
+     * @param content the binary content of the object.
+     */
+    public PemObject(String type, List headers, byte[] content)
+    {
+        this.type = type;
+        this.headers = Collections.unmodifiableList(headers);
+        this.content = content;
+    }
+
+    public String getType()
+    {
+        return type;
+    }
+
+    public List getHeaders()
+    {
+        return headers;
+    }
+
+    public byte[] getContent()
+    {
+        return content;
+    }
+
+    public PemObject generate()
+        throws PemGenerationException
+    {
+        return this;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java b/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java
new file mode 100644
index 0000000..6fffdc5
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemObjectGenerator.java
@@ -0,0 +1,7 @@
+package org.bouncycastle.util.io.pem;
+
+public interface PemObjectGenerator
+{
+    PemObject generate()
+        throws PemGenerationException;
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java b/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java
new file mode 100644
index 0000000..b18b550
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemObjectParser.java
@@ -0,0 +1,9 @@
+package org.bouncycastle.util.io.pem;
+
+import java.io.IOException;
+
+public interface PemObjectParser
+{
+    Object parseObject(PemObject obj)
+            throws IOException;
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemReader.java b/src/main/java/org/bouncycastle/util/io/pem/PemReader.java
new file mode 100644
index 0000000..28f777d
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemReader.java
@@ -0,0 +1,79 @@
+package org.bouncycastle.util.io.pem;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.Reader;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.bouncycastle.util.encoders.Base64;
+
+public class PemReader
+    extends BufferedReader
+{
+    private static final String BEGIN = "-----BEGIN ";
+    private static final String END = "-----END ";
+
+    public PemReader(Reader reader)
+    {
+        super(reader);
+    }
+
+    public PemObject readPemObject()
+        throws IOException
+    {
+        String line = readLine();
+
+        if (line != null && line.startsWith(BEGIN))
+        {
+            line = line.substring(BEGIN.length());
+            int index = line.indexOf('-');
+            String type = line.substring(0, index);
+
+            if (index > 0)
+            {
+                return loadObject(type);
+            }
+        }
+
+        return null;
+    }
+
+    private PemObject loadObject(String type)
+        throws IOException
+    {
+        String          line;
+        String          endMarker = END + type;
+        StringBuffer    buf = new StringBuffer();
+        List            headers = new ArrayList();
+
+        while ((line = readLine()) != null)
+        {
+            if (line.indexOf(":") >= 0)
+            {
+                int index = line.indexOf(':');
+                String hdr = line.substring(0, index);
+                String value = line.substring(index + 1).trim();
+
+                headers.add(new PemHeader(hdr, value));
+
+                continue;
+            }
+
+            if (line.indexOf(endMarker) != -1)
+            {
+                break;
+            }
+            
+            buf.append(line.trim());
+        }
+
+        if (line == null)
+        {
+            throw new IOException(endMarker + " not found");
+        }
+
+        return new PemObject(type, headers, Base64.decode(buf.toString()));
+    }
+
+}
diff --git a/src/main/java/org/bouncycastle/util/io/pem/PemWriter.java b/src/main/java/org/bouncycastle/util/io/pem/PemWriter.java
new file mode 100644
index 0000000..ccefa36
--- /dev/null
+++ b/src/main/java/org/bouncycastle/util/io/pem/PemWriter.java
@@ -0,0 +1,137 @@
+package org.bouncycastle.util.io.pem;
+
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.io.Writer;
+import java.util.Iterator;
+
+import org.bouncycastle.util.encoders.Base64;
+
+/**
+ * A generic PEM writer, based on RFC 1421
+ */
+public class PemWriter
+    extends BufferedWriter
+{
+    private static final int LINE_LENGTH = 64;
+
+    private final int nlLength;
+    private char[]  buf = new char[LINE_LENGTH];
+
+    /**
+     * Base constructor.
+     *
+     * @param out output stream to use.
+     */
+    public PemWriter(Writer out)
+    {
+        super(out);
+
+        String nl = System.getProperty("line.separator");
+        if (nl != null)
+        {
+            nlLength = nl.length();
+        }
+        else
+        {
+            nlLength = 2;
+        }
+    }
+
+    /**
+     * Return the number of bytes or characters required to contain the
+     * passed in object if it is PEM encoded.
+     *
+     * @param obj pem object to be output
+     * @return an estimate of the number of bytes
+     */
+    public int getOutputSize(PemObject obj)
+    {
+        // BEGIN and END boundaries.
+        int size = (2 * (obj.getType().length() + 10 + nlLength)) + 6 + 4;
+
+        if (!obj.getHeaders().isEmpty())
+        {
+            for (Iterator it = obj.getHeaders().iterator(); it.hasNext();)
+            {
+                PemHeader hdr = (PemHeader)it.next();
+
+                size += hdr.getName().length() + ": ".length() + hdr.getValue().length() + nlLength;
+            }
+
+            size += nlLength;
+        }
+
+        // base64 encoding
+        int dataLen = ((obj.getContent().length + 2) / 3) * 4;
+        
+        size += dataLen + (((dataLen + LINE_LENGTH - 1) / LINE_LENGTH) * nlLength);
+
+        return size;
+    }
+    
+    public void writeObject(PemObjectGenerator objGen)
+        throws IOException
+    {
+        PemObject obj = objGen.generate();
+
+        writePreEncapsulationBoundary(obj.getType());
+
+        if (!obj.getHeaders().isEmpty())
+        {
+            for (Iterator it = obj.getHeaders().iterator(); it.hasNext();)
+            {
+                PemHeader hdr = (PemHeader)it.next();
+
+                this.write(hdr.getName());
+                this.write(": ");
+                this.write(hdr.getValue());
+                this.newLine();
+            }
+
+            this.newLine();
+        }
+        
+        writeEncoded(obj.getContent());
+        writePostEncapsulationBoundary(obj.getType());
+    }
+
+    private void writeEncoded(byte[] bytes)
+        throws IOException
+    {
+        bytes = Base64.encode(bytes);
+
+        for (int i = 0; i < bytes.length; i += buf.length)
+        {
+            int index = 0;
+
+            while (index != buf.length)
+            {
+                if ((i + index) >= bytes.length)
+                {
+                    break;
+                }
+                buf[index] = (char)bytes[i + index];
+                index++;
+            }
+            this.write(buf, 0, index);
+            this.newLine();
+        }
+    }
+
+    private void writePreEncapsulationBoundary(
+        String type)
+        throws IOException
+    {
+        this.write("-----BEGIN " + type + "-----");
+        this.newLine();
+    }
+
+    private void writePostEncapsulationBoundary(
+        String type)
+        throws IOException
+    {
+        this.write("-----END " + type + "-----");
+        this.newLine();
+    }
+}
diff --git a/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java b/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java
index 48ef720..2290484 100644
--- a/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java
+++ b/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java
@@ -1,5 +1,19 @@
 package org.bouncycastle.x509;
 
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.MessageDigest;
+import java.security.Principal;
+import java.security.cert.CertSelector;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERInteger;
@@ -15,19 +29,6 @@
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Selector;
 
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.Principal;
-import java.security.cert.CertSelector;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
 /**
  * The Holder object.
  * 
@@ -43,7 +44,7 @@
  *                         -- for example, an executable
  *          }
  * </pre>
- * 
+ * @deprecated use org.bouncycastle.cert.AttributeCertificateHolder
  */
 public class AttributeCertificateHolder
     implements CertSelector, Selector
@@ -162,7 +163,7 @@
     {
         if (holder.getObjectDigestInfo() != null)
         {
-            holder.getObjectDigestInfo().getDigestAlgorithm().getObjectId()
+            return holder.getObjectDigestInfo().getDigestAlgorithm().getObjectId()
                 .getId();
         }
         return null;
@@ -177,7 +178,7 @@
     {
         if (holder.getObjectDigestInfo() != null)
         {
-            holder.getObjectDigestInfo().getObjectDigest().getBytes();
+            return holder.getObjectDigestInfo().getObjectDigest().getBytes();
         }
         return null;
     }
diff --git a/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java b/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java
index 9960c74..0c88b3f 100644
--- a/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java
+++ b/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java
@@ -1,5 +1,15 @@
 package org.bouncycastle.x509;
 
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.CertSelector;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.x509.AttCertIssuer;
@@ -9,17 +19,9 @@
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.util.Selector;
 
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.security.Principal;
-import java.security.cert.CertSelector;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
 /**
  * Carrying class for an attribute certificate issuer.
+ * @deprecated use org.bouncycastle.cert.AttributeCertificateIssuer
  */
 public class AttributeCertificateIssuer
     implements CertSelector, Selector
diff --git a/src/main/java/org/bouncycastle/x509/X509Util.java b/src/main/java/org/bouncycastle/x509/X509Util.java
index 43b2d90..9ea50b4 100644
--- a/src/main/java/org/bouncycastle/x509/X509Util.java
+++ b/src/main/java/org/bouncycastle/x509/X509Util.java
@@ -1,22 +1,5 @@
 package org.bouncycastle.x509;
 
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.util.Strings;
-
-import javax.security.auth.x500.X500Principal;
 import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
@@ -35,6 +18,24 @@
 import java.util.List;
 import java.util.Set;
 
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.DEREncodable;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
+import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.util.Strings;
+
 class X509Util
 {
     private static Hashtable algorithms = new Hashtable();
@@ -51,8 +52,10 @@
         algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
         algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // END android-removed
         algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
@@ -60,50 +63,70 @@
         algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // END android-removed
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // BEGIN android-removed
+        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // END android-removed
         algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
+        algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
+        algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
         algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
 
         //
         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
         // The parameters field SHALL be NULL for RSA based signature algorithms.
         //
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
         noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
-
+        noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
+        noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
+        
         //
         // RFC 4491
         //
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
 
         //
         // explicit params
@@ -113,10 +136,12 @@
         // END android-changed
         params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
 
-        // BEGIN android-changed
-        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
-        // END android-changed
-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+        // BEGIN android-removed
+        // // BEGIN android-changed
+        // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
+        // // END android-changed
+        // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+        // END android-removed
 
         // BEGIN android-changed
         AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
diff --git a/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java b/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
index e25f359..5e99e76 100644
--- a/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
+++ b/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java
@@ -1,23 +1,5 @@
 package org.bouncycastle.x509;
 
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.X509CertificateObject;
-
-import javax.security.auth.x500.X500Principal;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.math.BigInteger;
@@ -35,8 +17,28 @@
 import java.util.Date;
 import java.util.Iterator;
 
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+import org.bouncycastle.asn1.x509.Time;
+import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
+import org.bouncycastle.asn1.x509.X509CertificateStructure;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.X509CertificateObject;
+
 /**
  * class to produce an X.509 Version 1 certificate.
+ * @deprecated use org.bouncycastle.cert.X509v1CertificateBuilder.
  */
 public class X509V1CertificateGenerator
 {
diff --git a/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java b/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java
index e91e8ff..4d40dd9 100644
--- a/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java
+++ b/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java
@@ -1,15 +1,5 @@
 package org.bouncycastle.x509;
 
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.util.Arrays;
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -31,8 +21,19 @@
 import java.util.List;
 import java.util.Set;
 
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.x509.AttributeCertificate;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.util.Arrays;
+
 /**
  * An implementation of a version 2 X.509 Attribute Certificate.
+ * @deprecated use org.bouncycastle.cert.X509AttributeCertificateHolder
  */
 public class X509V2AttributeCertificate
     implements X509AttributeCertificate
@@ -40,12 +41,29 @@
     private AttributeCertificate    cert;
     private Date                    notBefore;
     private Date                    notAfter;
-    
+
+    private static AttributeCertificate getObject(InputStream in)
+        throws IOException
+    {
+        try
+        {
+            return AttributeCertificate.getInstance(new ASN1InputStream(in).readObject());
+        }
+        catch (IOException e)
+        {
+            throw e;
+        }
+        catch (Exception e)
+        {
+            throw new IOException("exception decoding certificate structure: " + e.toString());
+        }
+    }
+
     public X509V2AttributeCertificate(
         InputStream encIn)
         throws IOException
     {
-        this(AttributeCertificate.getInstance(new ASN1InputStream(encIn).readObject()));
+        this(getObject(encIn));
     }
     
     public X509V2AttributeCertificate(
diff --git a/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java b/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
index efe024d..1ac395c 100644
--- a/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
+++ b/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
@@ -1,5 +1,23 @@
 package org.bouncycastle.x509;
 
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Iterator;
+
+import javax.security.auth.x500.X500Principal;
+
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1InputStream;
@@ -20,25 +38,9 @@
 import org.bouncycastle.jce.provider.X509CertificateObject;
 import org.bouncycastle.x509.extension.X509ExtensionUtil;
 
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Iterator;
-
 /**
  * class to produce an X.509 Version 3 certificate.
+ *  @deprecated use org.bouncycastle.cert.X509v3CertificateBuilder.
  */
 public class X509V3CertificateGenerator
 {
diff --git a/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java b/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java
index b0d6e36..0acb666 100644
--- a/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java
+++ b/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java
@@ -1,15 +1,5 @@
 package org.bouncycastle.x509.extension;
 
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERString;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509Name;
-
 import java.io.IOException;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
@@ -19,6 +9,16 @@
 import java.util.Enumeration;
 import java.util.List;
 
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.ASN1String;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509Name;
+
 
 public class X509ExtensionUtil
 {
@@ -78,7 +78,7 @@
                 case GeneralName.dNSName:
                 case GeneralName.rfc822Name:
                 case GeneralName.uniformResourceIdentifier:
-                    list.add(((DERString)genName.getName()).getString());
+                    list.add(((ASN1String)genName.getName()).getString());
                     break;
                 case GeneralName.registeredID:
                     list.add(DERObjectIdentifier.getInstance(genName.getName()).getId());