Cryptographic API that extends the functionality of the JCA API to make the cryptographic functions easier to use. Encapsulates JCA and Bouncy Castle methods and makes choices for users, i.e. they need less knowledge to use the layer.
The following cryptographic concepts are implemented in the current prototype of the layer All concepts work by first constructing an instance the concept wanted for the corresponding interface of it (by choice with a securely generated secret or an own one) and then using operational methods of it.
To use symmetric encryption, create an instance of an AESCipher and use the operational method encrypt of it. Afterwards transmit ciphertext and key to the decrypting party.
IAESCipher aesCipher = new AESCipher();
AESKey aesKey = aesCipher.getKey();
AESEncryptOutput aesOut = cipher.encrypt("plaintext");
IAESCipher decrypter = new AESCipher(aesKey);
byte[] plaintext = decrypter.decrypt(aesOut);
To use asymmetric encryption, create an RSAKeyPair by its static generateKeyPair method and use these keys for the constructors.
RSAKeyPair keypair = RSAKeyPair.generateRSAKeyPair();
IRSACipher rsaCipher = new RSACipher(keyPair.getPublicKey());
RSAEncryptOutput rsaOutput = rsa.encrypt("plaintext");
IRSACipher rsaDecrypter = new RSACipher(keyPair.getPrivateKey());
byte[] plaintext = rsaDecrypter.decrypt(rsaOutput);
The password hashing encapsulates the BCrypt class of the Bouncy Castle API. Usage works simply instantiating an object and using its hashPassword method. A salt is generated randomly for the hash and can be taken out of the HashedPassword object that is returned.
IPasswordHash hasher = new PasswordHash();
HashedPassword pw = hasher.hashPassword("password") // byte array accepted, too
byte[] hash = pw.getHash();
byte[] salt = pw.getSalt();
For MACs a HMacSha256 implementation is used to provide the functionality of authenticating messages. A randomly generated secret can be used, but developers can choose their own if they want.
IHMacSha256 mac = new HMacSha256();
MacSecret secretUsed = mac.getSecret(); // transmit this to receiver of message over secure channel
HMacSha256Output macOutput = mac.generateMac("message");
The class JecalRandom directly encapsulates a seeded SecureRandom instance and can be used to generate byte[], int, float or boolean values.
JecalRandom ran = new JecalRandom();
byte[] saltExample = ran.getRandomBytes(20); // byte array length 20
Possible hash functions in this API are Sha256 and Sha512
IShaDigest sha = new Sha512Digest();
byte[] hash = sha.digest("plaintext");