Cryptacular

Cryptacular is a complement to the Bouncy Castle Crypto APIs for Java that is…

Familiar

Perform common cryptographic operations using familiar APIS, JCE and lightweight Bouncy Castle API.

AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine());
SecretKey key = SecretKeyGenerator.generate(cipher.getUnderlyingCipher());
File file = new File("/path/to/plain.txt");
ByteArrayOutputStream tempOut = new ByteArrayOutputStream();
CipherUtil.encrypt(cipher, key, new RBGNonce(), StreamUtil.makeStream(file), tempOut);

Secure

Cryptography contains a number of pitfalls in the details, and Cryptacular provides prophylaxis:

Components that do the right thing by default
APIs that suggest the right component to perform a particular operation according to best practices

// Cryptacular forces the use of a dynamic IV per encryption,
// one of the most common pitfalls for block ciphers,
// and makes storage of the IV secure and convenient for decryption
BufferedBlockCipherBean cipherBean = new BufferedBlockCipherBean();
BufferedBlockCipherSpec cipherSpec = BufferedBlockCipherSpec.parse(cipherSpecString);
cipherBean.setNonce(nonce);
cipherBean.setKeyAlias("vtcrypt");
cipherBean.setKeyPassword("vtcrypt");
cipherBean.setKeyStore(getTestKeyStore());
cipherBean.setBlockCipherSpec(cipherSpec);
byte[] ciphertext = cipherBean.encrypt(ByteUtil.toBytes(input));
assertEquals(ByteUtil.toString(cipherBean.decrypt(ciphertext)), input);

Beyond avoiding cryptography errors, Cryptacular ships with components that encourage use of modern algorithms (e.g. GCM ciphers, SHA-3 digest) and current standard (e.g. NIST SP-800-63).

Convenient

Cryptacular facilitates common use cases and provides extension points to for complex cases.

// Static utility classes to quickly perform common operations
byte[] hash = HashUtil.sha1("Some text");

// Consistent API for handling stream data as easily as strings/bytes
byte[] hash = HashUtil.sha1(StreamUtil.makeStream(file));

// Factory beans for keys and keystores
KeyStoreFactoryBean keyStoreFactory = new KeyStoreFactoryBean();
keyStoreFactory.setResource(new FileResource(new File(keyStorePath)));
keyStoreFactory.setPassword("vtcrypt");
keyStoreFactory.setType(keyStoreType);
KeyStoreBasedSecretKeyFactoryBean secretKeyFactory = new KeyStoreBasedSecretKeyFactoryBean();
secretKeyFactory.setKeyStore(keyStoreFactory.newInstance());
secretKeyFactory.setAlias(alias);
secretKeyFactory.setPassword("vtcrypt");
SecretKey key = secretKeyFactory.newInstance();

// Thread-safe beans for cryptographic operations
// Here we demonstrate a bean to compute password hashes in a secure manner
EncodingHashBean bean = new EncodingHashBean();
bean.setDigestSpec(new DigestSpec("SHA-256"));
bean.setCodecSpec(CodecSpec.HEX);
bean.setIterations(5);
Nonce saltSource = new RBGNonce(8);
String hexHash = bean.digest("password", saltSource.generate());