Cryptacular is a complement to the Bouncy Castle Crypto APIs for Java
that is…
Familiar
Perform common cryptographic operations using familiar APIS, JCE and lightweight Bouncy Castle API.
AEADBlockCipher cipher = new GCMBlockCipher ( new AESEngine ());
SecretKey key = SecretKeyGenerator . generate ( cipher . getUnderlyingCipher ());
File file = new File ( "/path/to/plain.txt" );
ByteArrayOutputStream tempOut = new ByteArrayOutputStream ();
CipherUtil . encrypt ( cipher , key , new RBGNonce (), StreamUtil . makeStream ( file ), tempOut );
Secure
Cryptography contains a number of pitfalls in the details, and Cryptacular provides prophylaxis:
Components that do the right thing by default
APIs that suggest the right component to perform a particular operation according to best practices
// Cryptacular forces the use of a dynamic IV per encryption,
// one of the most common pitfalls for block ciphers,
// and makes storage of the IV secure and convenient for decryption
BufferedBlockCipherBean cipherBean = new BufferedBlockCipherBean ();
BufferedBlockCipherSpec cipherSpec = BufferedBlockCipherSpec . parse ( cipherSpecString );
cipherBean . setNonce ( nonce );
cipherBean . setKeyAlias ( "vtcrypt" );
cipherBean . setKeyPassword ( "vtcrypt" );
cipherBean . setKeyStore ( getTestKeyStore ());
cipherBean . setBlockCipherSpec ( cipherSpec );
byte [] ciphertext = cipherBean . encrypt ( ByteUtil . toBytes ( input ));
assertEquals ( ByteUtil . toString ( cipherBean . decrypt ( ciphertext )), input );
Beyond avoiding cryptography errors, Cryptacular ships with components that encourage use of modern algorithms
(e.g. GCM ciphers, SHA-3 digest) and current standard (e.g. NIST SP-800-63).
Convenient
Cryptacular facilitates common use cases and provides extension points to for complex cases.
// Static utility classes to quickly perform common operations
byte [] hash = HashUtil . sha1 ( "Some text" );
// Consistent API for handling stream data as easily as strings/bytes
byte [] hash = HashUtil . sha1 ( StreamUtil . makeStream ( file ));
// Factory beans for keys and keystores
KeyStoreFactoryBean keyStoreFactory = new KeyStoreFactoryBean ();
keyStoreFactory . setResource ( new FileResource ( new File ( keyStorePath )));
keyStoreFactory . setPassword ( "vtcrypt" );
keyStoreFactory . setType ( keyStoreType );
KeyStoreBasedSecretKeyFactoryBean secretKeyFactory = new KeyStoreBasedSecretKeyFactoryBean ();
secretKeyFactory . setKeyStore ( keyStoreFactory . newInstance ());
secretKeyFactory . setAlias ( alias );
secretKeyFactory . setPassword ( "vtcrypt" );
SecretKey key = secretKeyFactory . newInstance ();
// Thread-safe beans for cryptographic operations
// Here we demonstrate a bean to compute password hashes in a secure manner
EncodingHashBean bean = new EncodingHashBean ();
bean . setDigestSpec ( new DigestSpec ( "SHA-256" ));
bean . setCodecSpec ( CodecSpec . HEX );
bean . setIterations ( 5 );
Nonce saltSource = new RBGNonce ( 8 );
String hexHash = bean . digest ( "password" , saltSource . generate ());