Java implementation of age encryption
- Java 11
- Maven 3.9
Jagged follows the Semantic Versioning Specification 2.0.0.
Jagged supports streaming encryption and decryption using standard recipient types.
- Encryption and decryption of binary age files
- Encryption and decryption of armored age files
- X25519 recipients and identities
- scrypt recipients and identities
Jagged supports version 1 of the age-encryption.org specification.
The age encryption specification builds on a number of common cryptographic algorithms and encoding standards.
Files encrypted using the age specification include a textual header and binary payload.
File headers include a message authentication code computed using HMAC-SHA-256.
- RFC 2104 HMAC: Keyed-Hashing for Message Authentication
File headers include recipient stanza binary body elements encoded using Base64 Canonical Encoding.
- RFC 4648 The Base16, Base32, and Base64 Data Encodings
File payloads use a key derived using HKDF-SHA-256.
- RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
File payload encryption uses ChaCha20-Poly1305 for as the algorithm for Authenticated Encryption with Additional Data.
- RFC 7539 ChaCha20 and Poly1305 for IETF Protocols
Standard recipient types include asymmetric encryption using X25519 and passphrase encryption using scrypt.
The X25519 type uses Curve25519 for Elliptic Curve Diffie-Hellman shared secret key exchanges.
- RFC 7748 Elliptic Curves for Security
The X25519 type uses Bech32 for encoding public keys and private keys.
- BIP 0173 Base32 address format
The X25519 type encrypts a File Key with ChaCha20-Poly1305 using a key derived with HKDF-SHA-256.
The scrypt type uses a passphrase and configurable work factor with other preset values to derive the key for encrypting a File Key.
- RFC 7914 The scrypt Password-Based Key Derivation Function
The scrypt type encrypts a File Key with ChaCha20-Poly1305.
Jagged consists of multiple modules supporting different aspects of the age encryption specification.
- jagged-api
- jagged-bech32
- jagged-framework
- jagged-scrypt
- jagged-test
- jagged-x25519
The jagged-api
module contains the core public interfaces for encryption and decryption operations. The module
contains interfaces and classes in the com.exceptionfactory.jagged
package, which provide integration and extension
points for other components.
The FileKey
class implements java.crypto.SecretKey
and supports the primary contract for age identities and recipients.
The RecipientStanza
interface follows the pattern of the age Stanza,
providing access to the Type, Arguments, and binary Body elements.
The RecipientStanzaReader
interface serves as the age Identity
abstraction, responsible for reading RecipientStanza
objects and return a decrypted FileKey
.
The RecipientStanzaWriter
interface follows the age Recipient
abstraction, responsible for wrapping a FileKey
and returning a collection of RecipientStanza
objects.
The EncryptingChannelFactory
interface wraps a provided
WritableByteChannel and returns
a WritableByteChannel
that supports streaming encryption to one or more recipients based on supplied
RecipientStanzaWriter
instances.
The DecryptingChannelFactory
interface wraps a provided
ReadableByteChannel and returns
a ReadableByteChannel
that supports streaming decryption for a matched identity based on supplied
RecipientStanzaReader
instances.
Run the following Maven command to build the libraries:
./mvnw clean install
Jagged is released under the Apache License, Version 2.0.