Comments (4)
After implementing the two providers so far, once I actually started to use the cipher API in building the higher level APIs, I found that there may not be a need to facade over javax.crypto.Cipher
due to the need for using many of its lower level update
and doFinal
methods. Since this cipher can be loaded and used in Java 8 (via BouncyCastle) or in Java 11+ natively, and since we don't need access to the ChaCha20ParameterSpec
class added in Java 8 (this parameter spec is only useful for ChaCha20 and not ChaCha20-Poly1305 as the latter uses an implicit block counter rather than allowing it to be specified during initialization). It seems as though the awkward APIs are mostly concentrated in the other SPIs.
from o1c.
Oh no, it seems as though we have a slight problem. It sounds like the 96-bit nonces standardized in RFC 7539 might be too short for random nonces and long lived keys. While this may not be a problem for the use case in #5, if data in #4 are to be long-lived, then upgrading to XChaCha20-Poly1305 (fairly similar to XSalsa20-Poly1305 which already extended its nonce) would be more appropriate.
from o1c.
This seems to be about as explored as it will get. Only a thin wrapper around javax.crypto.Cipher
is needed for convenience, and #4 provides the higher level API here. If XChaCha20-Poly1305 is added to more Java libraries, the added code to support it might be removable someday.
from o1c.
Reopening since the BouncyCastle version turned out to be annoying.
from o1c.
Related Issues (20)
- Support Java 15 (JEP 339) algorithms for signatures HOT 1
- Support EdDSA library as provider for signature SPI HOT 1
- Consider variants of crypto primitives aligned with common standards HOT 4
- Consider a KeyStore provider or similar SPI
- Offer lightweight cryptographic alternatives for constrained environments HOT 1
- Document how to use high level and low level APIs
- Add support for BLAKE3
- Provide native implementations of supported algorithms HOT 1
- Create an EdDSA scheme using Ristretto and Blake3 HOT 6
- Consider JEP 338 vector SIMD API optimizations
- Create service provider descriptors API
- Clean up LWC algorithms based on final round
- Sodium compatibility
- Configure website
- C implementation of DRBG doesn't appear to mix in entropy HOT 1
- Create a high level API for securing messages HOT 3
- Create a high level API for securing sessions
- Create a password-based key derivation SPI using Argon2
- Support BouncyCastle provider for ciphers, signatures, and key exchanges HOT 1
- Support Java 11 algorithms for ciphers and key exchanges HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from o1c.