We have a requirement to do some Rijndael development in Java.
Any recommendations for articles, libraries etc. that would help us?
Any pointers to keystore maintenance and how store the keys securely?
Edit:
It would need to be open source. Essentially, it's just standard encrypt / decrypt of data using Rijndael.
javax.crypto has AES support: http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html
As for secure key storage, the usual method is to derive an encryption key from user input (a passphrase) using a cryptographic hash function, and use the derived key to encrypt the keychain. Or, if you only need one key, you can use the derived key itself.
Always keep in mind that the security of the system is directly related to the strength of the hash function used. Use a cryptographically secure hash function, along with a salt if possible, and hash more than once (hundreds of times, for example).
That being said, the question is very vague.
For a great free library, I highly recommend BouncyCastle. It is actively maintained, high quality, and has a nice array of code examples. For reference documentation, you'll have to rely more on the general JCE docs.
I can't say what library we use to meet FIPS certification requirements. But there are alternatives to CryptoJ that are much, much cheaper.
In general, I'd recommend generating a new key for each message you encrypt with a symmetric cipher like Rijndael, and then encrypting that key with an asymmetric algorithm like RSA. These private keys can be stored in a password-protected, software-based key store like PKCS #12 or Java's "JKS", or, for better security, on "smart card" hardware token or other crypto hardware module.
Java includes AES out of the box. Rijndael is AES. You don't need any external libraries. You just need something like this:
byte[] sessionKey = null; //Where you get this from is beyond the scope of this post
byte[] iv = null ; //Ditto
byte[] plaintext = null; //Whatever you want to encrypt/decrypt
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
//You can use ENCRYPT_MODE or DECRYPT_MODE
cipher.calling init(Cipher.ENCRYPT_MODE, new SecretKeySpec(sessionKey, "AES"), new IvParameterSpec(iv));
byte[] ciphertext = cipher.doFinal(plaintext);
And that's it, for encryption/decryption. If you are processing large amounts of data then you're better off reading chunks that are multiples of 16 bytes and calling update instead of doFinal (you just call doFinal on the last block).