Basically I want to be able to encrypt and decrypt with AES 256. What is the industry standard library for encryption in Java? Something that has been around a long time and is tried and true.
+1
A:
How bout the Java Cryptography Extension. JCE used to be an optional extension, now it's been integrated into Java 2 SDK
http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html
Cetra
2010-03-12 04:02:30
So its part of standard java now? No additional libraries or anything needed?
Kyle
2010-03-12 04:12:58
Yes I believe so. It supports AES256 for an encryption and decryption. It also has a key generation class to use.
Cetra
2010-03-12 04:18:27
Its generally a bad idea to implement anything to do with crypto yourself, too much possibility for error. JDK only provides the primitives to do cryptography. Transform block/transform block final, etc. Its better to use a library like bouncy castle.
Kyle
2010-03-12 04:41:40
Well, that is all your question asked for, so the answer is correct. Your question might've been wrong though.
GregS
2010-03-13 00:33:06
+1
A:
In what context? The JRE contains the primitives for encryption, and support for TLS/SSL. But there's not much out of the box for encrypting stand-alone blobs of data, or even files.
The Bouncy Castle API's have been around a while, and have API's for using OpenPGP or S/MIME and CMS for file and email encryption.
By the by - if you want to use 256 bit keys, you'll have to install the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files". You can find them at the bottom of the Java SE Downloads page.
The export of strong cryptography is regulated, and you have to claim to not be in the Axis of Evil before you can unlock it.
dave
2010-03-12 04:08:31
BC provides underlying primitives. You either have to use those API's directly, or configure BC as a JCE provider (Security.addProvider(new BouncyCastleProvider());).
dave
2010-03-12 04:55:12
'But there's not much out of the box for encrypting stand-alone blobs of data, or even files.' You're kidding. See javax.crypto.
EJP
2010-03-12 05:09:54
'You're kidding. See javax.crypto'. Cipher is definitely primitive. CipherInputStream and CipherOutputStream aren't much better, since you still have to deal with algorithm selection, providing the IV to the cipher, managing the key. The higher level API's (OpenPGP and CMS) can be a bit difficult to navigate, but you are less likely to screw up your encryption using them.
dave
2010-03-12 08:09:17
Agreed but you can't equate that to 'there's not much out of the box'. There are whole packages 'out of the box'.
EJP
2010-03-13 00:59:47