logi.crypto is a non-certified 100% pure java library for using strong encryption in your java 1.1 programs. It includes tools for encryption and authentication and a framework for general cryptographic protocols.
It is distributed with full source-code, since no-one can be expected to trust an encryption package without seeing the source.
Price and Distribution Terms?
logi.crypto is distributed in two ways. You can choose to use it according to the Free software Foundation's (FSF) General Public License (GPL), or by purchasing a commercial license for USD100 per developer. See The License for details.
Note that when evaluating the package you are considered to be using it under the GPL, so if you release any of the code written for testing purposes it will fall under the GPL unless you eventually buy a license.
There are no known efficient attacks against the RSA algorithm, but it has slight flaws which can be exploited if it is used carelessly. These can be avoided by always padding encrypted messages with random data and by never signing messages directly, but always a hash of the message. The strength also depends heavily on the size of the key you use and the quality of the random number generator used when creating it.
The random number generator included in logi.crypto should be fairly good. The idea is similar to that used in Sun's SecureRandom class, but it spends less time on the initial seeding and is instead continuusly re-seeded. The seeding is done from random elements in the scheduler and may have problems on systems which are idle and therefore somewhat predictable. Run the Spinner program to access the seeding algorithm for you own testing. You might also want to run the org.logi.crypto.test.TestRandom program, although it can only test the statistical properties of an RNG, which do not give sufficient guarantees about its cryptographic strength.
The DES algorithm is good but suffers from a too small key and the block size is beginning to become too small. The former is addressed by the Triple-DES variant of DES (or simply by using the Blowfish algorithm) and the latter by using CBC mode.
Note, however, that in most cases the algorithms are not the weak point in computer security. It is very easy to misuse a strong algorithm in a way that gives little real security. Be careful. Read a book.
Encryption with logi.crypto happens on three levels. The simplest is to encrypt single fixed-size blocks of data directly by calling the EncryptKey.encrypt() methods and decrypt them with the DecryptKey.decrypt() methods. Classes are included for RSA, Diffie-Hellman, DES, Triple-DES and Blowfish.
Alternatively you can create an EncryptSession object with a particular key to encrypt arbitrary arrays of data and decrypt them again with a corresponding DecryptSession object. Session classes are included for the ECB, CBC, OFB and CFB block-cipher modes. The CBC and ECB modes may require padding to be performed on the plaintext to fill a whole number of plaintext blocks. This is done by implementations of the Padding interface. Several implementations are provided.
The most useful method is to use the EncryptStream and DecryptStream classes to filter your i/o operations. They will encrypt or decrypt all data that passes through them and optionally execute non-interactive protocols, such as key-exchange protocols. If you need interactive key exchange or other interactive protocols, you can use the CipherStreamClient and CipherStreamServer classes.
There is also support for hashing, signatures, blind signatures and secret sharing in the library. See the full javadocs for information about these.
In addition to this, the library is organized so that it is relatively easy to add your own ciphers, modes or utility classes.
Finally, you may want to look at the demonstration programs in the org.logi.crypto.demo package.
The logi.crypto archive contains these files:
logi.crypto1.1.2.jar A JAR file containing the logi.crypto package logi.crypto1.1.2-test.jar A JAR file containing demo programs and test code. src.zip Complete source code javadoc/ Documentation of individual classes *.html Other documentation
The simplest way to install logi.crypto is to place logi.crypto1.1.2.jar (and perhaps the test library) in your CLASSPATH or extensions directory. See the documentation for your Java environment for instructions. Alternatively you may wish to unpack the source archive into a directory which resides in your CLASSPATH, since this allows you to modify the source. In this case you should take care to preserver the directory structure in the archive.
There are two mailing lists for the logi.crypto library. email@example.com is a closed list only used to announce new versions of the libary and to warn of serious bugs. It is higly recommended that you subscribe to this list.
firstname.lastname@example.org is an open list for general discussion of the library. You may also want to subscribe to this list.
When subscribing to the above mentioned lists it is sufficient to send mail to the given address. Nothing needs to be in the subject or body of the message, since the request is encoded in the address.