Lightcrypto (lightweight cryptographic library)

• Introduction
• Legal Issues
• License and credits
• Price
• About cryptography & other questions
• Download
• Installation
• How to use
• Building, changing, contributing
• Revision history
• Java docs
• About the author

LightCrypto is a set of Open Source Java classes with basic cryptographic routines using the BouncyCastle lightweight API.

It uses a minimal amount of memory so it can be used with J2ME (Java 2 Micro Edition), browser applets, on small Java devices such as PDA's or Java enabled mobile phones or in any other situation where JCE (Java Cryptographic Extensions) is too heavy for the job. Check out the library section of my other project called JCE taglib if you are looking for JCE.

Features:

Create digest from strings and files with MD5 (default) or SHA-1 hash algorithms

new! Encrypt/Decrypt strings and files with PBE (Password-Based Encryption)

Encrypt/Decrypt strings and files using the AES (lightweight implementation) algorithm with any keylength (default 128 bits) in CBC mode with PKCS12 padding.

new! Encrypt/Decrypt any inputstream (such as socket streams) with RC4 stream cipher

Create MACs (Message Authentication Code) from text and files with HMAC (HMAC-SHA1) or CBC-BlockCipherMAC with IV.

Encrypts the symmetric keystore and protects it with a passphrase (PBE)

Functions to hash/encrypt/decrypt/PBE/mac/hmac data in HSQLDB (http://hsqldb.sourceforge.net) embeddable database engine using SQL statements.

Open Source

100% Java

Uses the BouncyCastle.org lightweight API instead of Sun's JCE (Java Cryptographic Extensions)

This package does not contain the lightweight API by BouncyCastle. It must be downloaded separately. This package does not contain any cryptographic code/algorithms and thus it is not bound to any cryptographic export regulations.

However, to use this package, you will have to download this provider so you will be bound to any of your country's cryptographic import regulation (check the CryptoLaw document). The author(s), nor any of the organisations/people listed in the credits do NOT take any responsibility in this matter. By downloading and/or using LightCrypto you agree with these terms.

This software is covered under the GNU Lesser General Public License and is copyrighted by Gert Van Ham. It can be used, copied, distributed & altered freely. However, a donation is always welcome.

Disclaimer

COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER.

Credits

Java^TM & J2ME^TM are products licensed by Sun

The lightweight API is licensed by the Legion of the BouncyCastle

Using and deploying this software is free of charge, however, if you are using this software in a commercial product or in a production environment inside a governmental/commercial organisation you are urged to support my efforts by donating with PayPal. I'll apply some voodoo on you if you don't :)

If you are not familiar with cryptography you are urged to check out following links/books:

• RSA Labs Crypto FAQ (very good to start with)
• Counterpane Crypto-Gram - free monthly e-mail newsletter on computer security and cryptography from Bruce Schneier
• Snake Oil Warning Signs: Encryption Software to Avoid
• Selecting Cryptographic Key Sizes
• USENET sci.crypt FAQ
• Applied Cryptography 2nd Edition (Bruce Schneier, John Wiley & Sons (October 1995), ISBN: 0471128457) (a standard work)
• Practical Cryptography - Bruce Schneier & Niels Ferguson - John Wiley & Sons – ISBN 0471223573
• Secrets and Lies : Digital Security in a Networked World - Bruce Schneier - John Wiley & Sons – ISBN 0471253111
• Handbook of Applied Cryptography - online version (tough & academically but a standard work)

The latest version can always be found on http://sourceforge.net/projects/jcetaglib/

If you need other algorithms/combinations (see available algorithms) you can build the library yourself.

Don't forget that this package DOES NOT INCLUDE the lightweight API and that it must be downloaded separately from Bouncycastle.org

Before you can use this package you will have to download the BouncyCastle LightWeight API. This jar contain strong encryption, so check your country's cryptographic import restrictions (CryptoLaw document). Again, the author does NOT take any responsibility in this matter.

Just put both LightCrypto & LightWeight API JAR files in your classpath and you are ready to go.

Look at some sample code in the "net.sourceforge.lightcrypto.test.*" package.

You can use the library directly inside HSQLDB SQL statements using the "net.sourceforge.lightcrypto.Hsqldb" class.
Example:

	SELECT "net.sourceforge.lightcrypto.Hsqldb.digest"(str_col) AS digest FROM sample_table

The lightweight API JAR is still too large for many applications so you will need to use an obfuscator to remove unwanted classes. Check out the excellent article on http://wireless.java.sun.com/midp/ttips/proguard/ how to do this with the free ProGuard obfuscator.

The following example combines the lightcrypto library together with the lightweight API with only the necessary classes into one shrinked JAR (about 32 Kb):

java -jar proguard.jar 
	-libraryjars rt.jar;junit.jar;hsqldb.jar 
	-injars lapi.jar;lightcrypto.jar 
	-outjar lightcrypto-new.jar  
	-keep "public class net.sourceforge.lightcrypto.* { public static *;}"

You can build the library with the included Ant "build.xml" script. Please note that the junit.jar file needs to be in your Ant's lib folder. To run the unit tests you will need to change the variable "TEMPFOLDER" (net.sourceforge.lightcrypto.test.RunTest) to a temporary folder on your system and call the main method.

If need another encryption algorithm you can easily change the code. I only included one algorithm because I wanted to minimize the JAR files. The AESLight algorithm is the fastest algorithm with the smallest memory footprint. The Bouncycastle lightweight API supports may more algorithms such as Twofish, Blowfish and Serpent. Check it out at http://www.bouncycastle.org/specifications.html

Just send me an e-mail if you want to contribute code.

Beta 3

Encrypt/Decrypt strings and files with PBE (Password-Based Encryption)

Encrypt/Decrypt any inputstream (such as socket streams) with RC4 stream cipher

Beta 2

Create MACs (Message Authentication Code) from text and files with HMAC (HMAC-SHA1) or CBC-BlockCipherMAC with IV

Removed redundant code

Removed some digest algorithms to keep the library small (only MD5 & SHA-1 are now available).

Beta 1

Initial release

Java programmers can view the java class documentation for this tag library as javadocs.

Gert Van Ham is since '94 working as a Database & Intranet Consultant for Cronos NV where he was the first member and founder of the xNet department. Now, this department has over 50 consultants designing & implementing top-of-the-bill Internet technology for Top 100 multinational & local companies, which put Cronos in a number 1 position on the Belgian market of technical Internet/Intranet Consultancy.

As a pioneer in Internet & Intranet database development, he successfully deployed and administered multiple large Intranet sites for industrial & governmental organizations using Oracle, Netscape & Cold Fusion web technology. He focusses now on security, middleware and the J2EE platform.

E-mail: hamgert@users.sourceforge.net
Personal homepage: http://users.pandora.be/gert.van.ham