The Cloudproof Java library provides a Java-friendly API to Cosmian's Cloudproof Encryption.
Cloudproof Encryption secures data repositories and applications in the cloud with advanced application-level encryption and encrypted search.
- Licensing
- Cryptographic primitives
- Getting started
- Benchmarks
- Versions Correspondence
- Using in Java projects
The library is available under a dual licensing scheme Affero GPL/v3 and commercial. See LICENSE.md for details.
The library is based on:
-
CoverCrypt algorithm which allows creating ciphertexts for a set of attributes and issuing user keys with access policies over these attributes.
CoverCryptoffers Post-Quantum resistance. -
Findex which is a cryptographic protocol designed to securely make search queries on an untrusted cloud server. Thanks to its encrypted indexes, large databases can securely be outsourced without compromising usability.
Please check the online documentation for details on using the CloudProof APIs
In addition, please have a look at the following tests for implementation examples:
- TestCoverCrypt for using the CoverCrypt scheme with Cosmian KMS
- TestFfiCoverCrypt for using the CoverCrypt scheme with the local native library
- TestKmip for using the KMIP 2.1 interface with the Cosmian KMS
- TestSqliteFindex for using the Encrypted Search Findex scheme using Sqlite (or other SQL DBs) as a backend
- TestRedisFindex for using the Encrypted Search Findex scheme using Redis as a backend
The following benchmarks are obtained using an Intel(R) Xeon(R) Platinum 8171M CPU @ 2.60GHz.
-----------------------------------------------------
Benches CoverCrypt Encryption/Decryption With Cache
-----------------------------------------------------
Classic encryption
==================
Number of partitions: 1: Encrypted Header size: 131. Encryption average time: 262971ns (262µs). Decryption average time: 221256ns (221µs)
Number of partitions: 2: Encrypted Header size: 164. Encryption average time: 347328ns (347µs). Decryption average time: 257798ns (257µs)
Number of partitions: 3: Encrypted Header size: 197. Encryption average time: 431084ns (431µs). Decryption average time: 411985ns (411µs)
Number of partitions: 4: Encrypted Header size: 230. Encryption average time: 513750ns (513µs). Decryption average time: 473802ns (473µs)
Number of partitions: 5: Encrypted Header size: 263. Encryption average time: 599409ns (599µs). Decryption average time: 536418ns (536µs)
Hybridized encryption
======================
Number of partitions: 1: Encrypted Header size: 1187. Encryption average time: 320732ns (320µs). Decryption average time: 232779ns (232µs)
Number of partitions: 2: Encrypted Header size: 2276. Encryption average time: 467049ns (467µs). Decryption average time: 273931ns (273µs)
Number of partitions: 3: Encrypted Header size: 3365. Encryption average time: 611346ns (611µs). Decryption average time: 315654ns (315µs)
Number of partitions: 4: Encrypted Header size: 4454. Encryption average time: 754446ns (754µs). Decryption average time: 358415ns (358µs)
Number of partitions: 5: Encrypted Header size: 5543. Encryption average time: 900514ns (900µs). Decryption average time: 400720ns (400µs)The version without using the cache adds the deserialization time for the policy and public key during the encryption process, and the user decryption key during the decryption process. This time may vary depending on the size of these objects.
In the case of the above benchmark, deserializing the policy and the public key takes about 200µs for sizes of 1037 and 18935 bytes respectively (the public key is half hybridized).
This library uses cloudproof_rust for both CoverCrypt and Findex FFI interface.
This table shows the compatible versions of the various components
From the version 5.0.0, cloudproof_java depends on cloudproof_rust which wraps the interfaces of CoverCrypt and Findex.
| This lib | KMS Server | Cloudproof Rust lib |
|---|---|---|
| 5.0.0 | 4.3.3 | 1.0.0 |
| 6.0.0 | 4.3.3 | 2.0.1 |
| 7.0.0 | 4.10.0 | 2.4.0 |
| 7.1.0 | 4.11.0 | 2.4.0 |
| 7.2.0 | 4.11.3 | 2.4.0 |
| 8.0.* | 4.13.3 | 3.0.0 |
This library is open-source software and is available on Maven Central.
<dependency>
<groupId>com.cosmian</groupId>
<artifactId>cloudproof_java</artifactId>
<version>6.0.0</version>
</dependency>The Cloudproof Java lib uses JNA to access functions of the following native cryptographic libraries:
CoverCryptFindex
Those libraries must be found either in the classpath or in subfolders of src/main/resources/
- src/main/resources/
linux-x86-64for Linux 64bit architecturedarwin-x86-64for MacOS Intelwin32-x86-64for windows
For tests, it is possible to override these libraries by placing them in the equivalent sub-folders of src/test/resources
To download them, please run the following script that will fetch the releases in the public URL package.cosmian.com:
python3 scripts/get_native_libraries.pyOtherwise, to build those libraries manually, please check the CoverCrypt and Findex projects on Github: their build directory contains instructions on how to build the native libraries for your system.
For CoverCrypt:
git clone https://github.com/Cosmian/cover_crypt.git
cargo build --release --features ffiFor Findex:
git clone https://github.com/Cosmian/findex.git
cargo build --release --features ffiAnd copy the new binaries from target/release/<.dylib,.so,.dll> to cloudproof_java FFI directory: check the right platform/architecture directory in Download required native libraries.