Type-safe general-cryptography library - https://jmcardon.github.io/tsec/
Clone or download
jmcardon Merge pull request #202 from ahjohannessen/wip-cookie-settings
http4s: ensure cookie settings are passed along
Latest commit 00e91b5 Oct 15, 2018
Permalink
Failed to load latest commit information.
bench/src/main/scala/tsec remove cancatch and more ev typeclasses Jul 22, 2018
bouncycastle/src/main/scala/tsec add bouncy hashes Mar 15, 2018
cipher-bouncy/src clean up newtypes May 25, 2018
cipher-core/src/main/scala/tsec/cipher/common Revert "scalafmt run" Sep 29, 2018
cipher-symmetric/src Revert "scalafmt run" Sep 29, 2018
common/src Revert "scalafmt run" Sep 29, 2018
docs/src/main fix up docs Jul 22, 2018
examples/src Revert "scalafmt run" Sep 29, 2018
hashing-bouncy/src Revert "scalafmt run" Sep 29, 2018
jwt-core/src make b64 functions safe Jul 22, 2018
jwt-mac/src make b64 functions safe Jul 22, 2018
jwt-sig/src Revert "scalafmt run" Sep 29, 2018
mac/src Revert "scalafmt run" Sep 29, 2018
message-digests/src remove orphan instances Jul 19, 2018
oauth2 Revert "scalafmt run" Sep 29, 2018
password-hashers/src add OS agnostic secure random Jul 30, 2018
project deps: upgrade fs2 & http4s Oct 8, 2018
signatures/src Revert "scalafmt run" Sep 29, 2018
tsec-http4s/src http4s: ensure cookie settings are passed along Oct 15, 2018
tsec-libsodium Revert "scalafmt run" Sep 29, 2018
.gitignore Remove hand-written ScalaSodium boilerplate! Dec 11, 2017
.mailmap aeons mailmap Mar 1, 2018
.sbtopts clean up newtypes May 25, 2018
.scalafmt.conf scalafmt update + default encryption Sep 18, 2017
.travis.yml Make tut happy Sep 29, 2018
CONTRIBUTING.md note on contributors Aug 9, 2018
Extra Resources.md examples Oct 10, 2017
License.txt add mit license Nov 21, 2017
README.md formal process for contributions and windows support Aug 9, 2018
build.sbt Remove version from build.sbt and use version.sbt exclusively Sep 29, 2018
sodium_setup.sh Remove hand-written ScalaSodium boilerplate! Dec 11, 2017
version.sbt Use M1 Sep 29, 2018

README.md

________________________________________  
\__    ___/   _____/\_   _____/\_   ___ \ 
  |    |  \_____  \  |    __)_ /    \  \/ 
  |    |  /        \ |        \\     \____
  |____| /_______  //_______  / \______  /
                 \/         \/         \/ 

TSEC: A type-safe, functional, general purpose security and cryptography library.

Join the chat at https://gitter.im/tsecc/Lobby Build Status Latest Version

Latest Release: 0.0.1-M11

For the current progress, please refer to the RoadMap

For version changes and additions, including breaking changes, see either release notes or the Version Changes page.

Note about using Windows™® with tsec

Windows™® is not supported.

Feel free to fork the project and add your own windows support.

Note on milestones:

Our Notation for versions is:

X.X.X
^ ^ ^____Minor
| |______Major
|________Complete redesign (i.e scalaz 7 vs 8)  

All x.x.x-Mx releases are milestone releases. Thus, we do not guarantee binary compatibility or no api-breakage until a concrete version(i.e 0.0.1). We aim to keep userland-apis relatively stable, but internals shift as we find better/more performant abstractions.

We will guarantee compatibility between minor versions (i.e 0.0.1 => 0.0.2) but not major versions (0.0.1 => 0.1.0)

0.0.1-M11 is here for scala 2.12+ and Cats 1.0.1!

To get started, if you are on sbt 0.13.16+, add

Name Description Examples
tsec-common Common crypto utilities
tsec-password Password hashers: BCrypt and Scrypt here
tsec-cipher-jca Symmetric encryption utilities here
tsec-cipher-bouncy Symmetric encryption utilities here
tsec-mac Message Authentication here
tsec-signatures Digital signatures here
tsec-hash-jca Message Digests (Hashing) here
tsec-hash-bouncy Message Digests (Hashing) here
tsec-libsodium Nicely-typed Libsodium JNI bridge here
tsec-jwt-mac JWT implementation for Message Authentication signatures here
tsec-jwt-sig JWT implementation for Digital signatures here
tsec-http4s Http4s Request Authentication and Authorization here

To include any of these packages in your project use:

val tsecV = "0.0.1-M11"
 libraryDependencies ++= Seq(
 "io.github.jmcardon" %% "tsec-common" % tsecV,
 "io.github.jmcardon" %% "tsec-password" % tsecV,
 "io.github.jmcardon" %% "tsec-cipher-jca" % tsecV,
 "io.github.jmcardon" %% "tsec-cipher-bouncy" % tsecV,
 "io.github.jmcardon" %% "tsec-mac" % tsecV,
 "io.github.jmcardon" %% "tsec-signatures" % tsecV,
 "io.github.jmcardon" %% "tsec-hash-jca" % tsecV,
 "io.github.jmcardon" %% "tsec-hash-bouncy" % tsecV,
 "io.github.jmcardon" %% "tsec-libsodium" % tsecV,
 "io.github.jmcardon" %% "tsec-jwt-mac" % tsecV,
 "io.github.jmcardon" %% "tsec-jwt-sig" % tsecV,
 "io.github.jmcardon" %% "tsec-http4s" % tsecV
)

Note on contributing

See CONTRIBUTING.md

IMPORTANT NOTE: About higher than 128-bit encryption key sizes on the JCA!

This applies to you if you are using any AES algorithms with higher than 128-bit key sizes

For 256-bit key sizes, you will have to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy

You can get it at: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

You can refer to: https://stackoverflow.com/questions/41580489/how-to-install-unlimited-strength-jurisdiction-policy-files

Alternatively, if you are using a package manager like aptitude and have the java8 repositories on your machine, you can install oracle-java8-unlimited-jce-policy

For debian-like distros: Follow the instructions here then use:

sudo apt-get install oracle-java8-unlimited-jce-policy

A note on logging

We use log4s which is a logging facade over SLF4J. This implies you need to add a binding to your classpath. Check https://www.slf4j.org/codes.html#StaticLoggerBinder

Big Thank you to our contributors (direct or indirect):

Robert Soeldner (Contributor/Maintainer)

Christopher Davenport(Contributor/Maintainer)

Harrison Houghton(Contributor/Maintainer)

Bjørn Madsen (Contributor)

André Rouél(Contributor)

Edmund Noble (For the dank tagless)

Fabio Labella (For the great FP help)

Will Sargent (Security Discussions)