Chloride provides a simple API over Java's crypto functionality. It uses Bouncy Castle to provide support for modern algorithms. The API is loosely modeled after NaCl and libsodium.
Under the hood, chloride
uses NSA Suite B Cryptography. This means it uses AES-256-GCM to encrypt data and for asymmetric boxes it uses ECDH with curve P-256 for key agreement.
- You need to install Bouncy Castle as a JCE provider.
- You need the Java Crypto Unlimited Strength Policy files.
KeyPair pair1 = KeyPair.generate();
KeyPair pair2 = KeyPair.generate();
Box box1 = new Box(pair1.getPrivateKey(), pair2.getPublicKey());
Box box2 = new Box(pair2.getPrivateKey(), pair1.getPublicKey());
byte[] ciphertext = box1.encrypt("too many secrets".getBytes("UTF-8"));
byte[] plaintext = box2.decrypt(ciphertext);
SecretKey key = SecretKey.generate();
SecretBox box = new SecretBox(key);
byte[] ciphertext = box.encrypt("too many secrets".getBytes("UTF-8"));
byte[] plaintext = box.decrypt(ciphertext);
Chloride uses a random 96-bit nonce value for AES-GCM, which does raise issues if you're encrypting large amounts of data under the same key. That is because the chance of collision with a 96-bit value is much higher. This choice was made due to the specific circumstances on which Chloride was designed to be used. Please be aware of this limitation for your own systems.
If you've discovered a security bug in Chloride, please email John Downey.