The logi.crypto Java Package, version 1.0.2

This package was previously called Cryptonite.
What is it?
logi.crypto is a non-certified 100% pure java library for using strong encryption in your java 1.1 programs. It will eventually include all the various key management tools including key certificates, and even a key-server for automatic exchange of keys. It is distributed with full source-code, since noone can be expected to trust an encryption package without seeing the source.

What does it cost?

logi.crypto is distributed in two ways. You can choose to use it according to the Free software Foundation's (FSF) General Public License (GPL), in which case it is free but you must release your program under the GPL. This means that any user of your program must have access to the source code and be allowed to use it as they wish, including modifying it and giving it away to whomever they please.

You can also choose to purchase a copy of logi.crypto with a more conventional license for USD 100 per copy.

Is it legal?

Most countries allow the use of encryption software within their borders, but many do not allow export. This includes the US and much of Europe. Some countries do not allow the use of encryption software at all. Surprisingly, this includes countries like France which has a strong democratic tradition. I'm afraid you will have to check the legal status of encryption software in your region if you are unsure.

The RSA algorithm used is patented. This patent will expire in September, 2000. The Diffie-Hellman patent has expired. The DH-EKE protocol is also patented.

Note that only the USA and Canada (to my knowledge) accept patents on algorithms.

How secure is it?

There are no known efficient attacks against the RSA algorithm, but it has slight flaws which can be exploited if it is used carelessly. These can be avoided by always padding encrypted messages with random data and by never signing messages directly, but always a hash of the message. The strength also depends heavily on the size of the key you use and the quality of the random number generator used when creating it.

The random number generator included in logi.crypto should be fairly good. The idea is similar to that used in Sun's SecureRandom class, but it spends less time on the initial seeding and is continuusly re-seeded. The seeding is done from random elements in the scheduler and may have problems on systems which are idle and therefore somewheat predictable. Run the Spinner program to access the seeding algorithm for you own testing.

The DES algorithm is good but suffers from a too small key and the block size is beginning to become too small. The former is addressed by the Triple-DES variant of DES and the latter by using CBC mode in which case up to 32GB og data can be encrypted with a single key.

The TEA algorithm which was included in logi.crypto up to version 0.08 has been broken. Please do not use it.

How do I use it?

Encryption with logi.crypto happens on three levels. The simplest is to encrypt single fixed-size blocks of data directly by calling the CipherKey.encrypt() methods and decrypt them with the CipherKey.decrypt() methods. CipherKey objects are included for RSA, DES, triple-DES and Blowfish.

Alternatively you can create an EncryptMode object with a particular cipher-key to encrypt arbitrary arrays of data and decrypt them again with a corresponding DecryptMode object. Mode objects are included for ECB, CBC, OFB and CFB modes.

The most useful method is to use the EncryptStream and DecryptStream classes to filter your i/o operations. They will encrypt or decrypt all data that passes through them and optionally execute non-interactive protocols, such as key-exchange protocols. If you need interactive key exchange or other protocols, you can use the CipherStreamClient and CipherStreamServer classes.

You can also have a look at the complete api documentation for more details.

In addition to all this, the library is organized so that it is relatively easy to add your own ciphers, modes or utility classes.

How do I get it?

Here you may view the commercial license agreement and if you agree to its terms or choose to use logi.crypto according to the GPL you may download the archive. If you use logi.crypto in one of your projects, I'd like to hear about it. If you decide not to use logi.crypto I'd also like to hear why, so that I may improve it.

How do I Install it

The logi.crypto archive contains these files:
README Rudimentary installation instructions
logi.crypto.jar  A JAR file containing the logi.crypto package
src.zip Complete source code
doc.zip This documentation
fingerprint Fingerprints of these files created with the is.logi.crypto.test.hash utility

The simplest way to install logi.crypto is to place logi.crypto.jar in your CLASSPATH. See the documentation for your Java environment for instructions. Alternatively you may wish to unpack the source archive into a directory which resides in your CLASSPATH, since this allows you to modify the source. In this case you should take care to preserver the directory structure in the archive.

To browse this documentation locally unpack the documentation archive and point your web browser to doc/index.html. Again, you should be careful to preserve the directory structure.

To test your installation try running java is.logi.crypto.test.TestKey and java is.logi.crypto.test.TestMode.

How do I know about new releases?

By entering your e-mail address and pressing the button below, you will be notified by the url-minder service whenever this page is changed.

[ General info | Status & Plans | FAQ | Commercial License | Class docs | Online ] [ Logi Ragnarsson | Send Mail ]
[ Open Source Java Web-Ring | Skip Prev | Prev | Next | Skip Next | Random | Next 5 | List Sites ]