Simple, "right" cryptography.
Project description
Java | Python | Go |
---|---|---|
Cryptolite
What is it?
Cryptolite is a wrapper for standard crypto libraries, providing a simpler user experience. The goal is to make "right" cryptography straightforward by taking away the options, making it harder to get cryptography wrong. It's "lite" as in "easy to use", not as in "less powerful". This means Cryptolite does serious cryptography with a handful of API methods and goes to some length to help you understand how to use the basic building blocks - keys, key pairs, encryption, digital signatures, key exchange and key wrapping, and a couple of useful extras including password generation and hashing.
Cryptolite doesn't do any cryptography itself. Instead it relies on trusted implementations to do the heavy lifting. The API is focused on providing the things you're likely to need as a developer, especially for web apps and microservices - hashing passwords, generating random IDs, encrypting and digitally signing Strings and Files and managing keys safely.
No options means under the covers it just does what's most appropriate - and if necessary pragmatic - enabling you to use cryptography without having to research it in depth. For example, did you know that using AES in ECB mode is a bad idea? Neither did I when I started. I wrote Cryptolite to take care of it. (http://www.codinghorror.com/blog/2009/05/why-isnt-my-encryption-encrypting.html)
See it in action
If you'd like to see a showcase app I put together with Cryptolite, have a look at https://cryptonite.herokuapp.com (it may take a while to load - it's a Heroku thing). Cryptonite also provides Encryption-as-a-service: https://cryptonite.herokuapp.com/api
Why release it?
To share what I believe to be a valuable by-product of my first startup, Workdocx with the community, (inspired by 37signals: http://37signals.com/svn/posts/1620-sell-your-by-products).
The Cryptolite library was developed to provide security for the Workdocx service and is the result of many hours of research and coding work I did to keep our users safe online.
For the community, the hope is that this will make it such a no-brainer to use good cryptography that more and more people will get it right by default. Keeping it small and opening the source code makes it easy to see how to make use of the JCE in ways not provided for by Cryptolite, so let me know via pull request if you'd like to feed something back in.
Thanks go to..
Much of the inspiration for the algorithms, modes and parameters comes from http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html. Additional research is from good old Wikipedia, as well as a bunch of other sites offering advice, including Coding Horror, above. JCE bootstrapping is from Beginning Cryptography With Java (http://www.wrox.com/WileyCDA/WroxTitle/Beginning-Cryptography-with-Java.productCd-0764596330.html), and many thanks go to the guys at BouncyCastle for their JCE provider (http://www.bouncycastle.org/).
Licensing:
This library is released under the MIT license, like many other libraries, which means you are free to use it in commercial products.
If you have any questions, feel free to contact me via Twitter @davidcarboni or find me on Medium as davidcarboni.
David Carboni
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.