yaafi-crypto/xdocs/index.xml - turbine-fulcrum-intake - Git at Google

 <?xml version="1.0"?>
 <!--
  Licensed to the Apache Software Foundation (ASF) under one
  or more contributor license agreements.  See the NOTICE file
  distributed with this work for additional information
  regarding copyright ownership.  The ASF licenses this file
  to you under the Apache License, Version 2.0 (the
  "License"); you may not use this file except in compliance
  with the License.  You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing,
  software distributed under the License is distributed on an
  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  KIND, either express or implied.  See the License for the
  specific language governing permissions and limitations
  under the License.
 -->

 <document>

   <properties>
     <title>Fulcrum Crypto Library</title>
     <author email="siegfried.goeschl@it20one.at">Siegfried Goeschl</author>
   </properties>

   <body>

     <section name="Overview">
       <p> Fulcrum YAFFI Crypto Library is an extension library for Fulcrum YAAFI to support
         transparent decryption of configuration files. The encryption/decryption is based by default on <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html" target="blank_">PBEWith&lt;digest&gt;And&lt;encryption&gt;</a> algorithm (PBEWithHmacSHA256AndAES_256) with 128bit key length.</p>
     </section>

     <section name="Functionality">
       <p> This library exposes the following functionality <ul>
           <li>password factory to create safer passwords</li>
           <li>creation of decrypting input streams</li>
           <li>creation of enrypting output streams</li>
         </ul>
       </p>
       <subsection name="Password Creation">
         <p> Why someone need a password factory to create safer password?! People tend to use weak
           password vulnerable to dictionary attacks. To improve the situation you have a base
           password which you convert into the real password using the PasswordFactory. For the
           password generation the base password is salted and repeatedly hashed to generate a UUID
           string (which you can still manually enter on the keyboard). Furthermore the password
           generation allows you to hide the "real" password in the case that you need to store your
           password directly in your code or configuration.<table>
             <tr>
               <td>Base Text Password</td>
               <td>Computed Text Password</td>
             </tr>
             <tr>
               <td>fulcrum-yaafi</td>
               <td>727a-98b9-93be-4537c</td>
             </tr>
             <tr>
               <td>mysecret</td>
               <td>62cc-bf14-1814-672da</td>
             </tr>
           </table>
         </p>
       </subsection>
       <subsection name="Decrypting InputStreams">
         <p> A decrypting input stream allows to apply transparent decryption of an input stream.
           Transparently also means that the implementation is able to look at the content to decide
           if it is encrypted at all - this is a so-called "SmartDecryptingInputStream". </p>
       </subsection>
       <subsection name="Encrypting OutputStreams">
         <p> A encrypting output stream allows to apply transparent encryption of an output stream.
         </p>
       </subsection>
     </section>

     <section name="Cryptography Support">
       <subsection name="JDK Support">
         <table>
           <tr>
             <td>JDK 1.3.x</td>
             <td> For JDK 1.3.x the <a href="http://java.sun.com/products/jce/index-122.html"> Java
                 Cryptography Extension (JCE) 1.2.2</a> needs to be installed. Furthermore you need
               to add the jce1_2_2.jar to your Maven repository and project.xml </td>
           </tr>
           <tr>
             <td>JDK 1.4.x</td>
             <td> The current JDK's have the JCA built-in therefore no extra configuration is
               required. </td>
           </tr>
           <tr>
             <td>JDK 1.5.x</td>
             <td> The current JDK's have the JCA built-in therefore no extra configuration is
               required. </td>
           </tr>
           <tr>
             <td>JDK 1.6.x</td>
             <td> The current JDK's have the JCA built-in therefore no extra configuration is
               required.
               <a href="https://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html">
             Java Cryptography Architecture Sun Providers Documentation for JavaTM Platform Standard Edition 6</a>
                </td>
           </tr>
           <tr>
             <td>JDK 1.7.x</td>
             <td> <a href="https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html">
             Java Cryptography Architecture Oracle Providers Documentation for Java Platform Standard Edition 7</a>
             </td>
           </tr>
           <tr>
             <td>JDK 1.8.x</td>
             <td> <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html">
             Java Cryptography Architecture Oracle Providers Documentation for JDK 8</a>
             </td>
           </tr>
            <tr>
             <td>JDK 14</td>
             <td> <a href="https://docs.oracle.com/en/java/javase/14/security/java-cryptography-architecture-jca-reference-guide.html">
             Java Cryptography Architecture Oracle Providers Documentation for JDK 14</a>
             </td>
           </tr>
         </table>
       </subsection>
       <subsection name="Availabe Cipher Algorithms (Algorithm Modes)">
         <table>
           <tr>
             <th>Provider Version</th>
             <th>Algorithms</th>
           </tr>
           <tr>
             <td>SunJCE 1.22</td>
             <td>PBEWithMD5AndDES</td>
           </tr>
           <tr>
             <td>SunJCE 1.42</td>
             <td>PBEWithMD5AndDES</td>
           </tr>
           <tr>
             <td>SunJCE (Java 8)</td>
             <td>PBEWithHmacSHA256AndAES_256</td>
           </tr>
            <tr>
             <td>SunJCE (Java 8)</td>
             <td>AES_128/GCM/NoPadding</td>
           </tr>
         </table>
       </subsection>
      </section>
   </body>

 </document>
	<?xml version="1.0"?>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	-->

	<document>

	<properties>
	<title>Fulcrum Crypto Library</title>
	<author email="siegfried.goeschl@it20one.at">Siegfried Goeschl</author>
	</properties>

	<body>

	<section name="Overview">
	<p> Fulcrum YAFFI Crypto Library is an extension library for Fulcrum YAAFI to support
	transparent decryption of configuration files. The encryption/decryption is based by default on <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html" target="blank_">PBEWith<digest>And<encryption></a> algorithm (PBEWithHmacSHA256AndAES_256) with 128bit key length.</p>
	</section>

	<section name="Functionality">
	<p> This library exposes the following functionality <ul>
	<li>password factory to create safer passwords</li>
	<li>creation of decrypting input streams</li>
	<li>creation of enrypting output streams</li>
	</ul>
	</p>
	<subsection name="Password Creation">
	<p> Why someone need a password factory to create safer password?! People tend to use weak
	password vulnerable to dictionary attacks. To improve the situation you have a base
	password which you convert into the real password using the PasswordFactory. For the
	password generation the base password is salted and repeatedly hashed to generate a UUID
	string (which you can still manually enter on the keyboard). Furthermore the password
	generation allows you to hide the "real" password in the case that you need to store your
	password directly in your code or configuration.<table>
	<tr>
	<td>Base Text Password</td>
	<td>Computed Text Password</td>
	</tr>
	<tr>
	<td>fulcrum-yaafi</td>
	<td>727a-98b9-93be-4537c</td>
	</tr>
	<tr>
	<td>mysecret</td>
	<td>62cc-bf14-1814-672da</td>
	</tr>
	</table>
	</p>
	</subsection>
	<subsection name="Decrypting InputStreams">
	<p> A decrypting input stream allows to apply transparent decryption of an input stream.
	Transparently also means that the implementation is able to look at the content to decide
	if it is encrypted at all - this is a so-called "SmartDecryptingInputStream". </p>
	</subsection>
	<subsection name="Encrypting OutputStreams">
	<p> A encrypting output stream allows to apply transparent encryption of an output stream.
	</p>
	</subsection>
	</section>

	<section name="Cryptography Support">
	<subsection name="JDK Support">
	<table>
	<tr>
	<td>JDK 1.3.x</td>
	<td> For JDK 1.3.x the <a href="http://java.sun.com/products/jce/index-122.html"> Java
	Cryptography Extension (JCE) 1.2.2</a> needs to be installed. Furthermore you need
	to add the jce1_2_2.jar to your Maven repository and project.xml </td>
	</tr>
	<tr>
	<td>JDK 1.4.x</td>
	<td> The current JDK's have the JCA built-in therefore no extra configuration is
	required. </td>
	</tr>
	<tr>
	<td>JDK 1.5.x</td>
	<td> The current JDK's have the JCA built-in therefore no extra configuration is
	required. </td>
	</tr>
	<tr>
	<td>JDK 1.6.x</td>
	<td> The current JDK's have the JCA built-in therefore no extra configuration is
	required.
	<a href="https://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html">
	Java Cryptography Architecture Sun Providers Documentation for JavaTM Platform Standard Edition 6</a>
	</td>
	</tr>
	<tr>
	<td>JDK 1.7.x</td>
	<td> <a href="https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html">
	Java Cryptography Architecture Oracle Providers Documentation for Java Platform Standard Edition 7</a>
	</td>
	</tr>
	<tr>
	<td>JDK 1.8.x</td>
	<td> <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html">
	Java Cryptography Architecture Oracle Providers Documentation for JDK 8</a>
	</td>
	</tr>
	<tr>
	<td>JDK 14</td>
	<td> <a href="https://docs.oracle.com/en/java/javase/14/security/java-cryptography-architecture-jca-reference-guide.html">
	Java Cryptography Architecture Oracle Providers Documentation for JDK 14</a>
	</td>
	</tr>
	</table>
	</subsection>
	<subsection name="Availabe Cipher Algorithms (Algorithm Modes)">
	<table>
	<tr>
	<th>Provider Version</th>
	<th>Algorithms</th>
	</tr>
	<tr>
	<td>SunJCE 1.22</td>
	<td>PBEWithMD5AndDES</td>
	</tr>
	<tr>
	<td>SunJCE 1.42</td>
	<td>PBEWithMD5AndDES</td>
	</tr>
	<tr>
	<td>SunJCE (Java 8)</td>
	<td>PBEWithHmacSHA256AndAES_256</td>
	</tr>
	<tr>
	<td>SunJCE (Java 8)</td>
	<td>AES_128/GCM/NoPadding</td>
	</tr>
	</table>
	</subsection>
	</section>
	</body>

	</document>