JCO (Java Cryptographic Objects is a free (open source) cryptographic package
that features simplicity over complexity and stiffness over flexibility.
You can download it here.
JCO is cryptographic Viagra; the remedy for JCA/JCE's
flexibility. It eliminates the pushing a rope feeling
you get when trying to give JCA/JCE the shape you need
for any particular application.
Three classes, JCOSecretKey, JCOPrivateKey and JCOPublicKey,
provide all you need to generate random keys, to encode/decode
objects (such as keys) for storage, to seal (encrypt) and unseal
(decrypt), and in the case of asymmetric keys (JCOPublicKey
and JCOPrivateKey), to sign and verify signatures.
JCO does not use Sun's java.security or javax.crypto packages other
than the SecureRandom number generator. It is immune to the jar
signing restrictions of JDK1.4, and the need to register it as a
provider. JCO is just a jar like any other.
Just 90kb (compressed jar size) versus 982kb for the full BouncyCastle
JCE package. Most of JCO's size is the small subset of BouncyCastle
lightweight engine classes that JCOactually uses. Unused classes and
methods have been removed by using the ProGuard obfuscator with obfuscation
features turned off.
JCO keys are full-fledged objects that encapsulate information and exhibit
behavior, not just passive data containers that are useless until combined
with a Cipher engine as in JCA/JCE.
Free software, distributed under the same license as BouncyCastle.
JCO is approved for export by U.S. Dept. of Commerce Bureau of Industry
and Security Regulation #740.13E5
under TSU License Exception ECCN#5D002. The distribution url, http://virtualschool.edu/jco,
was registered via email to email@example.com and
firstname.lastname@example.org on August
7, 2003 as instructed in a phone conversation on that date
with the Department of Commerce consultation hotline
(who were most helpful, by the way). The exception was
confirmed by email on August 8.
If you really need the flexibility to tie yourself in knots, Sun's JCA
and JCE providers like BouncyCastle provide all that and more. But if
all you want is to generate keys, to encode/decode objects for storage,
to seal and unseal (encrypt and decrypt) objects, and to sign and verify
signatures, JCO provides all that in an easily understood and intuitive
API and a footprint of less than 90kb (compressed jar size).
to your hard drive. Remember where you put it for the next step.
Expand the jar where ever you like. Assuming /usr/local, type
tar zxf path/to/jco.tgz
This will create a directory named jco (or overwrite any existing one)
with these contents:
- jco/edu.virtualschool.jco.jar and jco/dox
This jar contains everything you need to use JCO in your application. Just add it to your classpath and skip the rest of these instructions. The
Documentation link at the top of this page
provide quick-start documentation. Java API documentation
is in the jdo/doc directory.
Source distribution: the source itself is
straightforward but compiling it is not because: (1) compilation
requires libraries that aren't provided with this distribution, notably
(2) The build process uses the ProGuard obfuscator to remove the
parts of these distributions that JCO doesn't need.
This ant build script assumes compiled sources in the bin directory
(not provided; I rely on eclipse to build these),
combines them with the BouncyCastle binaryJCE distribution, and uses
the ProGuard obfuscator with obfuscation turned off
to build a jar that only includes code referenced by the JCO API.