Simple, strong encryption.
- Available soon via the Maven central repository.
- API documentation available.
Lockbox is the simplest possible way to implement strong, two-way, public-key encryption for use in applications. Lockbox uses a combination of well-established technologies to ensure the safety of data. For more information, see the Lockbox website.
Lockbox uses RSA keys in PEM format. This is a standard format understood
by OpenSSL. Generating of keys is normally handled by the openssl command
line tool (although Lockbox can also generate keys programmatically).
Generating a 2048-bit private key can be achieved with this command:
openssl genrsa -out private.pem 2048
Private keys can have password protection. To create a key with a password,
simply add the -des3 flag, which will prompt for password input before the key
is created:
openssl genrsa -des3 -out private.pem 2048
This private key must be kept secret, and treated as sensitive data. Private keys are the only keys capable of decrypting data. Public keys, on the other hand, are not as sensitive, and can be given to any party that will be responsible for encrypting data.
Lockbox is capable of extracting public keys from private keys, there is no need to create matching public key files; but if for some reason a public key file is required, this command will create one:
openssl rsa -pubout -in private.pem -out public.pem
Note: Keys generated by Lockbox can easily be converted for use with either Bouncy Castle or JCE. Check the PrivateKey and PublicKey API documentation for more information.
import co.lqnt.lockbox.key.KeyFactory;
import co.lqnt.lockbox.key.PrivateKey;
import co.lqnt.lockbox.key.PublicKey;
// ...
KeyFactory keyFactory = new KeyFactory();
PrivateKey privateKey = keyFactory.generatePrivateKey();
System.out.println(privateKey.toPem()); // outputs the key in PEM format
System.out.println(privateKey.toPem("password")); // outputs the key in encrypted PEM format
PublicKey publicKey = privateKey.publicKey();
System.out.println(publicKey.toPem()); // outputs the key in PEM format
// ...Note: Encryption only requires a public key, but Lockbox will also accept private keys, as in this example.
import co.lqnt.lockbox.EncryptionCipher;
import co.lqnt.lockbox.key.exception.PrivateKeyReadException;
import co.lqnt.lockbox.key.KeyFactory;
import co.lqnt.lockbox.key.PrivateKey;
import java.io.File;
// ...
String data = "Super secret data.";
KeyFactory keyFactory = new KeyFactory();
PrivateKey key;
try {
key = keyFactory.createPrivateKey(new File("/path/to/key.pem"), "password");
} catch (PrivateKeyReadException e) {
throw new RuntimeException("MISSION ABORT!", e); // this could be handled much better...
}
EncryptionCipher cipher = new EncryptionCipher();
String encrypted = cipher.encrypt(key, data);
// ...Lockbox includes 'bound' ciphers that are locked to a particular key. These type of ciphers are convenient for encrypting multiple data packets.
Note: Encryption only requires a public key, but Lockbox will also accept private keys, as in this example.
import co.lqnt.lockbox.BoundEncryptionCipher;
import co.lqnt.lockbox.key.exception.PrivateKeyReadException;
import co.lqnt.lockbox.key.KeyFactory;
import co.lqnt.lockbox.key.PrivateKey;
import java.io.File;
// ...
String[] data = new String[] {
"Super secret data.",
"Extra secret data.",
"Mega secret data."
};
KeyFactory keyFactory = new KeyFactory();
PrivateKey key;
try {
key = keyFactory.createPrivateKey(new File("/path/to/key.pem"), "password");
} catch (PrivateKeyReadException e) {
throw new RuntimeException("MISSION ABORT!", e); // this could be handled much better...
}
BoundEncryptionCipher cipher = new BoundEncryptionCipher(key);
String[] encrypted = new String[data.length];
for (int i = 0; i < data.length; ++i) {
encrypted[i] = cipher.encrypt(data[i]);
}
// ...import co.lqnt.lockbox.DecryptionCipher;
import co.lqnt.lockbox.exception.DecryptionFailedException;
import co.lqnt.lockbox.key.exception.PrivateKeyReadException;
import co.lqnt.lockbox.key.KeyFactory;
import co.lqnt.lockbox.key.PrivateKey;
import java.io.File;
// ...
String encrypted = "<some encrypted data>";
KeyFactory keyFactory = new KeyFactory();
PrivateKey key;
try {
key = keyFactory.createPrivateKey(new File("/path/to/key.pem"), "password");
} catch (PrivateKeyReadException e) {
throw new RuntimeException("MISSION ABORT!", e); // this could be handled much better...
}
DecryptionCipher cipher = new DecryptionCipher();
String data;
try {
data = cipher.decrypt(key, encrypted);
} catch (DecryptionFailedException e) {
// decryption failed
}
// ...Lockbox includes 'bound' ciphers that are locked to a particular key. These type of ciphers are convenient for decrypting multiple data packets.
import co.lqnt.lockbox.BoundDecryptionCipher;
import co.lqnt.lockbox.exception.DecryptionFailedException;
import co.lqnt.lockbox.key.exception.PrivateKeyReadException;
import co.lqnt.lockbox.key.KeyFactory;
import co.lqnt.lockbox.key.PrivateKey;
import java.io.File;
// ...
String[] encrypted = new String[] {
"<some encrypted data>",
"<more encrypted data>",
"<other encrypted data>"
};
KeyFactory keyFactory = new KeyFactory();
PrivateKey key;
try {
key = keyFactory.createPrivateKey(new File("/path/to/key.pem"), "password");
} catch (PrivateKeyReadException e) {
throw new RuntimeException("MISSION ABORT!", e); // this could be handled much better...
}
BoundDecryptionCipher cipher = new BoundDecryptionCipher(key);
String[] data = new String[encrypted.length];
for (int i = 0; i < encrypted.length; ++i) {
try {
data[i] = cipher.decrypt(encrypted[i]);
} catch (DecryptionFailedException e) {
// decryption failed
}
}
// ...