/cryptolib

Cryptomator Crypto Library

Primary LanguageJavaGNU Affero General Public License v3.0AGPL-3.0

Build Quality Gate Status Coverage Vulnerabilities Maven Central Javadocs

Cryptomator Crypto Library

This library contains all cryptographic functions that are used by Cryptomator. The purpose of this project is to provide a separate light-weight library with its own release cycle that can be used in other projects, too.

Audits

Finding Comment
1u1-22-001 The now revoked GPG key has been used exclusively for the Maven repositories, was designed for signing only and was protected by a 30-character generated password (alphabet size: 96 chars). It was iterated and salted (SHA1 with 20971520 iterations), making even offline attacks very unattractive. Apart from that, this finding has no influence on the Tresor apps1. This was not known to Cure53 at the time of reporting.
1u1-22-002 This issue is related to siv-mode.

License

This project is dual-licensed under the AGPLv3 for FOSS projects as well as a commercial license derived from the LGPL for independent software vendors and resellers. If you want to use this library in applications that are not licensed under the AGPL, feel free to contact our sales team.


1 The Cure53 pentesting was performed during the development of the apps for 1&1 Mail & Media GmbH.