commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Bourg <ebo...@apache.org>
Subject Re: [crypto][chimera] Next steps
Date Tue, 23 Feb 2016 10:53:15 GMT
Hi all,

I got a quick look at the Chimera code. If I understand well it consists in:
- a native interface to the OpenSSL AES & secure random functions
- an abstraction layer to use the JCE or OpenSSL AES implementation
- an abstraction layer to use the JCE or OpenSSL secure random
- encrypting/decrypting input/output streams

Sorry if it sounds naive, but why not accessing the OpenSSL functions
through a JCE provider instead of building an abstraction layer on top
of another abstraction layer (JCE). The Apache JuiCE project was an
attempt to implement this idea a few years ago [1]. With an OpenSSL
based JCE provider the CryptoInput/OutputStream could probably be
replaced by javax.crypto.CipherInput/OutputStream. As for the secure
random part the standard java.security.SecureRandomSpi mechanism could
be used to provide an OpenSSL based implementation.

What do you think?

Another dumb question, isn't AES-NI enabled by default in Java 8
nowadays [2]? Do you still get a significant speed up with Chimera in
this case? If so I think contributing the improvements to OpenJDK would
be a good idea too, this will benefit everyone in the next Java releases.

Emmanuel Bourg

[1] http://incubator.apache.org/projects/juice.html
[2] http://openjdk.java.net/jeps/164


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message