commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Bourg <>
Subject Re: [crypto][chimera] Next steps
Date Tue, 23 Feb 2016 10:53:15 GMT
Hi all,

I got a quick look at the Chimera code. If I understand well it consists in:
- a native interface to the OpenSSL AES & secure random functions
- an abstraction layer to use the JCE or OpenSSL AES implementation
- an abstraction layer to use the JCE or OpenSSL secure random
- encrypting/decrypting input/output streams

Sorry if it sounds naive, but why not accessing the OpenSSL functions
through a JCE provider instead of building an abstraction layer on top
of another abstraction layer (JCE). The Apache JuiCE project was an
attempt to implement this idea a few years ago [1]. With an OpenSSL
based JCE provider the CryptoInput/OutputStream could probably be
replaced by javax.crypto.CipherInput/OutputStream. As for the secure
random part the standard mechanism could
be used to provide an OpenSSL based implementation.

What do you think?

Another dumb question, isn't AES-NI enabled by default in Java 8
nowadays [2]? Do you still get a significant speed up with Chimera in
this case? If so I think contributing the improvements to OpenJDK would
be a good idea too, this will benefit everyone in the next Java releases.

Emmanuel Bourg


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message