Bouncy Castle
jjwt
Our great sponsors
Bouncy Castle | jjwt | |
---|---|---|
9 | 4 | |
2,154 | 9,847 | |
1.9% | 1.4% | |
9.5 | 8.3 | |
5 days ago | 4 days ago | |
Java | Java | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Bouncy Castle
-
Show HN: filippo.io/mlkem768 – Post-Quantum Cryptography for the Go Ecosystem
Note that there may be incompatibilities until NIST has published the final revisions. Some specifications are on Round 3 kyber, others are on FIPS 203.
This one will interoperate with Bouncy Castle as we both use FIPS 203 draft, but won't interoperate with OQS that is still on the Round 3 submission.
See also: https://github.com/bcgit/bc-java/issues/1578
-
Java implementation of a quantum computing resistant cryptographic algorithm
The readme mentions a dependency on Bouncy Castle - note that BC already contains several Java-based PQC signature schemes, see https://doc.primekey.com/bouncycastle/interoperability#Inter... and https://github.com/bcgit/bc-java
-
Help with BouncyCastle OpenPGP (Java)
The best official resources are probably the example classes in the bouncycastle repository. They give you a rough idea for how to use the API, although they are a bit minimal unfortunately. You can probably apply a lot of domain knowledge (what algorithms are good/bad) from openpgpjs too, although you'd have to find out how the respective method calls are called on the BC side.
-
Bouncy Castle VS pgpainless - a user suggested alternative
2 projects | 12 Aug 2022
- Any good open-source Java encryption API
-
How can i use the sha256sum tool of my linux-based OS to encript strings?
Why? Bouncy Castle has all you need.
-
Non Spring users what are you using ??
Cryptography? Use Java Cryptography Extensions and Java Secure Socket Extensions with Bouncy Castle
- Java - Bouncy castle - OpenPGP
-
Dozens sue Amazon's Ring after camera hack leads to threats and racial slurs
Recently there was a constant time enhancement in bouncy castle that added a comparison using indexOf instead of charAt. Fairly easy to overlook, although glaring in hindsight, if there are no negative tests covering the functionality.
jjwt
- Java JWT: JSON Web Token for Java and Android
-
A simple to use Java 8 JWT Library. Verify, Sign, Encode, Decode all day.
How does this compare to JJWT?
-
Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
Note that this PoC uses DER signature which is accepted by the jjwt library as fallback (see https://github.com/jwtk/jjwt/blob/master/impl/src/main/java/io/jsonwebtoken/impl/crypto/EllipticCurveSignatureValidator.java ), but that is not a standard. Standard is JOSE format.
-
JWT authentication in Spring Security and Angular
There are many open-source JWT implementations available for all languages. In this blog post, we use Java jjwt library in this blog post.
What are some alternatives?
Spring Security - Spring Security
jwt-java - JSON Web Token implementation for Java according to RFC 7519. Easily create, parse and validate JSON Web Tokens using a fluent API.
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
Nimbus JOSE+JWT - JSON Web Token (JWT) implementation for Java with support for signatures (JWS), encryption (JWE) and web keys (JWK).
Apache Shiro - Apache Shiro
Google Keyczar - Easy-to-use crypto toolkit
java-jwt-benchmark - Project for benchmarking popular Json Web Token (JWT) frameworks for Java using JMH.
Cryptomator - Multi-platform transparent client-side encryption of your files in the cloud
owasp-zap-jwt-addon - OWASP ZAP addon for finding vulnerabilities in JWT Implementations