One library for all Java encryption

All levels of security from simple software to Java Cards and cloud encryption service. Unchain the crypto ecosystem.

GitHub repository

BouncyCrypto at Black Hat USA 2017

OpenCrypto: unchaining the JavaCard ecosystem

We have presented the first version of the library at Black Hat. We put an incredible effort into development to present a “fully functioning prototype” with a profiler.

The library was verified on four types of JavaCards (and JCardSim simulator). It provided all low-level operations to build protocols with Eliptic Curve cryptography (256, 384, 512, and 521 bits):

  • Bignat - addition, multiplication, modular operations, inversion, etc.

  • EC point - low-level operations with EC points

  • EC curve - generation of EC

Download presentation (soon)

Unchaining Java Card Ecosystem

Gap

Linkedin shows 6,800,000 people who included Java as their skill but if you search for people with JavaCard as there skill, you get 3,500. It is a big shame as Java Cards not only give you secure computing resource, but also teaches you how to isolate your critical code. 

It shows what a niche JavaCard programming is. We want this to change and we’d love to improve the ratio by at least one order of magnitude from the current 1:2,000.

Petr Svenda published a blog post at Medium with quite a few more interesting stats.

Our Vision

Our vision is simple. We have started building libraries, and tooling for using Java Card code inside normal Java applications.

We will provide you with a simple cryptographic library as well as low-level functions for those who need to build own secure protocols. Our ambition is to give you a ready-to-go environment with a simple GitHub clone command.

We believe the most important property of any encryption library is flexibility and it should be as easy to use as a database system.

You can use the environment we are building to write stand-alone applets for Java Cards or the free Java Card simulator JCardSim to remove the need for physical hardware. You can use it to write security critical packages protecting your Java data, potentially using Java Cards (or simulators) to isolate private keys.

You can also use Enigma Bridge hardware as a massive bank of Java Cards available from the cloud.

What now, what can you do?

We will add all the currently available information and links in next few days. This will include links to our results of JavaCard testing, various existing projects, our library, and so on.

We also hope to quickly finish first versions development environment, tooling, and so on so if you’re interested in Java Cards, you can start writing your first applets straight away. We love JCardSim as it is a great tool to test and run JavaCard code - no hardware required.  

If it sounds like a great idea, get in touch - whether you want to help, or, maybe more importantly, start playing.

Check our DEFCON-25 talk to see how cool Java Cards are
Enter GitHub