OpenSSL with Java

Question

I have to use OpenSSL in a Java web project and I don\'t know anything about \'OpenSSL\'.

How can I integrate OpenSSL with my project? is there any good fundamental tuto

Answer 1

There are lots of Java native libraries for crypto. However they are generally not fully interoperable with OpenSSL, are sometimes significantly slower (see the metrics on the site below), and aren't supported on all platforms. OpenSSL is definitely supported on nearly every platform and is, generally, performant.

That being said, there are some security advantages to using VM-based crypto. This should also be a consideration.

The Apache group has built a library for Java that uses JNI to access openssl for AES encryption. I think it's the best public example of using JNI to access openssl, and you can reference it easily using maven.

https://github.com/apache/commons-crypto

If you want, you can pull out the JNI binding portion of the libary and implement the functions you need.

This makefile shows how to use javah to get what you need from the .class to build the .c code:

https://github.com/apache/commons-crypto/blob/master/Makefile

Specifically, this line in the Makefile calls javah: $(JAVAH) -force -classpath $(TARGET)/classes -o $@ org.apache.commons.crypto.cipher.OpenSslNative to produce the correct "OpenSslNative.h" file based on the OpenSslNative.class.

https://github.com/apache/commons-crypto/blob/master/src/main/java/org/apache/commons/crypto/cipher/OpenSslNative.java

Note how import java.nio.ByteBuffer; is used to allow for C output buffers.

The associated .c program is here:

https://github.com/apache/commons-crypto/blob/master/src/main/native/org/apache/commons/crypto/cipher/OpenSslNative.c

It's written with cross-platform support in mind, and is a good example. Every exported function must begin with JNIEXPORT, and you can see how the full class path is in each function name.

I've seen a lot of bad JNI bindings, passing strings around, etc. Starting with a solid base goes a long way toward building good OpenSSL integration in Java.