How to use Libsodium in Java for cryptography
Libsodium uses the elliptic curve 25519 for authenticate encryption. It can achieve the same cryptographic strength as a RSA-based system using a smaller key size.
Libsodium is written in C. In order to use it in Java, we have to use one of the Java Binding, wrapper libraries written by third parties.
How do these binding libraries work
All these binding libraries require you to import the original libsodium (native C) library before using the binding functions. This is because all these libraries do is call the native C library for you (so you don’t have to deal with calling the C code in Java.)
libsodium-jna provides a helpful chart in its README mapping the native C and java functions.
If you take a look at the first
cryptoSecretBoxEasy function from the chart. The binding library calls the
crypto_secretbox_easy() function from the native library, passing in the given parameters as arguments.
Same is true for other Java binding libraries, libsodium-jni has a file with the declaration of all the native methods. This is because to use C or C++ code in Android, you specifically declare the method you want to invoke from native function.
How to use these library
The README from libsodium-jna has provided straightforward sample code, so the following example will be done in Android libsodium-jni.
Follow the official libsodium guide to know which function to use.
First make sure you load the native library into the binding library.
Symmetric Encryption use the same key to encrypt and decrypt data
Generate a symmetric key using the
Sodium.randombytes() function. The key is essentially just a randomly generated 32 bytes of data.
Sender can encrypt the data using
Notice the function takes five parameters. One of them is nonce, a randomly generated 24 bytes of data. Nonce must be consistent in both encryption and decryption, so a convenient way to store this information is to append it to the front of the encrypted message.
Receiver can decrypt the data using
Sodium.crypto_secretbox_open_easy function. The receiver can get the nonce (first 24 bytes) from the encrypted message.
Asymmetric Encryption always use this party’s secret key and the other party’s public key to encrypt and decrypt data
Both parties will generate their own set of public key and secret key pair.
You can generate public key from secret key using
The sender can encrypt the data using
The receiver can decrypt the data using