SeaSalt

NaCl and libsodium compatible library for public-key cryptography and hashing using Bouncy Castle.

Secret key cryptography is not supported. PRs to add secret key cryptography to this library will be accepted.

Public key signature algorithms

• Ed25519
• ECDSA
  • secp256k1

Hashing algorithms

• SHA1
• SHA2 (SHA-256, SHA-384, SHA-512)
• SHA3 (SHA3-256, SHA3-384, SHA3-512)
• Blake2b (Blake2b-256, Blake2b-384, Blake2b-512)
• Keccak (Keccak-256, Keccak-384, Keccak-512)

Public key signatures

Implementations

ECDSARecovery(X9ECParameters|String curve, Digest digest = SHA256Digest())

Create an ECDSARecovery object using Bouncy Castle's X9ECParameters or a String to specify the curve and Bouncy Castle's Digest to specify the hash algorithm, with default one being SHA-256.

Signatures created from ECDSARecovery will have attached v (recId) as a header byte to the signature.

ECDSA(X9ECParameters|String curve, Digest digest = SHA256Digest())

Create an ECDSA object using Bouncy Castle's X9ECParameters or a String to specify the curve and Bouncy Castle's Digest to specify the hash algorithm, with default one being SHA-256.

Signatures created from ECDSA will NOT have attached v (recId) as a header byte to the signature.

Ed25519()

Create an Ed25519 object.

Methods

KeyPair keyPair()

Create a random KeyPair.

KeyPair keyPairFromSeed(byte[]|Binary seed)

Create a KeyPair from seed.

KeyPair keyPairFromSecretKey(byte[]|Binary privateKey)

Create a KeyPair from a private key.

Signature signDetached(byte[]|Binary|String msg, byte[]|Binary|KeyPair privateKey)

Sign a message using a private key or a KeyPair. The return value is the digital signature of type Binary.

boolean verify(byte[]|Binary|String msg, byte[]|Binary|KeyPair signature, byte[]|Binary publicKey)

Verify a signature using a public key or a KeyPair.

A sign method which prepends the message to the signature, compatible with libsodium's combined mode, is not yet supported.

Example usages

Create an ECDSARecovery object, using secp256k1 curve with default Keccak-256 digest, hash a message, create a KeyPair, sign a message and verify it.

ECDSARecovery secp256k1 = new ECDSARecovery("secp256k1");
Hasher hasher = new Hasher("Keccak-256");

KeyPair myKeyPair = secp256k1.keyPair();
Binary msgHash = hasher.hash("Hello");
Signature mySignature = secp256k1.signDetached(myMessage, myKeyPair);

assert sig.getBytes().length == 65; // including header recId byte

secp256k1.verify(myMessage, mySignature, myKeyPair) // True

Create an ECDSA object, using secp256k1 curve with default Keccak-256 digest, hash a message, create a KeyPair, sign a message and verify it.

ECDSA secp256k1 = new ECDSA("secp256k1");
Hasher hasher = new Hasher("Keccak-256");

KeyPair myKeyPair = secp256k1.keyPair();
Binary msgHash = hasher.hash("Hello");
Signature mySignature = secp256k1.signDetached(myMessage, myKeyPair);

assert sig.getBytes().length == 64;

secp256k1.verify(myMessage, mySignature, myKeyPair) // True

Create an Ed25519 object, create a KeyPair, sign a message and verify it.

Ed25519 ed25519 = new Ed25519();

KeyPair myKeyPair = ed25519.keyPair();
String myMessage = "Hello";
ECDSASignature mySignature = ed25519.signDetached(myMessage, myKeyPair);

ed25519.verify(myMessage, mySignature, myKeyPair) // True

Hashing

Hasher(MessageDigest|String algorithm)

Create a Hasher object, using Java's MessageDigest or using String to specify the algortihm.

Binary hash(byte[]|String msg)

Hash a byte array or a String.

Example usages

Create a Hasher object, using SHA-256 algorithm, hash a message and encode it to hex.

Hasher sha256 = new Hasher("SHA-256");
Binary mySHA256Digest = sha256.hash("Hello");
String mySHA256HexEncodedBinary = mySHA256Digest.getHex();

Create a Hasher object, using Keccak-384 algorithm, hash a message and encode it to base58.

Hasher keccak384 = new Hasher("Keccak-384");
String myKeccak384Base58EncodedDigest = keccak384.hash("Hello").getBase58();

Helper Types

Binary

Binary(byte[] bytes)

Create a Binary object, using byte array.

Binary Binary::fromHex(String hex)

Create a Binary object, using a hexidecimal value

Binary Binary::fromBase58(String base58)

Create a Binary object, using a base58 encoded value

Binary Binary::fromBase64(String base64)

Create a Binary object, using a base64 encoded value

byte[] getBytes()

Get raw byte array of the Binary.

String getHex()

Get hexidecimal representation of the Binary.

String getBase58()

Get base58 encoded value of the Binary.

String getBase64()

Get base64 encoded value of the Binary.

KeyPair

KeyPair(byte[]|Binary publicKey, byte[]|Binary privateKey)

Create a KeyPair object, using a byte array or a Binary representation of the keys.

Binary getPublicKey()

Get the public key.

Binary getPrivateKey()

Get the private key.

Signature extends Binary

Signature(byte[] sig)

Create a Signature object, using a byte array.

ECDSASignature extends Signature

ECDSASignature(byte[] r, byte[] s, byte[]|byte v)

Create a ECDSASignature object, using byte arrays of the r, s and v components of the signatures.

ECDSASignature(byte[] r, byte[] s)

Create a ECDSASignature object, using byte arrays of the r and s components of the signatures (no recId).

byte[] getR()

Get the r component of the ECDSA signature.

byte[] getS()

Get the s component of the ECDSA signature.

byte[] getV()

Get the v component of the ECDSA signature, that would be the recId.