Hello, I've released a new native OSS crypto library for the JVM that uses AES-NI, PCLMUL, and RDRAND instructions available on recent x86-64 CPUs:
https://github.com/wg/crypto It supports AES in CBC, CTR, and GCM modes with optional authentication, secure random number generation (RDRAND, Ivy Bridge+ CPUs only), and constant-time byte array comparison. I believe the API is simple and less error prone than the JCE's. However it is designed as a low level library and requires the user to correctly assemble the provided primitives. This is just a hobby project and I am not a cryptographer. I have however placed an emphasis on testing and it passes all publicly available NIST AESAVS tests. The underlying AES implementation is hardware, and the driver code is OSS from Intel and the OpenBSD project. The GCM wrapper of CTR and GMAC, RDRAND driver, and other utilities were written by me. I hope that, despite all those caveats, someone may find this useful! Performance is significantly better than pure Java implementations of the AES algorithms (5-20x faster in the case of GCM), the hardware implementation should resist timing attacks, and RDRAND is capable of generating secure random bytes at a rate of ~800MB/s. Regards, Will _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography