{"id":23174364,"url":"https://github.com/dracoon/dracoon-java-crypto-sdk","last_synced_at":"2025-09-25T16:48:20.042Z","repository":{"id":26429140,"uuid":"108821074","full_name":"dracoon/dracoon-java-crypto-sdk","owner":"dracoon","description":"Official DRACOON Crypto SDK for Java","archived":false,"fork":false,"pushed_at":"2025-02-26T16:31:40.000Z","size":271,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-08-18T09:45:31.473Z","etag":null,"topics":["crypto","cryptography","dracoon","java","sdk"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dracoon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-10-30T08:16:51.000Z","updated_at":"2025-02-26T16:31:45.000Z","dependencies_parsed_at":"2022-09-26T21:40:32.806Z","dependency_job_id":"c9fa7d17-c59f-4d08-a978-1e7e1dbc9e30","html_url":"https://github.com/dracoon/dracoon-java-crypto-sdk","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/dracoon/dracoon-java-crypto-sdk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dracoon%2Fdracoon-java-crypto-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dracoon%2Fdracoon-java-crypto-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dracoon%2Fdracoon-java-crypto-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dracoon%2Fdracoon-java-crypto-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dracoon","download_url":"https://codeload.github.com/dracoon/dracoon-java-crypto-sdk/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dracoon%2Fdracoon-java-crypto-sdk/sbom","scorecard":{"id":354800,"data":{"date":"2025-08-11","repo":{"name":"github.com/dracoon/dracoon-java-crypto-sdk","commit":"7e1ffeeff1ac50f7185dfe1dbe6c053939dfbbd6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.7,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:13","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/build.yml:14","Info: jobLevel 'contents' permission set to 'read': .github/workflows/unit-tests.yml:13","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/unit-tests.yml:14","Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/unit-tests.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dracoon/dracoon-java-crypto-sdk/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/dracoon/dracoon-java-crypto-sdk/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/dracoon/dracoon-java-crypto-sdk/unit-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/dracoon/dracoon-java-crypto-sdk/unit-tests.yml/main?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T09:15:57.251Z","repository_id":26429140,"created_at":"2025-08-18T09:15:57.251Z","updated_at":"2025-08-18T09:15:57.251Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276953845,"owners_count":25734617,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-25T02:00:09.612Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","cryptography","dracoon","java","sdk"],"created_at":"2024-12-18T05:19:57.386Z","updated_at":"2025-09-25T16:48:20.004Z","avatar_url":"https://github.com/dracoon.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build](https://github.com/dracoon/dracoon-java-crypto-sdk/actions/workflows/build.yml/badge.svg)](https://github.com/dracoon/dracoon-java-crypto-sdk/actions/workflows/build.yml)\n[![Unit Tests](https://github.com/dracoon/dracoon-java-crypto-sdk/actions/workflows/unit-tests.yml/badge.svg)](https://github.com/dracoon/dracoon-java-crypto-sdk/actions/workflows/unit-tests.yml)\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.dracoon/dracoon-crypto-sdk/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.dracoon/dracoon-crypto-sdk)\n# Dracoon Java Crypto SDK\n\nA library which implements the client-side encryption of Dracoon.\n\n# Introduction\n\nA document which describes the client-side encryption in detail can be found here:\n\nhttps://support.dracoon.com/hc/en-us/articles/360000986345 \n\n# Setup\n\n#### Minimum Requirements\n\nJava 8 or newer\n\n#### Download\n\nMaven: Add this dependency to your pom.xml:\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.dracoon\u003c/groupId\u003e\n    \u003cartifactId\u003edracoon-crypto-sdk\u003c/artifactId\u003e\n    \u003cversion\u003e3.0.2\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nGradle: Add this dependency to your build.gradle:\n```groovy\ncompile 'com.dracoon:dracoon-crypto-sdk:3.0.2'\n```\n\nJAR import: The latest JAR can be found [here](\nhttps://github.com/dracoon/dracoon-java-crypto-sdk/releases).\n\nNote that you also need to include the following dependencies:\n1. Bouncy Castle PKIX/CMS/...: https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk18on:1.80\n2. Bouncy Castle Provider: https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on:1.80\n3. Bouncy Castle Utils: https://mvnrepository.com/artifact/org.bouncycastle/bcutil-jdk18on:1.80\n\n#### Java JCE Setup\n\n**IMPORTANT FOR JAVA VERSION 8 (\u003c162):**\n\nYou need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy\nFiles. Otherwise you'll get an exception about key length or an exception when parsing PKCS private\nkeys.\n\nThe Unlimited Strength Jurisdiction Policy File can be found here:\n- Java 8: https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html\n\nFor Java 9 and above, the Unlimited Strength Jurisdiction Policy Files are no longer needed.\n(For more information see: https://stackoverflow.com/questions/1179672)\n\n#### Usage on Android\n\nThe Android platform ships with a cut-down version of Bouncy Castle. In the past (pre-Android 3.0),\nthis caused conflicts and there was a separate version of the Crypto SDK for Android which used\nSpongy Castle.\n\nBecause there are very few people who use pre-Android 3.0 devices, and the fact that Spongy Castle\nis not maintained anymore, there is no longer a separate version.\n\nTo avoid problems you should reinitialize the Bouncy Castle security provider when your application\nstarts. This can be done by extending `Application` and using a static initialization block. See\nfollowing example.\n\n```java\n...\n\nimport org.bouncycastle.jce.provider.BouncyCastleProvider;\n\npublic class DracoonApplication extends Application {\n    \n    static {\n        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);\n        Security.addProvider(new BouncyCastleProvider());\n    }\n\n    ...\n    \n}\n```\n\n# Example\n\nAn example can be found here: `example/src/main/java/com/dracoon/sdk/crypto/example/Main.java`\n\nThe example shows the complete encryption workflow, i.e. generate user keypair, validate user\nkeypair, generate file key, encrypt file key, and finally encrypt and decrypt a file.\n\n```java\npublic static void main(String[] args) throws Exception {\n    // --- INITIALIZATION ---\n    // Generate key pair\n    UserKeyPair userKeyPair = Crypto.generateUserKeyPair(UserKeyPair.Version.RSA2048,\n            USER_PASSWORD);\n    // Check key pair\n    if (!Crypto.checkUserKeyPair(userKeyPair, USER_PASSWORD)) {\n        ...\n    }\n\n    byte[] plainData = DATA.getBytes(\"UTF8\");\n\n    ...\n\n    // --- ENCRYPTION ---\n    // Generate plain file key\n    PlainFileKey fileKey = Crypto.generateFileKey(PlainFileKey.Version.AES256GCM);\n    // Encrypt blocks\n    byte[] encData = encryptData(fileKey, plainData);\n    // Encrypt file key\n    EncryptedFileKey encFileKey = Crypto.encryptFileKey(fileKey, userKeyPair.getUserPublicKey());\n\n    ...\n\n    // --- DECRYPTION ---\n    // Decrypt file key\n    PlainFileKey decFileKey = Crypto.decryptFileKey(encFileKey, userKeyPair.getUserPrivateKey(),\n            USER_PASSWORD);\n    // Decrypt blocks\n    byte[] decData = decryptData(decFileKey, encData);\n\n    ...\n}\n```\n\n## Contribution\n\nIf you would like to contribute code, fork the repository and send a pull request. When submitting\ncode, please make every effort to follow existing conventions and style in order to keep the code as\nreadable as possible.\n\n# Copyright and License\n\nCopyright Dracoon GmbH. All rights reserved.\n\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use this file except in\ncompliance with the License. You may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software distributed under the License is\ndistributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\nimplied. See the License for the specific language governing permissions and limitations under the\nLicense.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdracoon%2Fdracoon-java-crypto-sdk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdracoon%2Fdracoon-java-crypto-sdk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdracoon%2Fdracoon-java-crypto-sdk/lists"}