https://github.com/cryptomator/siv-mode
RFC 5297 SIV mode of operation in Java
https://github.com/cryptomator/siv-mode
aead aes aes-siv authenticated-encryption cipher cryptography encryption java jep-238 jpms rfc-5297 rfc5297 siv siv-mode
Last synced: 14 days ago
JSON representation
RFC 5297 SIV mode of operation in Java
- Host: GitHub
- URL: https://github.com/cryptomator/siv-mode
- Owner: cryptomator
- License: mit
- Created: 2015-11-18T02:17:50.000Z (about 10 years ago)
- Default Branch: develop
- Last Pushed: 2025-11-24T19:13:32.000Z (2 months ago)
- Last Synced: 2025-11-28T02:40:46.033Z (2 months ago)
- Topics: aead, aes, aes-siv, authenticated-encryption, cipher, cryptography, encryption, java, jep-238, jpms, rfc-5297, rfc5297, siv, siv-mode
- Language: Java
- Homepage:
- Size: 18.6 MB
- Stars: 48
- Watchers: 11
- Forks: 13
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Java RFC 5297 SIV Authenticated Encryption
[](https://github.com/cryptomator/siv-mode/actions?query=workflow%3ABuild)
[](https://sonarcloud.io/dashboard?id=cryptomator_siv-mode)
[](https://sonarcloud.io/dashboard?id=cryptomator_siv-mode)
[](https://sonarcloud.io/dashboard?id=cryptomator_siv-mode)
[](https://repo1.maven.org/maven2/org/cryptomator/siv-mode/)
[](http://www.javadoc.io/doc/org.cryptomator/siv-mode)
## Features
- No dependencies
- Passes official RFC 5297 test vectors
- Constant time authentication
- [Fast](https://github.com/cryptomator/siv-mode/issues/15)
- Requires JDK 8+ or Android API Level 24+ (since version 1.4.0)
## Audits
- [Version 1.0.8 audit by Tim McLean](https://www.chosenplaintext.ca/publications/20161104-siv-mode-report.pdf) (Issues fixed with 1.1.0)
- [Version 1.2.1 audit by Cure53](https://cryptomator.org/audits/2017-11-27%20crypto%20cure53.pdf)
| Finding | Comment |
|---|---|
| 1u1-22-001 | The GPG key is used exclusively for the Maven repositories, is designed for signing only and is protected by a 30-character generated password (alphabet size: 96 chars). It is iterated and salted (SHA1 with 20971520 iterations). An offline attack is also very unattractive. Apart from that, this finding has no influence on the Tresor apps[1](#footnote-tresor-apps). This was not known to Cure53 at the time of reporting. |
| 1u1-22-002 | As per contract of `BlockCipher#processBlock(byte[], int, byte[], int)`, `JceAesBlockCipher` is designed to encrypt or decrypt just **one single block** at a time. JCE doesn't allow us to retrieve the plain cipher without a mode, so we explicitly request `AES/ECB/NoPadding`. This is by design, because we want the plain cipher for a single 128 bit block without any mode. We're not actually using ECB mode. |
## Usage
```java
SivMode AES_SIV = new SivMode(key);
public void encrypt() {
byte[] encrypted = AES_SIV.encrypt("hello world".getBytes());
byte[] decrypted = AES_SIV.decrypt(encrypted);
}
public void encryptWithAssociatedData() {
byte[] encrypted = AES_SIV.encrypt("hello world".getBytes(), "associated".getBytes(), "data".getBytes());
byte[] decrypted = AES_SIV.decrypt(encrypted, "associated".getBytes(), "data".getBytes());
}
```
## Maven integration
```xml
org.cryptomator
siv-mode
2.0.0
```
## Java Module
From version 1.3.2 onwards this library is an explicit module with the name `org.cryptomator.siv`. You can use it by adding the following line to your `module-info.java`.
```java
requires org.cryptomator.siv;
```
## Reproducible Builds
Starting with version 1.5.0, you can reproduce the build by:
1. Ensuring to use the same JDK version as our CI builds (see [build.yml](https://github.com/cryptomator/siv-mode/blob/1.6.1/.github/workflows/build.yml#L16-L17)).
2. Checkout the tagged version you want to build.
3. Run `./mvnw clean package artifact:compare -DskipTests`
## License
Distributed under the MIT X Consortium license. See the LICENSE file for more info.
---
1 The Cure53 pentesting was performed during the development of the apps for 1&1 Mail & Media GmbH.