OpenSSL with Java

First of all: what do you need the library for?

• If you are going to use simple cryptographic functions, then use the Java SE Security components deployed with the JDK.
• If you need more advanced functions (such as some digital signing formats, etc), use a cryptographic library (BouncyCastle is one of the the most popular)
• But, if what you need is to open SSL connections from Java code, and handle certificates authentication, etc, you won't need any of these:
  • If you are working on a Java EE Container, your container can validate incoming SSL requests: it's just a matter of configuration
  • Also, if you need to connect to a SSL port, the JDK presents some basic classes for doing so (see this example). Note that in this case, you'll need to set some system properties on your java command.

Like these properties:

-Djavax.net.ssl.keyStore=keystore_path
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=truststore_path
-Djavax.net.ssl.trustStorePassword=trustword

Everyone talks about BouncyCastle, but in our use case Gnu Crypto library won the day. Native java.

Our database ( aerospike ) spends at least 10% of its time computing hashes in java, for some customers, simply because these implementations are slow. I welcome when there's a native implementation of the crypto libraries available on every Linux machine. I thought some of the Java7 VMs were going to include more algorithms, but I haven't seen them yet.