eucrite 1.0 API
Introduction
eUCRITE (Usable Cryptographic Interface) is a crypto API that places special emphasis on usability and security. It is designed for app developers who want to encrypt data transfers or files but are not crypto-professionals themselves.
Therefore, the API makes use of so-called templates
. These templates hide the actual algorithm and parameters behind security levels (and use cases, which will follow in the future).
And update-mechanism is planned for the future to update these templates and prevent them to be outdated by the ongoing development of cryptographic algorithms.
eUCRITE already supports a small set of quantum-safe schemes, namely the signature scheme SPHINCS+
and the key encapsulation mechanism Classic McEliece
.
Both algorithms are included in the standardisation process of NIST.
Some general information about quantum computer and post-quantum schemes can be found here.
eUCRITE supports stateful schemes (currently XMSS
and XMSSMT
).
As long as the keystore files are stored securely (and are not copied or used by multiple instances), no additional steps are necessary for the developer
to handle the states. The keystore is updated automatically by the API after every signature.
Below, a class overview of the eUCRITE API is given. The KeyManager
class handles the key material, either stateless
or stateful
.
Therefore, AlgorithmParameters
and StorageParameters
have to be given. Currently only keystore files are supported to store the key material.
With the StatefulKeyManager, the key material at the location defined in the StorageParameters
is updated automatically after each signature.
The EasySigner and EasyEncrypter class is used to sign/verify or encrypt/decrypt data, respectively.
This API and its documentations was authored by Alexander Zeier and supervised by Andreas Heinemann of the User-Centered Security working group at the Department of Computer Science at the Darmstadt University of Applied Sciences. This project (HA project no. 633/18-56) is financed with funds of LOEWE – Landes-Offensive zur Entwicklung Wissenschaftlich-ökonomischer Exzellenz, Förderlinie 3: KMU-Verbundvorhaben (State Offensive for the Development of Scientific and Economic Excellence).
Publications
- A. Zeier, A. Wiesmaier and A. Heinemann, "API Usability of Stateful Signature Schemes". In Advances in Information and Computer Security (IWSEC), 2019. doi:10.1007/978-3-030-26834-3_13
- R. Huesmann, A. Zeier, A. Heinemann and A. Wiesmaier, "Zur Benutzbarkeit und Verwendung von API-Dokumentationen". In Mensch und Computer 2020 - Workshopband, 2020. doi:10.18420/muc2020-ws119-002
- R. Huesmann, A. Zeier and A. Heinemann, "Eigenschaften optimierter API-Dokumentationen im Entwicklungsprozess sicherer Software". In Mensch und Computer 2019 - Workshopband, 2019. doi:10.18420/muc2019-ws-302-03
Copyright [2020] [User-Centered Security Working Group]. This documentation is published under the Creative Commons Attribution 4.0 International (CC-BY-4.0). All code snippets are under the Apache 2.0 License
Javadoc
Package | Description |
---|---|
de.hda.fbi.ucs.eucrite |
This package contains eUCRITE (Usable CRyptographic InTErface), an easy-to-use API for cryptographic tasks.
|
de.hda.fbi.ucs.eucrite.parameters |
This package holds the parameter classes to use with the
eUCRITE API. |