Package com.codename1.security

package com.codename1.security

Cryptographic primitives and conveniences: hashing, message authentication, symmetric/asymmetric encryption, digital signatures, JWTs, OTPs and random number generation.

What lives in this package
  • Hash / Hmac -- pure-Java MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 and HMAC variants. Available on every platform with identical output.
  • SecureRandom -- wraps the platform CSPRNG.
  • Cipher -- AES (CBC, GCM, ECB) and RSA (OAEP, PKCS#1) encryption. Backed by the platform's native crypto.
  • Signature -- RSA and ECDSA digital signatures.
  • KeyGenerator / KeyPair / SecretKey / PublicKey / PrivateKey -- key material containers and generators.
  • Jwt -- JSON Web Token signing and verification (HS, RS and ES families).
  • Otp -- RFC 4226/6238 HOTP and TOTP one-time passwords, compatible with standard authenticator apps.
  • Base32 -- 32-character encoding commonly used for OTP shared secrets. URL-safe Base64 (used by JWTs) lives on [com.codename1.util.Base64#encodeUrlSafe(byte[])] / Base64.decodeUrlSafe(String) so it can share the existing SIMD-optimized encoder.

For a segmented OTP input widget see OtpField.

Design notes

Hash and HMAC ship a built-in implementation written in portable Java so they work everywhere without depending on the platform's crypto stack -- they are also what JWT (HS family), HOTP and TOTP build on.

AES, RSA, digital signatures and the secure RNG go through the platform's native crypto provider via CodenameOneImplementation. The default implementation uses the JRE's java.security / javax.crypto via reflection, so JavaSE (simulator) and Android work out of the box. Other ports may override the bridge methods with direct native calls.

  • Class
    Description
    AuthenticationOptions
    Configures a single call to Biometrics.authenticate(AuthenticationOptions).
    Base32
    Base32 encoder/decoder per RFC 4648.
    BiometricError
    Typed error codes returned by Biometrics and SecureStorage when an asynchronous operation fails.
    BiometricException
    Thrown via the failure path of an AsyncResource returned by Biometrics or SecureStorage when the underlying biometric or keychain operation fails.
    Biometrics
    Entry point for biometric authentication (Touch ID, Face ID, fingerprint, Android BiometricPrompt).
    BiometricType
    Enumerates the biometric authentication modalities that may be available on a device.
    Cipher
    Convenience entry points for symmetric (AES) and asymmetric (RSA) encryption.
    CryptoException
    Thrown by classes in this package when a cryptographic operation fails.
    Hash
    Streaming and one-shot cryptographic hash (message digest) functions.
    Hmac
    Keyed-hash message authentication (HMAC, RFC 2104) on top of any hash algorithm supported by Hash.
    Jwt
    JSON Web Token (RFC 7519) signing and verification.
    Key
    Common base for every key type in the security package -- SecretKey for symmetric algorithms, PublicKey and PrivateKey for asymmetric ones.
    KeyGenerator
    Generates fresh cryptographic key material.
    KeyPair
    A matched pair of PublicKey / PrivateKey.
    Otp
    Counter-based (HOTP, RFC 4226) and time-based (TOTP, RFC 6238) one-time password generators.
    PrivateKey
    A private key -- paired with a PublicKey to form a key pair.
    PublicKey
    A public key -- paired with a PrivateKey to form a key pair.
    SecretKey
    A symmetric secret key.
    SecureRandom
    Cryptographically secure random number generator.
    SecureStorage
    Biometric-gated secure storage backed by the platform keychain.
    Signature
    Digital signature creation and verification.