Using wolfSSL and wolfCrypt from Java

Are you a Java developer looking for a industry-leading SSL/TLS and crypto implementation?  If so, you’re in luck!  wolfSSL provides has several options for you to use the native wolfSSL embedded SSL/TLS library and wolfCrypt cryptography libraries from Java.

wolfSSL TLS from Java

wolfSSL packages and maintains a JNI wrapper around the native C wolfSSL SSL/TLS library.  This wrapper encapsulates the SSL/TLS functionality of wolfSSL to be used from Java applications.

This wrapper is a thin wrapper around the native wolfSSL C API.  wolfSSL does not currently have a pluggable TLS-level JSSE provider.  If this is something you are interested in, please contact us at info@wolfssl.com!  wolfSSL does offer a wolfCrypt-level pluggable JCE provider (see section below).

Full documentation on the wolfSSL JNI wrapper can be found here:  wolfSSL JNI Manual

wolfSSL JNI ships with both a client and server example to make plugging it into a Java application easy!

wolfCrypt Cryptography from Java

wolfSSL packages and maintains a JNI wrapper and JCE provider for the native C wolfCrypt library.  The “wolfcrypt-jni” package contains both a thin wolfCrypt JNI wrapper around the native C library as well as a pluggable wolfCrypt JCE provider.

Both of the following wrappers can be used with either normal wolfCrypt or wolfCrypt FIPS for those users who require a FIPS 140-2 validated cryptography library.

wolfCrypt JNI Wrapper

This wrapper is a thin wrapper around the native C wolfCrypt API.  It is designed for users who want to use wolfCrypt directly from a Java application, but do not want to go through the default Java Security API.

wolfCrypt JCE Provider

The JCE (Java Cryptographic Extension) framework supports the installation of custom Cryptographic Service Providers which can implement a subset of the cryptographic functionality used by the Java Security API.

The wolfCrypt JCE provider has been tested with several different JDK variants, including OpenJDK, Oracle JDK, and Android. It also ships with pre-signed JAR files for use with Oracle JDK versions that will correctly verify JCE provider classes.  OpenJDK does not have the requirement that JCE provider JAR’s be signed.

Classes and algorithms currently supported by the wolfCrypt JCE Provider:

Java Security ClassSupported Algorithms
java.security.MessageDigestMD5, SHA-1, SHA-256, SHA-384, SHA-512
java.security.SecureRandomHashDRBG
javax.crypto.CipherAES/CBC/NoPadding
DESede/CBC/NoPadding
RSA/ECB/PKCS1Padding
javax.crypto.MacHmacMD5, HmacSHA1, HmacSHA256, HmacSHA384, HmacSHA512
java.security.SignatureMD5withRSA, SHA1withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA
SHA1withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA
javax.crypto.KeyAgreementDiffieHellman, DH, ECDH
java.security.KeyPairGeneratorEC, DH

You can download wolfSSL JNI as well as the wolfCrypt JNI wrapper and JCE provider from the wolfSSL download page.  Please send any feedback or questions to us at info@wolfssl.com.