GNU Crypto B/W logo

 The GNU Crypto project

Introduction | Downloads | Help wanted | Project status | GNU Keyring file format | Documentation | Note on primality testing | Configuration parameters | Building GNU Crypto | Tools | Mailing lists | Report a bug | Coding styles | Logos

News: GNU Crypto has been merged into GNU Classpath, and we will be maintaining the code there. We encourage you to contribute to Classpath, instead of GNU Crypto, but if there is something you'd like to work on in GNU Crypto that doesn't fit in Classpath, feel free to ask a question on the mailing list.


GNU Crypto, part of the GNU project, released under the aegis of GNU, aims at providing free, versatile, high-quality, and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users.

GNU Crypto is licensed under the terms of the GNU General Public License, with the "library exception" which permits its use as a library in conjunction with non-Free software:

"As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version."

The effect of that license is similar to using the LGPL, except that static linking is permitted. GPL with that exception is sometimes called the Guile License, because the Guile implementation of Scheme (for embedding) uses this license.


You can download the latest software from You'll probably want to use one of the FTP mirror sites, although the mirrors may not be current (most are synchronised daily).

The current distribution is available as:

File GNUPG signature SHA-1 sum
gnu-crypto-2.0.1.tar.bz2 gnu-crypto-2.0.1.tar.bz2.sig 3028d14150b11bf5b4b7a049a68858c70e18cdbe
gnu-crypto-2.0.1.tar.gz gnu-crypto-2.0.1.tar.gz.sig 10aa3c6149c7494715e9c491f1d4ae1bdc1d0896 170c09e2cf07fb80052049813578e316a92c13c2

Binary packages, containing gnu-crypto.jar, javax-crypto.jar, and javax-security.jar:

File GNUPG signature SHA-1 sum
gnu-crypto-2.0.1-bin-r1.tar.bz2 gnu-crypto-2.0.1-bin-r1.tar.bz2.sig 4a58e4446bc03721c0e56eb873b398840a19abb5
gnu-crypto-2.0.1-bin-r1.tar.gz gnu-crypto-2.0.1-bin-r1.tar.gz.sig 0989e2c8370ccf97c9bb90066d3b93a715b76933 91ef90cf6c1b1880bcbf447cf28a3f1baa01d79b

Also available is a "development release," which adds a great deal of functionality atop 2.0, but maintains most of the present interface:

File GNUPG signature SHA-1 sum
gnu-crypto-2.1.0.tar.bz2 gnu-crypto-2.1.0.tar.bz2.sig 3f3408dc9923dc39bc828c0cf285164b49fa2c50
gnu-crypto-2.1.0.tar.gz gnu-crypto-2.1.0.tar.gz.sig add97e2a78fce262939bad642d70191cb679d2d5 8c609a7515995ea4644d96c1ddf6defd95daa275
gnu-crypto-2.1.0-bin.tar.bz2 gnu-crypto-2.1.0-bin.tar.bz2.sig cd54341f11ec5f5f676f509c30e1d0c03b3b75cc
gnu-crypto-2.1.0-bin.tar.gz gnu-crypto-2.1.0-bin.tar.gz.sig fbc7d8d4c6b67db9bed5376f3584bf297cd911d9 a41fedd8f9dce067084ed1a1106c8a030ddd8ea2

The NIST and NESSIE compliant test vectors, generated by the algorithms implemented in this library, are available as:

File SHA-1 sum
gnu-crypto-2.0.1-tv.tar.bz2 c86743cfced31e28e576dae78b840ecb0a5c715e
gnu-crypto-2.0.1-tv.tar.gz e882c9e1c5d1e5eaffaa3428f9ce7eef42bed782 31db37bee052697e0eabcd21c9ec9cc440439cc3

All releases are signed with this key, ID 0446B16B

Up-to-date source code for this project is available in the gnu-crypto module through CVS.

Help wanted!

Development of GNU Crypto is a volunteer effort, and you can also contribute! We need lots of help to finish, and enhance, the current APIs and to keep track of future additions and enhancements. There are also opportunities for testers, web authors, and documenters. Please post to the general discussion mailing list if you're interested in helping.

Here is a list of areas where you can help:

  1. Algorithms:
  2. Tools:
  3. Testing:
  4. Performance:
  5. Documentation:

Cleanroom API Status

In addition to the GNU Crypto API, we also include a clean-room implementation of the Java Cryptography Extension (JCE), which includes the javax.crypto package and its subpackages. The current version is derived from the implementation written by The Legion of the Bouncy Castle, but we are working on our own implementation.

Thanks to the japitools (by Stuart Ballard), and to Tom Tromey from the GCJ project, this page shows the current status of the combined efforts of GCJ and GNU Crypto with regard to Java API compatibility with the JDK 1.4. It is updated nightly, and is run against the CVS trunk. This is the most up-to-date analysis of API differences.

GNU Keyring file format

There is currently a proposal for a new keyring format to be used by various GNU Java projects; e.g. GNU Classpath, GCJ, GNU Crypto, as the official "keystore" format for those platforms. One of the objectives of such format is to provide free Java projects with similar functionalities to those offered by the Java Keystore (JKS) format.

The current draft is available here.


GNU info pages (in HTML) are available for on-line browsing here.

JavaDoc HTML pages for the GNU Crypto packages are available, for on-line browsing, with and without frames.

The latest version of the Programmer's Manual (in PDF) is also available here.

The UML diagrams used in the documentation where edited using Dia—diagram files included in the source tarball. This was done this way because of the lack of a free, and working, UML diagramming tool capable of round-trip engineering Java code. The only such tool that will hopefully provide this capability seems to be Umbrello. PNG images were then generated from the DIA files, and later converted to EPS and PDF using ImageMagick.

Reference documents describing the details of the cryptographic algorithms implemented in this library are available for viewing/downloading. Here is the list:

Test vectors, when not included in the reference documents, are made available by the designers of the algorithms. The current implementation was checked against the following test vectors:

Configuration parameters

There are three parameters that would impact the behaviour of the binaries, all defined, and accessible, from the class gnu.crypto.Properties:

Key Type Description
gnu.crypto.with.reproducible.prng boolean

For the sake of convenience, all invocations in this library to generate cryptographically strong pseudo-random data (bytes) are done through a classloader Singleton, inside the gnu.crypto.util.PRNG class. This Singleton generator is an instance of the pseudo-random number generator based on a generic hash function—the class gnu.crypto.prng.MDGenerator—using, in this case, the Secure Hash Standard (SHS, also known as the Secure Hash Algorithm SHA with 160-bit output block size). This is appropriate for two reasons:

  1. this method of generating random data is the one prescribed in the Digital Signature Standard (DSS),

  2. other digital signature schemes, implemented so far in this library, do not mandate any prescribed way for generating random data.

However, this type of generator works by hashing the output of a previous digest operation; i.e. the input to the hash function at time N is its output at time N-1, with the starting input being a 0-long octet string. The sequence of generated bytes from such a generator is then reproducible. This is useful for test and debugging purposes only and obviously should not be the case in any security-conscious application.

Default value: false

true: Indicates that the default PRNG used, when one is needed but none has been specified, will produce the same bit stream with every VM instance.

false: Indicates that the default PRNG used will be initialised (seeded) with the current time of day, thus yielding a different bit stream output with every VM instance.

gnu.crypto.with.check.for.weak.keys boolean

Some symmetric-key block ciphers exhibit certain vulnerabilities, when specific key values are used. DES for example has 64 initial key values that are classified into: weak, semi-weak, and possibly weak keys.

Default value: true

true: Indicates that an additional check for so-called weak keys will be carried out when generating the cipher sub-keys from user-defined initial key material. Such checks may cause a gnu.crypto.cipher.WeakKeyException (a subclass of to be thrown.

false: Indicates that user-defined key material will be used as is when generating a cipher's internal sub-keys.

gnu.crypto.with.rsa.blinding boolean

The PKCS1 v1.5 padding scheme for RSA encryption is vulnerable to a timing attack that can reveal to an attacker information about the private key. A technique to defeat this attack is RSA blinding, which randomizes the time taken to decrypt a ciphertext and thereby foiling the attack.

Default value: true

true: Indicates that the RSA blinding operation will be performed during RSA decryption. There is no practical reason to disable RSA blinding.

false: Indicates that RSA blinding will not be used.

Building GNU Crypto

GNU Crypto can be built in three different ways, yielding two different types of binaries:

  1. GCJ-friendly build

    This is an all-GNU process that results in dynamic shared libraries (,, Building the library this way is the best (and in some cases, the only) way when compiling and linking native applications. Especially optimised implementations of some algorithms are automagically included in this build.

    This method relies on the GNU toolchain and on GCJ (GNU Compiler for Java), part of GCC (GNU Compiler Collection). Note however that you need version 3.1 or later of the GCJ.

  2. Non-GCJ-friendly build

    No shared libraries are produced in these builds; only .class files in Jars are generated. This is achieved, either

    This type of build is best suited for applications running with free VMs, or with JIT-like runtime interpreters.

The INSTALL document in the distribution contains a step-by-step description of each of the above processes.

Mailing lists

The main discussion list is <>, and is used to discuss all aspects of GNU Crypto project.

Announcements about GNU Crypto are made on the low-volume <> mailing list.

For subscription information, see the mailing list info from the project page.

When this project first started, it was hosted under another GNU project. The archives of the discussion mailing list during that period are still available:

November 2001

27.4 KB

December 2001

43.4 KB

January 2002

19.1 KB

February 2002

4.1 KB

April 2002

4.3 KB

June 2002

209.5 KB

July 2002

34.2 KB

September 2002

112.9 KB

August 2002

35.7 KB


657.9 KB

Report a bug

If you think you have found a bug in GNU Crypto, then you should send as complete a report as possible to <>.

Coding styles

New source files for this project should be written according to the GNU Coding Standards, with a few differences for Java.

Existing files are written according to these rules, and the two styles should not be mixed. If a change from the old style to the new is desired, then the entire file should be changed, and the formatting change should be checked in atomically.

These rules should be followed for ANT build.xml files.


In January 2003, GNU Crypto finally got, not one but two logos! At the heart of both logos, is the GNU+Keyhole figure.


This (brilliant) design idea, used with permission, is by Casey Marshall and is his copyright.

The long-square logo is for exclusive use by the GNU Crypto project; the circular one is for Users and System Integrators that include GNU Crypto in their product(s) and/or distributions.

B/W long-square logo

B/W long-square logo

B/W long-square logo

B/W long-square logo

1000 x 1000 x 72dpi

B/W long-square logo

1000 x 1000 x 72dpi

B/W long-square logo

1000 x 1000 x 72dpi


All trademarks and registered trademarks are the property of their respective owner(s).

Return to GNU's home page.

Please send FSF & GNU inquiries & questions to There are also other ways to contact the FSF.

Please send comments on these web pages to, send other questions to

Copyright © 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

Updated: $Date: 2018/04/02 11:53:53 $ $Author: th_g $

Valid HTML 4.01!    Valid CSS!