Add Java implementation of 3ncr.org v1#1
Merged
AndrianBdn merged 3 commits intomainfrom Apr 22, 2026
Merged
Conversation
TokenCrypt with four constructors (raw 32-byte key, SHA3-256, Argon2id, legacy PBKDF2-SHA3) built on the JDK's javax.crypto AES-256-GCM and BouncyCastle for the KDFs the JDK doesn't ship (Argon2id, PBKDF2-SHA3). - Base64 with no padding on encoding; decoder accepts both for robustness - Argon2id uses the 3ncr.org v1 recommended parameters (m=19456 KiB, t=2, p=1), 16-byte minimum salt - Legacy PBKDF2-SHA3 factory is @deprecated, kept for decrypting data from earlier libraries - 19 JUnit 5 tests covering canonical vectors, round-trip edge cases, IV uniqueness, tamper / truncation rejection, padded-input decode, and KDF-specific behavior - GitHub Actions matrix: Temurin 11, 17, 21
AndrianBdn
reviewed
Apr 22, 2026
Contributor
AndrianBdn
left a comment
AndrianBdn
left a comment
There was a problem hiding this comment.
for newer libraries we don't need pbkdf key derivation at all
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| java: ['11', '17', '21'] |
Collaborator
Author
There was a problem hiding this comment.
Added Java 25 to the CI matrix in 4eed0e6 — matrix is now 11 / 17 / 21 / 25, all currently-supported Temurin LTS lines.
AndrianBdn
requested changes
Apr 22, 2026
Contributor
AndrianBdn
left a comment
AndrianBdn
left a comment
There was a problem hiding this comment.
for newer libraries we don't need pbkdf key derivation at all
This is a brand-new implementation, so it has no existing data to remain compatible with — the legacy PBKDF2-SHA3 KDF only exists in the older Go/Node/PHP libraries for that reason and is not needed here. Drops TokenCrypt.fromPbkdf2Sha3 along with the BouncyCastle SHA3Digest / PKCS5S2ParametersGenerator / KeyParameter imports that only the PBKDF2 path used (BouncyCastle is still pulled in for Argon2id). The canonical envelope test vectors are still verified for cross- implementation interop by hardcoding the 32-byte AES key that those vectors were originally derived from.
Collaborator
Author
|
Thanks for the review. Pushed ad86a5d which drops the legacy PBKDF2-SHA3 KDF — The canonical envelope test vectors are still verified for cross-implementation interop by hardcoding the 32-byte AES key those vectors were originally derived from (same approach used in the Rust PR). |
AndrianBdn
approved these changes
Apr 22, 2026
2 tasks
peo-machine
added a commit
that referenced
this pull request
Apr 23, 2026
- README: badge row (CI + Maven Central + License), three-section Usage reorder (raw key / Argon2id / legacy-PBKDF2 explainer), Install section moved above Usage, minor wording alignment with the other new-language READMEs. - SECURITY.md: standard policy pointing at GitHub Private Vulnerability Reporting, consistent with tokencrypt-python and tokencrypt-rust. - CHANGELOG.md: seeded with the v1.0.0 entry. Per the 3ncr.org new-language convention and consistent with the actual source (PR #1 dropped legacy PBKDF2-SHA3), the third Usage section explains how to recover the legacy key externally rather than documenting a nonexistent factory. LICENSE stays at 2026 (repo created this year). Co-authored-by: Andrian Budantsov <a@hypersequent.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Java implementation of the 3ncr.org v1 string encryption standard, bringing parity with the Go, Node.js, PHP, Python, and Rust reference libraries. Requires JDK 11+.
Mirrors the API surface and factory layout of the Python/Rust ports:
TokenCrypt.fromRawKey(byte[])— raw 32-byte AES-256 keyTokenCrypt.fromSha3(String|byte[])— single SHA3-256 hash for high-entropy secretsTokenCrypt.fromArgon2id(String|byte[], byte[])— recommended Argon2id KDF with the v1 parameters (m=19456 KiB, t=2, p=1), 16-byte minimum saltTokenCrypt.fromPbkdf2Sha3(String|byte[], String|byte[], int)— @deprecated legacy KDF, kept for decrypting data from earlier 3ncr.org librariesAES-256-GCM and SHA3-256 come from the JDK (
javax.crypto/java.security.MessageDigest). Argon2id and PBKDF2-SHA3 come from Bouncy Castle (bcprov-jdk18on) since they are not in the JDK.Envelope details
3ncr.org/1#iv[12] || ciphertext || tag[16]TokenCryptException(unchecked)Tests
19 JUnit 5 tests covering:
decryptIf3ncrreturns non-3ncr input unchanged (including empty string)fromSha3(String)andfromSha3(byte[])agree on UTF-8 inputfromArgon2idround-trip + short-salt rejection + wrong-secret failurefromRawKeyrejects wrong-length keys and defensively copies the inputCI
GitHub Actions matrix on Ubuntu with Temurin 11, 17, 21 (
mvn verify).Test plan