Skip to content

Performance

dmjones500 edited this page Nov 20, 2014 · 4 revisions

Tips for Using JNCryptor Efficiently

Advice for using JNCryptor in an efficient manner.

Android Users

JNCryptor uses the normal Java crypto classes, which are not particulary quick. Just Google for "PBKDF2 slow Android" and read the numerous results. Consequently, you'll find the crypto operations perform much more slowly than counterparts in other languages (e.g. RNCryptor for iOS).

Ideally, JNCryptor needs to have a separate Android branch that uses a native library to perform the crypto (probably via NDK). If anyone is interesting in helping with this task, please get in touch.

Despite the above, it's still possible to speed up your application by ensuring you're not making some silly mistakes. Please read the sections below for further info.

Use Streaming Methods Where Appropriate

JNCryptor now supports streaming encryption and decryption. If your code is already reading or writing an encrypted resource via streams, it will be faster to use AES256JNCryptorInputStream or AES256JNCryptorOutputStream.

Consider Caching Encryption Keys

Since v1.2.0, JNCryptor supports caching encryption keys using the getPasswordKey() method. This method derives a key from a password and a randomly generated salt value. The returned object contains the key and the salt used to produce it. This object can be used to perform several "password-format" encryption operations without deriving the key each time.

Don't Derive Passwords Unnecessarily

JNCryptor has support for deriving keys from passwords, using PBKDF2. While this is a great way to strengthen a user password into a cryptographic key, it's unsuitable for use in situations where a static key is in use. If you are storing a 256-bit AES key inside your application, then there is no point deriving it further. (Of course, storing keys inside your application is a poor idea anyway, but if you're going to do it, don't further hamper your performance by deriving it all over again).

If you have static keys, use the JNCryptor methods that take SecretKey arguments. These methods produce a different output format to the password-based methods, so ensure that both sides of the communication channel are using this format.

Clone this wiki locally