asherah icon indicating copy to clipboard operation
asherah copied to clipboard
verified publisher icon godaddy

JDK Crypto Provider + FFM

Open dnamaz opened this issue 3 weeks ago • 0 comments

To help us get this pull request reviewed and merged quickly, please be sure to include the following items:

  • [x] Tests (if applicable)
  • [x] Documentation (if applicable)
  • [x] Changelog entry
  • [x] A full explanation here in the PR description of the work done

PR Type

What kind of change does this PR introduce?

  • [ ] Bugfix
  • [x] Feature
  • [ ] Code style update (formatting, local variables)
  • [ ] Refactoring (no functional changes, no api changes)
  • [ ] Build related changes
  • [ ] CI related changes
  • [x] Documentation content changes
  • [x] Tests
  • [ ] Other

Backward Compatibility

Is this change backward compatible with the most recently released version? Does it introduce changes which might change the user experience in any way? Does it alter the API in any way?

  • [x] Yes (backward compatible)
  • [ ] No (breaking changes)

Issue Linking

  • NA

What's new?

This pull request introduces several improvements and updates to the Java app-encryption SDK, focusing on enhanced cryptographic performance, dependency upgrades, and improved documentation. The most significant change is the addition of a comprehensive crypto benchmark document comparing BouncyCastle and JDK crypto engines across Java versions, highlighting the dramatic performance benefits of using JDK crypto with newer Java releases. The release also upgrades several dependencies, adds JMH for benchmarking, and introduces support for selecting the crypto engine in SessionFactory.

Documentation and Benchmarking Enhancements:

  • Added a detailed CryptoBenchmarks.md documenting performance comparisons between BouncyCastle and JDK crypto engines, Java version impacts, secure memory improvements (FFM vs JNA), and actionable recommendations for users. The document includes raw benchmark data, analysis, migration guidance, and related file references.
  • Integrated JMH (Java Microbenchmark Harness) dependencies into the project to enable robust performance benchmarking of cryptographic operations.

Dependency and Version Upgrades:

  • Upgraded multiple dependencies to their latest versions, including BouncyCastle (1.83), AWS SDKs, Apache Commons, Jackson, Micrometer, Logback, and others. The securememory library is updated to 0.1.7, which brings FFM support for secure memory on Java 22+. The project version is incremented to 0.3.4. [1] [2]

Core SDK Improvements:

  • Enhanced the SessionFactory class to support selection of the crypto engine via a new CryptoEngineType parameter, allowing users to choose between BouncyCastle and JDK crypto implementations. The default remains BouncyCastle for backward compatibility. [1] [2] [3]

Build and Telemetry:

  • Minor fix to the Maven Checkstyle plugin configuration for correct execution order.
  • Added a new dynamodb-local-metadata.json file enabling telemetry for local DynamoDB usage.

dnamaz avatar Dec 04 '25 15:12 dnamaz