Crypto API Complexity


Our digital world depends crucially on cryptography. Yet, developers struggle with the implementation of cryptographic scenarios. The fact that cryptographic libraries lack usability has been established in research and is amply documented. The aim of our project is an in-depth analysis and comparison of two widely-used libraries which both acquired FIPS-140 standard: Java Cryptography Archtitecture (JCA) and .NET standard crypto library. We want to understand the issues developers face when working with the associated APIs.


We are focusing on symmetric encryption as it probably is the most common cryptography task programmers must implement.


We are analyzing a total of 300 posts on Stack Overflow (150 per library). In the sampling, we include only posts referring to symmetric encryption using APIs belonging to the targeted libraries. For each post, we are writing down a list of questions / issues the person asking the question is facing. We also try to identify the reasons for the issues as well as solutions / answers. Then we are trying to find more abstract categories.

Last changed by pfister on 26 September 2021