Java Cryptography Architecture

Motivation

Our digital world depends crucially on cryptography. Yet, developers struggle with the implementation of related scenarios. The fact that cryptographic libraries lack usability has been established in research and is amply documented. The aim of our project is an in-depth analysis of the Java Cryptography Archtitecture (JCA) library. We want to understand the issues developers face when working with the associated APIs as well as the security risks that result from their misuse. Also we want to check whether those issues are related to missing or inadequate documentation.

Scope

We are focusing on symmetric encryption as it probably is the most common cryptography task programmers must implement.

Methodology

We are analyzing a total of 150 threads from Stack Overflow. In the sample, we only include posts referring to symmetric encryption using JCA APIs.