Java Cryptography Architecture
Motivation
Our digital world depends crucially on cryptography. Yet, developers struggle with the implementation of related scenarios. The fact that cryptographic libraries lack usability has been established in research and is amply documented. The aim of our project is an in-depth analysis of the Java Cryptography Archtitecture (JCA) library. We want to understand the issues developers face when working with the associated APIs as well as the security risks that result from their misuse. Also we want to check whether those issues are related to missing or inadequate documentation.
Scope
We are focusing on symmetric encryption as it probably is the most common cryptography task programmers must implement.
Methodology
We are analyzing a total of 150 threads from Stack Overflow. In the sample, we only include posts referring to symmetric encryption using JCA APIs.