GlaSSLess is a Java Cryptography Architecture (JCA) provider that wraps a system-installed OpenSSL library to provide a comprehensive suite of cryptographic algorithms. It uses Java's Foreign Function & Memory (FFM) API for native interoperability, requiring no JNI code or native compilation.
- Native OpenSSL Performance: Leverages OpenSSL's optimized implementations
- No Native Compilation: Uses Java's FFM API (no JNI required)
- FIPS Mode Support: Automatically detects and respects OpenSSL FIPS mode
- Comprehensive Algorithm Coverage: 370+ algorithm implementations
- Post-Quantum Cryptography: ML-KEM, ML-DSA, SLH-DSA, and hybrid key exchange (OpenSSL 3.5+)
- Drop-in Replacement: Standard JCA provider interface
- Java: 25 or later (with
--enable-native-accessflag) - OpenSSL: 3.0 or later (
libcrypto.so.3)
<dependency>
<groupId>net.glassless</groupId>
<artifactId>glassless-provider</artifactId>
<version>0.3-SNAPSHOT</version>
</dependency>implementation 'net.glassless:glassless-provider:0.3-SNAPSHOT'java --enable-native-access=ALL-UNNAMED -jar your-app.jarimport java.security.Security;
import java.security.MessageDigest;
import net.glassless.provider.GlaSSLessProvider;
Security.addProvider(new GlaSSLessProvider());
MessageDigest md = MessageDigest.getInstance("SHA-256", "GlaSSLess");
byte[] hash = md.digest("Hello, World!".getBytes());GlaSSLess automatically detects OpenSSL FIPS mode and excludes non-approved algorithms:
GlaSSLessProvider provider = new GlaSSLessProvider();
System.out.println("FIPS Mode: " + provider.isFIPSMode());Comprehensive documentation is available in the docs classifier JAR and in src/main/asciidoc/:
| Document | Description |
|---|---|
| Installation Guide | Setup, configuration, and provider registration |
| Usage Guide | Code examples for all supported operations |
| Supported Algorithms | Complete list of 370+ algorithms |
| Post-Quantum Cryptography | ML-KEM, ML-DSA, SLH-DSA, and hybrid KEMs |
| Performance | Benchmark results and optimization guidance |
| Development | Contributing and architecture guide |
GlaSSLess provides 370+ cryptographic algorithms:
| Category | Count | Examples |
|---|---|---|
| Message Digests | 18 | SHA-256, SHA-512, SHA3-256, BLAKE2b-512 |
| Ciphers | 143 | AES-GCM, ChaCha20-Poly1305, Camellia |
| MACs | 20 | HMAC-SHA256, KMAC256, Poly1305 |
| Signatures | 48 | ECDSA, EdDSA, RSA-PSS, ML-DSA, SLH-DSA |
| KEMs | 6 | ML-KEM-768, X25519MLKEM768 |
| KDFs | 14 | HKDF, PBKDF2, TLS13-KDF, Argon2 |
| Key Agreement | 5 | ECDH, X25519, X448 |
See Supported Algorithms for the complete list.
GlaSSLess supports NIST-standardized post-quantum algorithms (requires OpenSSL 3.5+):
| Standard | Algorithm | Type |
|---|---|---|
| FIPS 203 | ML-KEM-512/768/1024 | Key Encapsulation |
| FIPS 204 | ML-DSA-44/65/87 | Digital Signature |
| FIPS 205 | SLH-DSA (12 variants) | Digital Signature |
Hybrid KEMs (X25519MLKEM768, X448MLKEM1024) combine classical and post-quantum cryptography for defense-in-depth.
See Post-Quantum Cryptography for details, including JEP 527 roadmap and TLS 1.3 integration.
GlaSSLess excels at asymmetric cryptography while JDK excels at symmetric operations:
| GlaSSLess is faster | JDK is faster |
|---|---|
| ECDH Key Agreement (~5x) | SHA-256 small data (~6x) |
| Ed25519 Signing (~8x) | HMAC-SHA256 small data (~10x) |
| EC Key Generation (~2x) | ML-KEM operations (~1.5x) |
Enable hybrid mode to get the best of both worlds - GlaSSLess automatically delegates JDK-optimized operations while using OpenSSL for asymmetric crypto:
glassless.hybrid.enabled=true| Mixed Workload | Throughput | Comparison |
|---|---|---|
| Hybrid Mode | 26.5 ops/ms | Best overall |
| Pure GlaSSLess | 25.2 ops/ms | 5% slower |
| Pure JDK | 3.2 ops/ms | 8x slower |
Hybrid mode is automatically disabled when FIPS mode is active.
See Performance for detailed benchmarks.
# Build
mvn clean package
# Run tests
mvn test
# Run benchmarks
mvn test -PbenchmarksApache License, Version 2.0. See LICENSE.md.
Contributions welcome! See Development Guide for guidelines.