Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.xreatlabs.space/llms.txt

Use this file to discover all available pages before exploring further.

Cryptography API

NexAuth provides comprehensive cryptography utilities for secure password storage, data encryption, and cryptographic operations.

Password Hashing

Bcrypt Hashing

CryptoService crypto = NexAuthAPI.getInstance().getCryptoService();

// Hash password
String hashedPassword = crypto.hashPassword("myPassword123");

// Verify password
boolean matches = crypto.verifyPassword("myPassword123", hashedPassword);

if (matches) {
    // Password is correct
}

Custom Work Factor

// Hash with custom cost factor (4-31, default 12)
String hashedPassword = crypto.hashPassword("password", 14);

// Higher cost = more secure but slower
// Cost 12 = ~300ms on modern hardware
// Cost 14 = ~1.2s on modern hardware

Password Migration

// Migrate from old hash to new hash
String oldHash = "old_algorithm_hash";
String newPassword = "userInput";

if (crypto.isLegacyHash(oldHash)) {
    // Verify with old algorithm
    if (crypto.verifyLegacy(newPassword, oldHash)) {
        // Rehash with bcrypt
        String newHash = crypto.hashPassword(newPassword);
        // Save new hash to database
    }
}

Data Encryption

AES Encryption

// Encrypt sensitive data
String plaintext = "sensitive data";
String encrypted = crypto.encrypt(plaintext);

// Decrypt data
String decrypted = crypto.decrypt(encrypted);

// Encrypt with custom key
String key = crypto.generateKey();
String encrypted = crypto.encrypt(plaintext, key);
String decrypted = crypto.decrypt(encrypted, key);

File Encryption

// Encrypt file
File inputFile = new File("data.txt");
File outputFile = new File("data.enc");
crypto.encryptFile(inputFile, outputFile);

// Decrypt file
File encryptedFile = new File("data.enc");
File decryptedFile = new File("data_decrypted.txt");
crypto.decryptFile(encryptedFile, decryptedFile);

Secure Random

Generate Random Data

// Generate random bytes
byte[] randomBytes = crypto.generateRandomBytes(32);

// Generate random string
String randomString = crypto.generateRandomString(16);

// Generate random password
String password = crypto.generatePassword(12, true, true, true);

TOTP Secret Generation

// Generate TOTP secret
String secret = crypto.generateTOTPSecret();

// Generate backup codes
List<String> backupCodes = crypto.generateBackupCodes(10);

// Verify TOTP code
boolean valid = crypto.verifyTOTPCode(secret, "123456");

Hash Functions

Data Hashing

// SHA-256 hash
String hash = crypto.sha256("data to hash");

// SHA-512 hash
String hash = crypto.sha512("data to hash");

// MD5 hash (not recommended for security)
String hash = crypto.md5("data to hash");

File Hashing

// Hash file
File file = new File("data.txt");
String hash = crypto.sha256File(file);

Key Derivation

PBKDF2 Key Derivation

// Derive key from password
String password = "myPassword";
byte[] salt = crypto.generateRandomBytes(16);
byte[] key = crypto.deriveKey(password, salt, 10000, 256);

HMAC

// HMAC-SHA256
String hmac = crypto.hmac256("key", "message");

// HMAC-SHA512
String hmac = crypto.hmac512("key", "message");

Security Utilities

Secure String Handling

// Create secure string (erases from memory when done)
try (SecureString secure = new SecureString("sensitive data")) {
    // Use secure string
    char[] chars = secure.getChars();
    // Process data...
} // Secure string is automatically erased

Password Validation

// Validate password strength
PasswordStrength strength = crypto.validatePassword("password123");

if (strength.isStrong()) {
    // Password is strong
} else {
    // Check requirements
    if (!strength.hasMinLength()) {
        // Password too short
    }
    if (!strength.hasUppercase()) {
        // Missing uppercase letter
    }
    if (!strength.hasNumbers()) {
        // Missing numbers
    }
}

// Generate strong password
String strongPassword = crypto.generateStrongPassword(16);

Token Generation

JWT Tokens

// Generate JWT token
String token = crypto.generateJWTToken(
    Map.of("user", "username", "exp", System.currentTimeMillis() + 3600000)
);

// Verify JWT token
boolean valid = crypto.verifyJWTToken(token);

// Decode JWT token
Map<String, Object> claims = crypto.decodeJWTToken(token);

API Tokens

// Generate API token
String token = crypto.generateApiToken();

// Verify API token
boolean valid = crypto.verifyApiToken(token);

Best Practices

Password Storage

// Always use bcrypt for passwords
String hashed = crypto.hashPassword(password);

// Never store plaintext passwords
// Never use MD5 or SHA-1 for passwords

// Use appropriate work factor
int costFactor = 12; // Default, good balance
int highSecurity = 14; // For admin accounts
int lowSecurity = 10; // For test environments

Data Encryption

// Use AES-256 for data encryption
String encrypted = crypto.encrypt(sensitiveData);

// Store encryption key securely
// Never hardcode keys in source code
// Use environment variables or key management systems

// Rotate keys periodically

Random Generation

// Use cryptographically secure random
String random = crypto.generateRandomString(32);

// Never use Math.random() for security
// Never use java.util.Random for security

// Generate sufficient length
// Minimum 16 bytes for tokens
// Minimum 32 bytes for API keys

Security Considerations

Performance

Hash Performance

// Bcrypt cost factors and approximate times
// Cost 4: ~10ms
// Cost 8: ~50ms
// Cost 12: ~300ms (recommended)
// Cost 14: ~1.2s (high security)
// Cost 16: ~4.8s (very high security)

// For production use
int costFactor = 12; // Good balance of security and speed

Async Operations

// Async password hashing
CompletableFuture<String> future = crypto.hashPasswordAsync(password);

future.thenAccept(hashed -> {
    // Use hashed password
}).exceptionally(throwable -> {
    // Handle error
    return null;
});

Next Steps

Events API

Event system for authentication events.