Kassaforte

v1.0.0beta-02

Kassaforte enables secure storage of sensitive data in Compose Multiplatform applications and on the backend by leveraging each platform’s native security APIs. It further supports the generation and usage of symmetric and asymmetric keys to ensure data protection

Architecture

Secure storage

• On Android the data are stored in the SharedPreferences, encrypting the data before storing it

• On iOS and native macOS the data are stored in the Keychain

• On JVM to store the data are leveraged the native APIs provided by the different OSs:

  • On Windows the data are stored in the Windows Credentials
  • On Linux the data are stored using the implementation of the DBus Secret Service based on the desktop environment between GNOME or KDE
  • OnMacOs the data are stored in the Keychain

  This target uses the java-keyring library under the hood

• On Web the data are stored in the LocalStorage, encrypting the data before storing it

Services

Symmetric

AES

Algorithm used to encrypt and decrypt data the following block modes:

• CBC - Cipher Block Chaining where each block of plaintext is XORed with the previous ciphertext block before being encrypted. Requires an initialization vector (IV) of the block size
• CTR - Counter mode turns a block cipher into a stream cipher by encrypting successive values of a counter and XORing them with the plaintext. Provides parallelizable encryption and decryption
• GCM - Galois/Counter Mode it is based on CTR mode for encryption, but also provides authentication (AEAD) using Galois field multiplication. Requires a nonce, typically 12 bytes for efficiency (on Apple at the moment is not supported)

HMAC

Algorithm used to sign and verify messages with the following digests:

• SHA1
• SHA256
• SHA384
• SHA512

Android

The keys are generated with the KeyGenerator API and securely stored inside the Keystore provided by Android. The keys are used by the Cipher to encrypt or decrypt the data

Apple

The keys are generated with the SecRandomCopyBytes API and securely stored inside the Keychain provided by iOS and macOS operating systems. The keys are used by korlibs-crypto library to encrypt or decrypt the data

JVM

Like on Android the keys are generated with the KeyGenerator API, but the keys are securely stored using the java-keyring library. The keys are used by the Cipher to encrypt or decrypt the data

Web

The keys are generated with the SubtleCrypto API and securely stored into application's IndexedDB. The keys are used by the SubtleCrypto to encrypt or decrypt the data

Asymmetric

The supported asymmetric algorithms to generate and then use the keys are the following:

• RSA asymmetric encryption algorithm based on the hardness of factoring large integers. Are supported two padding modes:
  • PKCS#1 RSA signature scheme with PKCS#1 v1.5 padding (on the web just signing and verifying only)
  • RSA_OAEP RSA encryption using OAEP padding
• EC symmetric algorithm based on elliptic curve cryptography (ECC), commonly used for digital signatures (ECDSA) and key exchange (ECDH, unsupported at the moment)

Android

The keys are generated with the KeyPairGenerator API and securely stored inside the Keystore provided by Android. The keys are used by the Cipher to encrypt or decrypt the data

Apple

The keys are generated with the SecKeyCreateRandomKey API and securely stored inside the Keychain provided by iOS and macOS operating systems. The keys are used by security methods provided by Apple to encrypt or decrypt the data

JVM

Like on Android the keys are generated with the KeyPairGenerator API, but the keys are securely stored using the java-keyring library. The keys are used by the Cipher to encrypt or decrypt the data

Web

The keys are generated with the SubtleCrypto API and securely stored into application's IndexedDB. The keys are used by the SubtleCrypto to encrypt or decrypt the data

Roadmap to 1.0.0

beta-01 ✅

This release provides the Kassaforte API to securely store sensitive data.

Provides also the services, symmetric and asymmetric, to generate keys and perform the encryption and decryption of the data

beta-02 ✅

This release provides:

• signing and verification of the data

beta-03

This release will provide:

• wrap and unwrap of the keys
• GCM block mode support also on apple (if the CommonCrypto will fully supports it and will be the ported on Kotlin/Native, otherwise will be integrated when will be available)

Should be the latest beta version before the stable one

Implementation

Gradle short

dependencies {
    implementation 'io.github.n7ghtm4r3:kassaforte:1.0.0beta-02'
}

Gradle (Kotlin)

dependencies {
    implementation("io.github.n7ghtm4r3:kassaforte:1.0.0beta-02")
}

Gradle (version catalog)

libs.versions.toml

[versions]
kassaforte = "1.0.0beta-02"

[libraries]
kassaforte = { module = "io.github.n7ghtm4r3:kassaforte", version.ref = "kassaforte" } 

build.gradle.kts

dependencies {
    implementation(libs.kassaforte)
}

Usage

Kassaforte

Sync methods

@Composable
fun App() {
    // create an instance of Kassaforte
    val kassaforte = Kassaforte(
        name = "YourApplicationName" // suggested name
    )

    // safeguard sensitive data
    kassaforte.safeguard(
        key = "keyToRepresentData",
        data = // sensitive data to safeguard
    )

    // refresh sensitive data previously safeguarded
    kassaforte.refresh(
        key = "keyToRepresentData",
        data = // sensitive refreshed data to safeguard
    )

    // remove sensitive data previously safeguarded
    kassaforte.remove(
        key = "keyToRepresentData"
    )
} 

Async methods

The following methods required to be executed inside a Coroutine

@Composable
fun App() {
    val scope = MainScope()
    scope.launch {
        // async withdraw a safeguarded data
        val safeguardedData: String = kassaforte.withdraw(
            key = "keyToRepresentData"
        )

        println(safeguardedData)
    }
}

Services

Using the services you can generate and then use symmetric and asymmetric keys

Symmetric

Method	Description
generateKey	Allows to generate symmetric keys
encrypt	Allows to encrypt data
decrypt	Allows to decrypt data
sign	Allows to sign messages
verify	Allows to verify messages
delete	Allows to delete the generated keys

Asymmetric

Method	Description
generateKey	Allows to generate asymmetric keys
encrypt	Allows to encrypt data
decrypt	Allows to decrypt data
sign	Allows to sign messages
verify	Allows to verify messages
delete	Allows to delete the generated keys

Documentation

Check out the library documentation for more information on how to generate and use keys, as well as how to correctly use the Kassaforte API.

Credits

A big thanks to the repositories and their maintainers for developing the libraries that Kassaforte relies on to work correctly:

• java-keyring - handles the secure storage on the JVM target
• windpapi4j - handles (DPAPI) data protection on Windows to securely store the generated keys on the JVM target

Support

If you need help using the library or encounter any problems or bugs, please contact us via the following links:

• Support via email
• Support via GitHub

Thank you for your help!

Donations

If you want support project and developer

Crypto	Address	Network
	3H3jyCzcRmnxroHthuXh22GXXSmizin2yp	Bitcoin
	0x1b45bc41efeb3ed655b078f95086f25fc83345c4	Ethereum
	AtPjUnxYFHw3a6Si9HinQtyPTqsdbfdKX3dJ1xiDjbrL	Solana

If you want support project and developer with PayPal

Copyright © 2025 Tecknobit