I N T R O D U C T I O N
=======================

This is a library for cryptographically "sealing" arbitrary data so that it
is safe from alteration and eavesdropping while in transit.

SafeSeal was written by Chris Palmer <chris@isecpartners.com>.


B U I L D I N G
===============

Simply compile the test suite, and the dependencies will be pulled in. Make
sure BouncyCastle (for crypto and base-64 encoding) and JUnit (for running
securityutils.SealTest) are in your CLASSPATH.

Unix (bash-like shell):

      $ export CLASSPATH=.:bcprov-jdk16-145.jar:junit.jar
      $ javac securityutils/SealTest.java
      $ java securityutils.SealTest

Windows:

      > set CLASSPATH=.;bcprov-jdk16-145.jar;junit.jar
      > javac securityutils\SealTest.java
      > java securityutils.SealTest


A P P L I C A T I O N S
=======================

Whenever you have an application in which you want to transmit state through
an untrustworthy entity and receive it again later undamaged, Seal is for
you. Examples include web application cookies and query parameters: You can
put (part of) a user's session state in the cookie or in the page in form
parameters, and when you receive it again, you can be assured that the user
cannot have understood it or undetectably damaged it. This can be a big
performance win, because you might be able to avoid hitting the server-side
session database table on each page view. You might not even need a session
table.

Crucially, however, Seal cannot protect against replay attacks.

For more information, see the Javadoc.

