Buy this Book
By Jonathan Knudsen
First Edition
May 1998
Pages: 362
ISBN 10: 1-56592-402-9 |
ISBN 13: 9781565924024
(Average of 9 Customer Reviews)
Java Cryptography teaches you how to write secure programs using Java's cryptographic tools. It includes thorough discussions of the java.security package and the Java Cryptography Extensions (JCE), showing you how to use security providers and even implement your own provider. It discusses authentication, key management, public and private key encryption, and includes a secure talk application that encrypts all data sent over the network. If you work with sensitive data, you'll find this book indispensable.
Full Description
Cryptography, the science of secret writing, is the biggest, baddest security tool in the application programmer's arsenal. Cryptography provides three services that are crucial in secure programming. These include a cryptographic cipher that protects the secrecy of your data; cryptographic certificates, which prove identity (authentication); and digital signatures, which ensure your data has not been damaged or tampered with.
This book covers cryptographic programming in Java. Java 1.1 and Java 1.2 provide extensive support for cryptography with an elegant architecture, the Java Cryptography Architecture (JCA). Another set of classes, the Java Cryptography Extension (JCE), provides additional cryptographic functionality. This book covers the JCA and the JCE from top to bottom, describing the use of the cryptographic classes as well as their innards.
The book is designed for moderately experienced Java programmers who want to learn how to build cryptography into their applications. No prior knowledge of cryptography is assumed. The book is peppered with useful examples, ranging from simple demonstrations in the first chapter to full-blown applications in later chapters.
Topics include:
Browse within this book
- The Java Cryptography Architecture (JCA)
- The Java Cryptography Extension (JCE)
- Cryptographic providers
- The Sun key management tools
- Message digests, digital signatures, and certificates (X509v3)
- Block and stream ciphers
- Implementations of the ElGamal signature and cipher algorithms
- A network talk application that encrypts all data sent over the network
- An email application that encrypts its messages
Cover | Table of Contents | Colophon
Featured customer reviews
Java Cryptography Review, December 08 2003
Rating:
Submitted by AzynchriX
[Respond | View]
I would recommend this.
Java Cryptography Review, October 14 2002
Rating:
Submitted by Dietrich Fahrenholtz
[Respond | View]
First of all, I like to say that the book "Java Cryptography" by J. Knudson is very well written
and a pretty good introduction to Java Cryptography Architecture and its extensions (JCE). One can
quickly grasp the necessary details it takes to write one's own Java code that makes use of
cryptographic functions. However, I must confess there are better books on the market to enter
the subject of cryptography. Not that Knudsen's book would not make a decent intro into the
field but if you want to become a Java programmer that understands and knows to deal with more
than some cryptographic concepts/algorithms/protocols you need to consult other literature such
as Schneiers "Applied Cryptography" which has gotten a bit long in the tooth, though, or Menezes/
Oorschot/Vanstone "Handbook of Applied Cryptography" which is oriented more to mathematical
reader. Notice also that the field of cryptography is ever-evolving so what is considered secure
today might be insecure tomorrow. A famous example is the notorious DES algorithm which was broken
by cryptanalysts a few years ago and not only because of its comparatively short keysize but
also of other weaknesses.
Furthermore, I like to comment on a few spots where the author's handling with cryptographic
attainments is a bit too lax. I am referring to page 193 of 1998 edition. He wrote " ..., El-
GamalCipher will fill up an incomplete block with zeros, but it is unable to ..." This kind of
"padding the last block with zeros" is considered bad practice in the cryptographic community
and should be avoided because an attacker might exploit these known plaintext bits of the last
block. A better practice is to fill the remaining space of a block with random bits. I think
the author should have mentioned this factor somewhere but unfortunately he has not.
Next, I am referring to page 184, section "Key Pair Generation", item 2. He wrote "Choose two
other random numbers, g and x, both less than p." You should not choose both variables g and x
this way because g serves a special purpose. Variable g is known to be a primitive element (aka.
generator) of the group Z[p] where p is the prime modulus. A generator generates _all_ p-1 elements
of a group Z[p]. A random number, element of Z[p], not being a primitive element generates a
subgroup of Z[p]. The number of elements in this subgroup might be _significantly_ less than the
number of elements of the original supergroup. Consider the following calculation to show how many
primitive elements there are for a group Z[p] with a 2048 bit prime p.
"HAC" is an acronym for "Handbook of Applied Cryptography" mentioned above.
1 2 3
P(X) = Phi(Phi(p))/p-1 = Phi(p-1)/p-1 > (p-1/6 ln ln (p-1))/p-1 = 1 / 6 ln ln (p-1)
P denotes the probability,
X is the random variable that a number in the range from 1 to p-1 is a primitive element.
1: is by the Fact 2.132, iii
2: is by the Fact 2.101, i
3: is by the Fact 2.102 for p-1 > 5
So if the number of bits of p-1 is 2048 bits then we get 1 / 6 ln ln (p-1) ~ 0.023
That means only every 44th number is a generator and in my opinion this strongly disqualifies
the "any random number" approach by the author as a secure solution.
Do not get my wrong, the "any random number will do" approach might be appropriate for a book
that concentrates on teaching Java cryptography implementation aspects, such as this book, not
elaborating on an all-time secure solution. But if this is so the author is supposed to mention
it somewhere in the text which, unfortunately again, did not happen.
If you want to implement a really secure ElGamalCipher you need to consider precomputed big safe
primes and their associated generators. You can have a look at RFC2412 and at the internet draft
draft-ietf-ipsec-ike-modp-groups-04.txt to be found at www.ietf.org. I think this is a pretty
good excercise for students who mastered the basics.
Overall, I strongly encourage the author to revise the first edition and be a bit more rigorous
on security aspects of the implemented algorithms.
Java Cryptography Review, November 10 2001
Rating:
Submitted by bert
[Respond | View]
Whats wrong with the Math???
Hey this book is a must for the budding Java programmer(make sure you can comfortably program in Java-or else it's just a book you'll struggle to understand the core facts while trying to grasp the language with) Top notch, go buy, go encrypt and stop your aunty sally from reading your "private" mail.
Java Cryptography Review, August 07 2001
Rating:
Submitted by David Bejjam
[Respond | View]
The word Cryptography scares many Java Programmers. This book clearly explains the fundamentals of Cryptography easily.
Java Cryptography Review, June 18 2001
Rating:
Submitted by Matt Hooker
[Respond | View]
A good general read on Java Cryptography. There are a few errors in some of the code examples, but nothing that a quick glance over the Security API javadocs can't quickly fix. We had quite a major project on the go and the book was invaluable during that time. Well worth investing in. I would have given a higher rating, but I am a man in search of perfection and the fact that the book contained erroneous code prevents me from so doing.
Java Cryptography Review, June 07 2001
Rating:
Submitted by BHUSHAN.THAMMINENI
[Respond | View]
Excellent book,when i was researching on cryptography
and related stuff,as our company wanted to become CSP
(cryptography service provider)on its own turn,after
loitering across thousands of pages over the net,i
found in this book thoughts that are crystalline and
distilled,about cryptography, where you could find
confluence of real mathematics and serious coding.
i recommend this book without hesitation to any
upcoming programmer,who wants become some day man
of difference.commendable work indeed.
Java Cryptography Review, January 31 2001
Rating:
Submitted by Li-fan Chen
[Respond | View]
There's no better first book on cryptography for a programmer to buy.
You get a great deal of exposure to an important facet of network security through this little gem. It's friendly and to the point.
The Java API is excellent--but the idea of cryptography is little odd to the everyday web or network application programmer. Having someone to kindly bridge the crypto-what-ja-ma-call-its to a world of how-do-i-wrap-it-around-my-web-or-mail-service is simply priceless. There's NO silly cryptomath (because only those cryptoexperts get the math anyway) but instead it's filled with no-nonsense coverage of how each and every common crypto engine and crypto-"protocol" takes your stream of data and converts them to cryptograms. If you always like to learn as MUCH as you could about a particular computational wonder tool before tackling a project without turning your brain to mush with research mathematics--you'll like this book.
It's just one of those books I wished I read a lot earlier so I won't have an excuse to avoid APIs that exposes applied cryptography to network applications all these years. I highly recommend this book before you head on to the math of it.
It's too bad the SSL/TLS API for Java never made it into this first edition (it did make it into O'Reilly's latest Java network programming book though).
Any one know of a book just like this one but for another language like C or Perl? With a book like this you don't need to explain it all over again--but illustration and snippets of code showing how to use the various APIs in other languages would be useful. I think if the author is willing to dabble into all of these issues and give away his findings on a book website it will be just AWESOME! A second edition of said book with all of these issues covered would be just grand too :-)
Java Cryptography Review, July 21 2000
Rating:
Submitted by sean
[Respond | View]
This book is for beginners??
Hmmm, once you get into security world, it should be estimated more than that...I guess..
As a java programmer who wishes to learn and use security algorithms, I couldn't find better book than this...(I didn't get bribes from Knudsen.)
Java Cryptography Review, July 14 2000
Rating:
Submitted by Omid Milani Fard
[Respond | View]
This is a good book for begginer's on java cryptography!
OMID :)
Media reviews
"Eventhough a new edition is desireable, 'Java Cryptography'still stands alone as the best book available on this topic."
--Thomas Paul, javaranch.com, April 2001
"A good resource for information on signing code and the nature of digital signatures is 'Java Cryptography' by Jonathan Knudsen."
--Patrick Sean Neville, Java Developer's Journal, January 2000
"You can read a whole chapter, very well-written, on random number generation in Java in the excellent book 'Java Cryptography' by Jonathan Knudsen. Highly recommended. When this one came in I sat down and read it straight through, first."
--Bliss Sloan, OnTheNet Forum, AOL, June 1998
