Chapter 4. PKI with Java
Public key cryptography alone is not sufficient for realizing the security services of data integrity, confidentiality, identification, authentication and non-repudiation. Think of this simple scenario: Alice wants to send a message to Bob for his eyes only and with the assurance that the message is from her only and no one else. To accomplish this, she signs the message with her private key and encrypts the signed message with Bob's public key. On receipt of the encrypted message, Bob decrypts it using his private key and verifies the signature with Alice's public key. As only Bob could decrypt the message, neither Alice nor Bob has to worry about someone else intercepting and reading it. Also, Alice's signature, verified ...
Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
