Chapter 4. PKI with Java

Public key cryptography alone is not sufficient for realizing the security services of data integrity, confidentiality, identification, authentication and non-repudiation. Think of this simple scenario: Alice wants to send a message to Bob for his eyes only and with the assurance that the message is from her only and no one else. To accomplish this, she signs the message with her private key and encrypts the signed message with Bob's public key. On receipt of the encrypted message, Bob decrypts it using his private key and verifies the signature with Alice's public key. As only Bob could decrypt the message, neither Alice nor Bob has to worry about someone else intercepting and reading it. Also, Alice's signature, verified ...

Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.