O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Java Cryptography

Book Description

Cryptography, the science of secret writing, is the biggest, baddest security tool in the application programmer's arsenal. Cryptography provides three services that are crucial in secure programming. These include a cryptographic cipher that protects the secrecy of your data; cryptographic certificates, which prove identity (authentication); and digital signatures, which ensure your data has not been damaged or tampered with.This book covers cryptographic programming in Java. Java 1.1 and Java 1.2 provide extensive support for cryptography with an elegant architecture, the Java Cryptography Architecture (JCA). Another set of classes, the Java Cryptography Extension (JCE), provides additional cryptographic functionality. This book covers the JCA and the JCE from top to bottom, describing the use of the cryptographic classes as well as their innards.The book is designed for moderately experienced Java programmers who want to learn how to build cryptography into their applications. No prior knowledge of cryptography is assumed. The book is peppered with useful examples, ranging from simple demonstrations in the first chapter to full-blown applications in later chapters.Topics include:

  • The Java Cryptography Architecture (JCA)
  • The Java Cryptography Extension (JCE)
  • Cryptographic providers
  • The Sun key management tools
  • Message digests, digital signatures, and certificates (X509v3)
  • Block and stream ciphers
  • Implementations of the ElGamal signature and cipher algorithms
  • A network talk application that encrypts all data sent over the network
  • An email application that encrypts its messages
Covers JDK 1.2 and JCE 1.2.

Table of Contents

  1. A Note Regarding Supplemental Files
  2. Preface
    1. Who Are You?
    2. About This Book
    3. What’s Not in This Book
    4. About the Examples
      1. Versions
      2. File Naming
      3. CLASSPATH
      4. Variable Naming
      5. Downloading
    5. Font Conventions
    6. Request for Comments
    7. Acknowledgments
  3. 1. Introduction
    1. Secure Systems
    2. Cryptography
    3. Platform Security
    4. Astute Inequalities
    5. Hello, zoT1wy1njA0=!
      1. Masher
      2. SecretWriting
  4. 2. Concepts
    1. Confidentiality
      1. Symmetric Ciphers
      2. Asymmetric Ciphers
      3. Hybrid Systems
      4. Distributing Keys
      5. Key Agreement Protocols
    2. Integrity
    3. Authentication
      1. Certificates
      2. Certificate Chains
    4. Random Numbers
    5. Algorithms
      1. Size Does Matter
      2. Names and Numbers
        1. MD5
        2. SHA-1
        3. HmacMD5 and HmacSHA1
        4. DSA
        5. ElGamal signatures
        6. DES
        7. DESede
        8. PBEWithMD5AndDES
        9. ElGamal ciphers
        10. DH
  5. 3. Architecture
    1. Alphabet Soup
    2. Concept Classes
    3. API and SPI
    4. Factory Methods
    5. Standard Names
    6. The Provider Architecture
    7. Key Management
    8. Summary
  6. 4. Random Numbers
    1. SecureRandom
    2. Self-Seeding
    3. Keyboard Timing
      1. Seeder
      2. Pitfalls
    4. SeederDialog
  7. 5. Key Management
    1. Keys
    2. Key Generators
      1. KeyPairGenerator
      2. KeyGenerator
      3. Algorithm-Specific Initialization
    3. Key Translators
      1. SecretKeySpec
      2. SecretKeyFactory
        1. From things to keys
        2. From keys to things
      3. KeyFactory
    4. Key Agreement
      1. Diffie-Hellman
      2. javax.crypto.KeyAgreement
      3. SKIP
        1. SkipServer
        2. SkipClient
        3. Skipper: Multiparty key agreement
    5. The Identity Key Management Paradigm
      1. Key Holders
        1. Principal
        2. Identity
        3. Signer
      2. IdentityScope
      3. KeyManager
    6. The KeyStore Key Management Paradigm
      1. KeyStore
        1. Getting
        2. Loading and saving
        3. Adding private key entries
        4. Adding trusted certificate entries
        5. Retrieving entries
      2. keytool
        1. Creating a key pair
        2. Ubiquitous options and defaults
        3. Inspecting the keystore
        4. Generating a CSR
        5. Importing certificates
        6. Other options
        7. Changing the default keystore class
  8. 6. Authentication
    1. Message Digests
      1. Getting
      2. Feeding
      3. Digesting
      4. One, Two, Three!
      5. Digest Streams
      6. Protected Password Login
      7. Double-Strength Password Login
    2. MACs
      1. Setting Up
      2. Feeding
      3. Calculating the Code
      4. For Instance
    3. Signatures
      1. Generating a Signature
      2. Verifying a Signature
      3. Hancock
      4. Login, Again
      5. SignedObject
    4. Certificates
      1. java.security.cert.Certificate
      2. Generating a Certificate
      3. Verifying a Certificate
      4. X.509
      5. Spill
      6. Certificate Revocation Lists
  9. 7. Encryption
    1. Streams and Blocks
    2. Block Ciphers
      1. Padding
        1. PKCS#5
        2. Other padding schemes
      2. Modes
        1. ECB
        2. CBC
        3. PCBC
        4. CFB
        5. OFB
        6. Other modes
    3. Algorithms
    4. javax.crypto.Cipher
      1. Getting a Cipher
      2. Basic Information
      3. Initializing a Cipher
        1. Generic
        2. Name brand
      4. Feeding Data to a Cipher
    5. Cipher’s Close Relatives
      1. Cipher Streams
      2. javax.crypto.SealedObject
    6. Passphrase Encryption
      1. Salt and Vinegar
      2. Test Drive
    7. Inside Cipher
      1. SPI
        1. Setup
        2. Basic information
        3. Initializing
        4. Feeding
      2. BlockCipher
      3. CBCWrapper
      4. CFBWrapper
    8. Hybrid Systems
      1. PGP
      2. S/MIME
      3. SSL
        1. Sources
        2. Using the browser
      4. SET
  10. 8. Signed Applets
    1. Renegade
    2. HotJava
      1. Prepare a Signer
      2. Bundle the Applet
      3. Sign the Applet
      4. Test the Applet
      5. Set Up the Browser
    3. Navigator
      1. Prepare a Signer
      2. Ask for Permission
      3. Sign the Applet
      4. Bundle the Applet
      5. Test the Applet
      6. Set Up the Browser
    4. Internet Explorer
      1. Recipe
      2. Prepare a Signer
      3. Bundle the Applet
      4. Sign the Applet
      5. Test the Applet
    5. Summary
  11. 9. Writing a Provider
    1. Getting Started
      1. Algorithm Names and Implementations
      2. A Simple Provider
      3. An Algorithm by Any Other Name
      4. Installing the Provider
    2. Adding the ElGamal Classes
    3. ElGamal
      1. Key Pair Generation
      2. Signature
      3. Cipher
    4. Generating Keys
      1. Key Classes
      2. ElGamalKeyPairGenerator
    5. Signature
    6. Cipher
  12. 10. SafeTalk
    1. Using SafeTalk
      1. First-Time Setup
      2. Exporting a Key
      3. Importing a Key
      4. Starting a Conversation
      5. Receiving a Conversation
      6. Loopback Testing
    2. Under the Hood
      1. Architecture
      2. Session
      3. SessionServer
      4. Receiver
      5. SafeTalk
  13. 11. CipherMail
    1. Using CipherMail
      1. First-Time Setup
        1. Preferences
        2. Keys
      2. Getting and Reading Mail
      3. Sending Mail
    2. Under the Hood
      1. Architecture
      2. Message Format
      3. Message
      4. POP3
      5. SMTP
      6. Composer
      7. CipherMail
  14. 12. Outside the Box
    1. Application Design
      1. Self-Contained
      2. Demonstration Software
      3. Client/Server
      4. Client Applets
      5. Access Control
    2. Decompilers and Bytecode Obfuscation
    3. Endpoint Security
    4. File Security
      1. Serialization
      2. Deleting Files
      3. Virtual Memory
      4. Memory Scanning
    5. Network Security
    6. Summary
  15. A. BigInteger
  16. B. Base64
  17. C. JAR
    1. Creating
    2. Extracting
    3. The Manifest
    4. Signing
  18. D. Javakey
    1. Creating
    2. Inspecting
    3. Gimme the Keys...
    4. Certificates
    5. To and Fro
    6. Sign of the Times
    7. The Care and Feeding of Keys
  19. E. Quick Reference
    1. Package java.security
    2. Package java.security.cert
    3. Package java.security.interfaces
    4. Package java.security.spec
    5. Package javax.crypto
    6. Package javax.crypto.interfaces
    7. Package javax.crypto.spec
  20. Index
  21. About the Author
  22. Colophon
  23. Copyright