Cryptography

Cryptography is the science of secret writing. It’s a branch of mathematics, part of cryptology . Cryptology has one other child, cryptanalysis , which is the science of breaking (analyzing) cryptography.

The main security concerns of applications are addressed by cryptography. First, applications need assurance that users are who they say they are. Proving identity is called authentication . In the physical world, a driver’s license is a kind of authentication. When you use a computer, you usually use a name and password to authenticate yourself. Cryptography provides stronger methods of authentication, called signatures and certificates. I’ll talk about these in Chapter 6.

Computer applications need to protect their data from unauthorized access. You don’t want people snooping on your data (you want confidentiality ), and you don’t want someone changing data without your knowledge (you want to be assured of your data’s integrity). Data stored on a disk, for example, may be vulnerable to being viewed or stolen. Data transmitted across a network is subject to all sorts of nefarious attacks. Again, cryptography provides solutions; I’ll discuss them in detail in Chapter 6 and Chapter 7.

So what can you do with cryptography? Plenty. Here are just a few examples:

Secure network communications

Cryptography can protect your data from thieves and impostors. Most web browsers now support SSL, a cryptographic protocol that encrypts information before it is transmitted over the Internet. SSL allows you to buy things, using your credit card number, without worrying too much that the number will be stolen.

Secure hard disk

You can encrypt the files on your hard disk so that even if your enemies gain physical access to your computer, they won’t be able to access its data.

Secure email

Email is notoriously easy to steal and easy to forge. Cryptography can make it hard to forge email and hard to read other people’s messages.

Although cryptography is heavily mathematical, there isn’t much math in this book. One of the really nice things about the Java Security API is that, like any good software library, it hides a lot of complexity. The Security API exposes concepts, like Signature and Cipher, and quietly deals with the underlying details. You can use cryptography effectively in a Java application without knowing too much about what’s going on underneath the hood. Of course, this implies you need to trust Sun to write the Security API correctly. This book should tell you what you need to know to use cryptographic concepts properly in your Java applications.

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.