Cryptography is the science of secret writing. It’s a branch of mathematics, part of cryptology . Cryptology has one other child, cryptanalysis , which is the science of breaking (analyzing) cryptography.
The main security concerns of applications are addressed by cryptography. First, applications need assurance that users are who they say they are. Proving identity is called authentication . In the physical world, a driver’s license is a kind of authentication. When you use a computer, you usually use a name and password to authenticate yourself. Cryptography provides stronger methods of authentication, called signatures and certificates. I’ll talk about these in Chapter 6.
Computer applications need to protect their data from unauthorized access. You don’t want people snooping on your data (you want confidentiality ), and you don’t want someone changing data without your knowledge (you want to be assured of your data’s integrity). Data stored on a disk, for example, may be vulnerable to being viewed or stolen. Data transmitted across a network is subject to all sorts of nefarious attacks. Again, cryptography provides solutions; I’ll discuss them in detail in Chapter 6 and Chapter 7.
So what can you do with cryptography? Plenty. Here are just a few examples:
- Secure network communications
Cryptography can protect your data from thieves and impostors. Most web browsers now support SSL, a cryptographic protocol that encrypts information before it is transmitted over the Internet. SSL allows you to buy things, using your credit card number, without worrying too much that the number will be stolen.
- Secure hard disk
You can encrypt the files on your hard disk so that even if your enemies gain physical access to your computer, they won’t be able to access its data.
- Secure email
Email is notoriously easy to steal and easy to forge. Cryptography can make it hard to forge email and hard to read other people’s messages.
Although cryptography is heavily mathematical, there isn’t much
math in this book. One of the really nice things about the Java
Security API is that, like any good software library, it hides a lot
of complexity. The Security API exposes concepts, like
quietly deals with the underlying details. You can use cryptography
effectively in a Java application without knowing too much about
what’s going on underneath the hood. Of course, this implies
you need to trust Sun to write the Security API correctly. This book
should tell you what you need to know to use cryptographic
concepts properly in your Java applications.