Chapter 10. SafeTalk

SafeTalk is a Java application based on the talk utility of Unix. talk allows two users on different computers to type messages to each other, in real time, over a network. It’s not hard to eavesdrop on talk because its data is sent in plaintext over the network. SafeTalk adds cryptography to this application, providing authentication for each end of the conversation and encryption for the conversation itself.

SafeTalk builds on work that we’ve done elsewhere in this book:

  • The KeyManager class, from Chapter 5, is used to contain all the keys that SafeTalk uses. This class is used instead of a KeyStore derivative to keep the application reasonably simple. If we used a KeyStore implementation, we’d have had to implement certificate generation and handling as well.

  • SafeTalk exchanges a DES session key using ElGamal encryption. We need the ElGamal classes from Chapter 9, (with the exception of ElGamalSignature) and the Jonathan provider.

SafeTalk, in essence, is a hybrid system, combining both symmetric and asymmetric ciphers (see Chapter 7, for more on hybrid systems). It uses an ElGamal (asymmetric) cipher to exchange a session key between the two ends of the conversation. The remainder of the conversation is encrypted using a DES (symmetric) cipher and the session key.

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.