Keys: Public, Private, and Secret
The Java Security API makes heavy use of both secret key and public
key cryptography. The basics of creating and managing keys are
provided by the
Key interface and the
KeyPairGenerator classes in the
Before we delve into how keys are supported in the Security API, it’s important to understand the basics of public key cryptography algorithms, and the differences between them and the more well known secret key algorithms. Most of the features in the Java Security API, and most modern security APIs in general, support both secret key and public key algorithms. Readers that are already familiar with the concept of public key cryptography can skip over the next few sections.
Early cryptographic systems used secret key methods for encoding private data. Secret key cryptography depends on the use of private keys for authentication and encryption. Two parties have to exchange secret keys with each other over some private, secure communications channel, and these keys are used to encode and decode messages. Each party has to have the other party’s secret key in order to decode their messages. If attackers manage to steal or intercept a secret key, then they can listen in on communications or even impersonate one of the parties by sending encrypted messages using the stolen secret key.
Secret key cryptography has the advantage of simplicity. Algorithms for implementing secret key schemes are ...