Keys: Public, Private, and Secret

The Java Security API makes heavy use of both secret key and public key cryptography. The basics of creating and managing keys are provided by the Key interface and the KeyPair, KeyGenerator, and KeyPairGenerator classes in the package.

Before we delve into how keys are supported in the Security API, it’s important to understand the basics of public key cryptography algorithms, and the differences between them and the more well known secret key algorithms. Most of the features in the Java Security API, and most modern security APIs in general, support both secret key and public key algorithms. Readers that are already familiar with the concept of public key cryptography can skip over the next few sections.

Secret Keys

Early cryptographic systems used secret key methods for encoding private data. Secret key cryptography depends on the use of private keys for authentication and encryption. Two parties have to exchange secret keys with each other over some private, secure communications channel, and these keys are used to encode and decode messages. Each party has to have the other party’s secret key in order to decode their messages. If attackers manage to steal or intercept a secret key, then they can listen in on communications or even impersonate one of the parties by sending encrypted messages using the stolen secret key.

Secret key cryptography has the advantage of simplicity. Algorithms for implementing secret key schemes are ...

Get Java Distributed Computing now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.