Data Encryption
Now
we’ve seen how you can authenticate a remote agent talking to
you over the network, but what about the security of the data
you’re exchanging? Our AuthCreditAgent
checks the identity of the requesting agent before sending account
information to them, but once it does, the data is sent unencoded
over the network as a message:
String msg = nextMsg();
...
dout.writeUTF(msg);So if the data is all an attacker is after, and he couldn’t easily bypass our authentication system, he could eavesdrop on the network communications and collect the data that way. To prevent this, you want to encode, or encrypt, the data before it’s transmitted, in such a way that only the intended recipient can decode the data.
Ciphers for Secure Data Transfers
The Java Cryptography Extension to the Java Security API provides the
java.security.Cipher
class
for implementing secure, encrypted data transfers. A
Cipher can be used on the sending end of a
transmission to encrypt data, and on the receiving end to decrypt
data. A Cipher is created using the
getInstance() method common to the Java Security
API, passing in the name of an algorithm to be used for encryption:
Cipher sendCipher = Cipher.getInstance("DES");In this example, we’re creating a Cipher
that uses the DES algorithm to encrypt data. This algorithm is a
symmetric
encryption algorithm, which means that it needs to use the same secret key for both the encryption and decryption of data at either end of the transmission link. Other ...
Get Java Distributed Computing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
