This chapter discusses filter streams for cryptography. The Java core API contains two of these in the
javax.crypto package contains two more,
CipherOutputStream. All four of these streams use an engine object to handle the filtering.
DigestOutputStream use a
MessageDigest object while
CipherOutputStream use a
Cipher object. The streams rely on the programmer to properly initialize and—in the case of the digest streams—clean up after the engines. Therefore, we’ll first look at the engine classes and then at the streams built around these engines.
Sometimes it’s essential to know whether data has changed. For instance, crackers invading Unix systems often replace crucial files like /etc/passwd or /usr/ucb/cc with their own hacked versions that enable them to regain access to the system if the original hole they entered through is plugged. Therefore, if you discover your system has been penetrated, one of the first things you need to do is reinstall any changed files. Of course, this raises the question of how you identify the changed files, especially since anybody who’s capable of replacing system executables is more than capable of resetting the last-modified date of the files. You can keep an offline copy of the system files; but this is costly and difficult, especially since multiple copies need ...