O'Reilly logo

Java Security, 2nd Edition by Scott Oaks

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Secure Message Digests

As we stated in Chapter 7, the message digest by itself does not give us a very high level of security. We can tell whether somehow the output file in this example has been corrupted because the text that we read in won’t produce the same message digest that was saved with the file. But there’s nothing to prevent someone from changing both the text and the digest stored in the file in such a way that the new digest reflects the altered text.

A secure message digest is called a Message Authentication Code (MAC). A MAC has the property that it cannot be created solely from the input data; it requires a secret key that is shared by the sender and receiver. Hence, an intermediate party cannot change both the data and the MAC without the receiver detecting that the data has been corrupted.

There are various ways in which a message digest can be made into a MAC, but the core Java security API does not provide any standard techniques for doing so. However, JCE does provide a class to produce a MAC, and there are simple ways to calculate a MAC on your own.

The Mac Class

The Mac class (javax.crypto.Mac) is part of the Java Cryptography Extension because it involves a cryptographic operation: a secret key is used to calculate the message digest. This mean that in order to use the Mac class, both sender and receiver must agree upon which secret key to use. As we discussed in Chapter 10, that means the sender and receiver must have previously exchanged and stored ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required