book

Java Security

by Scott Oaks

May 1998

Intermediate to advanced

469 pages

14h 57m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Anatomy of a Java Application
Outline of the JavaRunner ApplicationBuilt-in Java Application Security
Java Language Security ConstructsObject Serialization and Memory Integrity
Compiler EnforcementThe Bytecode VerifierInside the bytecode verifierDelayed bytecode verificationControlling bytecode verificationRuntime Enforcement
Security and the Class LoaderClass Loaders and Security EnforcementClass Loaders and Namespaces
The Internal Class LoaderThe Applet Class LoaderThe RMI Class LoaderThe Secure Class LoaderThe URL Class LoaderChoosing the Right Class Loader
Implementing the ClassLoader ClassProtected methods in the ClassLoader classImplementing the SecureClassLoader ClassProtected methods of the SecureClassLoader classImplementing Security Policies in the Class Loader
Loading from Multiple SitesA JAR File Class Loader
DelegationLoading ResourcesLoading Libraries
Overview of the Security ManagerSecurity Managers and the Java API
Setting a Security ManagerMethods Relating to File AccessMethods Relating to Network AccessMethods Protecting the Java Virtual MachineMethods Protecting Program ThreadsMethods Protecting System ResourcesMethods Protecting Security Aspects
The CodeSource Class
The Permission ClassPermissions of the Java APIUsing the Permission ClassThe BasicPermission ClassPermission CollectionsThe Permissions Class
The Default Policy
Protected Methods of the Security ManagerThe Class Loader DepthProtected Instance Variables in the Security Manager
The Class Loader and the Security Manager
Utility ClassesImplementing Network AccessNetwork Permissions in the Class LoaderImplementing Thread SecurityImplementing Package AccessEstablishing a Security Policy in 1.2Establishing a 1.1 Security PolicyThe RMI security managerA complete 1.1 security managerImplementing the file access methodsImplementing network, thread, and package accessImplementing miscellaneous methods
The Secure JavaRunner ProgramThe Secure Java Launcher
The Need for AuthenticationAuthor AuthenticationData AuthenticationJava’s Role in Authentication
Message DigestsCryptographic KeysDigital SignaturesEncryption Engines
The Architecture of Security ProvidersComponents of the ArchitectureChoosing a Security Provider
Using the Provider ClassImplementing the Provider Class
The Security Class and the Security Manager
Using the Message Digest ClassSecure Message Digests
The DigestOutputStream ClassThe DigestInputStream Class
KeysThe Key InterfaceDSA keysThe KeyPair Class
Using the KeyPairGenerator ClassGenerating DSA KeysImplementing a Key Pair Generator
Using the KeyFactory classImplementing a Key FactoryKey SpecificationsThe EncodedKeySpec classThe AlgorithmParameterSpec interfaceA Key Factory Example
The Certificate ClassThe CertificateFactory ClassThe X509Certificate ClassAdvanced X509Certificate MethodsRevoked Certificates
Overview of Key ManagementPrincipals
Installing a KeyStore Class
The Signature ClassUsing the Signature ClassThe SignedObject ClassSigning and Certificates
Reading Signed JAR FilesThe Signed JAR File and Security Policies
Export Restrictions
Secret Keys
The KeyGenerator ClassUsing the KeyGenerator classImplementing a KeyGenerator classThe SecretKeyFactory ClassSecret key specificationsThe secret key factory SPI
Using the Cipher ClassCipher AlgorithmsImplementing the Cipher Class
The CipherOutputStream ClassThe CipherInputStream ClassSSL Encryption
The keytoolGlobal Options to keytoolAdding a Certificate EntryAdding a Key EntryModifying Keystore EntriesDeleting Keystore EntriesExamining Keystore DataImporting a 1.1-Based Identity DatabaseMiscellaneous Commands
Creating a Signed JAR FileVerifying a JAR File
Managing Policy CodebasesManaging PermissionsManaging Certificate Entries
The java.security FileThe java.policy File
IdentitiesThe Identity ClassUsing the identity classImplementing an Identity classThe Identity class and the security managerSignersUsing the Signer classImplementing a signerSigners and the security manager
Using the IdentityScope ClassWriting an Identity ScopeIdentityScope and the Security Manager
Implementing an Identity ClassImplementing a Signer ClassA Shared System Identity ScopeCreating Identities
Security BugsJava Security BugsTracking Security Bugs
Package java.security

Content preview from Java Security

Secret Key Engines

In the JCE, there are new ways to generate keys. Since the existing key engines only operate on public and private keys, the JCE introduces two new engines that can operate on secret keys. Note also in Table 13.1 that the SunJCE security provider implements a new algorithm to generate key pairs for Diffie-Hellman key agreement; that algorithm uses the standard KeyPairGenerator class we explored in Chapter 10.

The KeyGenerator Class

The first engine we’ll look at is the KeyGenerator class (javax.crypto.Key-Generator); this class is used to generate secret keys. This class is very similar to the KeyPairGenerator class except that it generates instances of secret keys instead of pairs of public and private keys:

public class KeyGenerator: Generate instances of secret keys for use by a symmetric encryption algorithm.

The KeyGenerator class is an engine within the JCE. As such, it has all the hallmarks of a cryptographic engine. It has a complementary SPI and a set of public methods that are used to operate upon it, and its implementation must be registered with the security provider.

Using the KeyGenerator class

Like other engine classes, the KeyGenerator class does not have any public constructors. An instance of a KeyGenerator is obtained by calling one of these methods:

public static final KeyGenerator getInstance(String algorithm) , public static final KeyGenerator getInstance(String algorithm, String provider): Return an object capable of generating secret keys that ...