You are previewing Java Cryptography.
O'Reilly logo
Java Cryptography

Book Description

Cryptography, the science of secret writing, is the biggest, baddest security tool in the application programmer's arsenal. Cryptography provides three services that are crucial in secure programming. These include a cryptographic cipher that protects the secrecy of your data; cryptographic certificates, which prove identity (authentication); and digital signatures, which ensure your data has not been damaged or tampered with. This book covers cryptographic programming in Java. Java 1.1 and Java 1.2 provide extensive support for cryptography with an elegant architecture, the Java Cryptography Architecture (JCA). Another set of classes, the Java Cryptography Extension (JCE), provides additional cryptographic functionality. This book covers the JCA and the JCE from top to bottom, describing the use of the cryptographic classes as well as their innards. The book is designed for moderately experienced Java programmers who want to learn how to build cryptography into their applications. No prior knowledge of cryptography is assumed. The book is peppered with useful examples, ranging from simple demonstrations in the first chapter to full-blown applications in later chapters. Topics include:

  • The Java Cryptography Architecture (JCA)

  • The Java Cryptography Extension (JCE)

  • Cryptographic providers

  • The Sun key management tools

  • Message digests, digital signatures, and certificates (X509v3)

  • Block and stream ciphers

  • Implementations of the ElGamal signature and cipher algorithms

  • A network talk application that encrypts all data sent over the network

  • An email application that encrypts its messages

  • Covers JDK 1.2 and JCE 1.2.

    Table of Contents

    1. Java Cryptography
      1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
      2. A Note Regarding Supplemental Files
      3. Preface
        1. Who Are You?
        2. About This Book
        3. What’s Not in This Book
        4. About the Examples
          1. Versions
          2. File Naming
          3. CLASSPATH
          4. Variable Naming
          5. Downloading
        5. Font Conventions
        6. Request for Comments
        7. Acknowledgments
      4. 1. Introduction
        1. Secure Systems
        2. Cryptography
        3. Platform Security
        4. Astute Inequalities
        5. Hello, zoT1wy1njA0=!
          1. Masher
          2. SecretWriting
      5. 2. Concepts
        1. Confidentiality
          1. Symmetric Ciphers
          2. Asymmetric Ciphers
          3. Hybrid Systems
          4. Distributing Keys
          5. Key Agreement Protocols
        2. Integrity
        3. Authentication
          1. Certificates
          2. Certificate Chains
        4. Random Numbers
        5. Algorithms
          1. Size Does Matter
          2. Names and Numbers
            1. MD5
            2. SHA-1
            3. HmacMD5 and HmacSHA1
            4. DSA
            5. ElGamal signatures
            6. DES
            7. DESede
            8. PBEWithMD5AndDES
            9. ElGamal ciphers
            10. DH
      6. 3. Architecture
        1. Alphabet Soup
        2. Concept Classes
        3. API and SPI
        4. Factory Methods
        5. Standard Names
        6. The Provider Architecture
        7. Key Management
        8. Summary
      7. 4. Random Numbers
        1. SecureRandom
        2. Self-Seeding
        3. Keyboard Timing
          1. Seeder
          2. Pitfalls
        4. SeederDialog
      8. 5. Key Management
        1. Keys
        2. Key Generators
          1. KeyPairGenerator
          2. KeyGenerator
          3. Algorithm-Specific Initialization
        3. Key Translators
          1. SecretKeySpec
          2. SecretKeyFactory
            1. From things to keys
            2. From keys to things
          3. KeyFactory
        4. Key Agreement
          1. Diffie-Hellman
          2. javax.crypto.KeyAgreement
          3. SKIP
            1. SkipServer
            2. SkipClient
            3. Skipper: Multiparty key agreement
        5. The Identity Key Management Paradigm
          1. Key Holders
            1. Principal
            2. Identity
            3. Signer
          2. IdentityScope
          3. KeyManager
        6. The KeyStore Key Management Paradigm
          1. KeyStore
            1. Getting
            2. Loading and saving
            3. Adding private key entries
            4. Adding trusted certificate entries
            5. Retrieving entries
          2. keytool
            1. Creating a key pair
            2. Ubiquitous options and defaults
            3. Inspecting the keystore
            4. Generating a CSR
            5. Importing certificates
            6. Other options
            7. Changing the default keystore class
      9. 6. Authentication
        1. Message Digests
          1. Getting
          2. Feeding
          3. Digesting
          4. One, Two, Three!
          5. Digest Streams
          6. Protected Password Login
          7. Double-Strength Password Login
        2. MACs
          1. Setting Up
          2. Feeding
          3. Calculating the Code
          4. For Instance
        3. Signatures
          1. Generating a Signature
          2. Verifying a Signature
          3. Hancock
          4. Login, Again
          5. SignedObject
        4. Certificates
          1. java.security.cert.Certificate
          2. Generating a Certificate
          3. Verifying a Certificate
          4. X.509
          5. Spill
          6. Certificate Revocation Lists
      10. 7. Encryption
        1. Streams and Blocks
        2. Block Ciphers
          1. Padding
            1. PKCS#5
            2. Other padding schemes
          2. Modes
            1. ECB
            2. CBC
            3. PCBC
            4. CFB
            5. OFB
            6. Other modes
        3. Algorithms
        4. javax.crypto.Cipher
          1. Getting a Cipher
          2. Basic Information
          3. Initializing a Cipher
            1. Generic
            2. Name brand
          4. Feeding Data to a Cipher
        5. Cipher’s Close Relatives
          1. Cipher Streams
          2. javax.crypto.SealedObject
        6. Passphrase Encryption
          1. Salt and Vinegar
          2. Test Drive
        7. Inside Cipher
          1. SPI
            1. Setup
            2. Basic information
            3. Initializing
            4. Feeding
          2. BlockCipher
          3. CBCWrapper
          4. CFBWrapper
        8. Hybrid Systems
          1. PGP
          2. S/MIME
          3. SSL
            1. Sources
            2. Using the browser
          4. SET
      11. 8. Signed Applets
        1. Renegade
        2. HotJava
          1. Prepare a Signer
          2. Bundle the Applet
          3. Sign the Applet
          4. Test the Applet
          5. Set Up the Browser
        3. Navigator
          1. Prepare a Signer
          2. Ask for Permission
          3. Sign the Applet
          4. Bundle the Applet
          5. Test the Applet
          6. Set Up the Browser
        4. Internet Explorer
          1. Recipe
          2. Prepare a Signer
          3. Bundle the Applet
          4. Sign the Applet
          5. Test the Applet
        5. Summary
      12. 9. Writing a Provider
        1. Getting Started
          1. Algorithm Names and Implementations
          2. A Simple Provider
          3. An Algorithm by Any Other Name
          4. Installing the Provider
        2. Adding the ElGamal Classes
        3. ElGamal
          1. Key Pair Generation
          2. Signature
          3. Cipher
        4. Generating Keys
          1. Key Classes
          2. ElGamalKeyPairGenerator
        5. Signature
        6. Cipher
      13. 10. SafeTalk
        1. Using SafeTalk
          1. First-Time Setup
          2. Exporting a Key
          3. Importing a Key
          4. Starting a Conversation
          5. Receiving a Conversation
          6. Loopback Testing
        2. Under the Hood
          1. Architecture
          2. Session
          3. SessionServer
          4. Receiver
          5. SafeTalk
      14. 11. CipherMail
        1. Using CipherMail
          1. First-Time Setup
            1. Preferences
            2. Keys
          2. Getting and Reading Mail
          3. Sending Mail
        2. Under the Hood
          1. Architecture
          2. Message Format
          3. Message
          4. POP3
          5. SMTP
          6. Composer
          7. CipherMail
      15. 12. Outside the Box
        1. Application Design
          1. Self-Contained
          2. Demonstration Software
          3. Client/Server
          4. Client Applets
          5. Access Control
        2. Decompilers and Bytecode Obfuscation
        3. Endpoint Security
        4. File Security
          1. Serialization
          2. Deleting Files
          3. Virtual Memory
          4. Memory Scanning
        5. Network Security
        6. Summary
      16. A. BigInteger
      17. B. Base64
      18. C. JAR
        1. Creating
        2. Extracting
        3. The Manifest
        4. Signing
      19. D. Javakey
        1. Creating
        2. Inspecting
        3. Gimme the Keys...
        4. Certificates
        5. To and Fro
        6. Sign of the Times
        7. The Care and Feeding of Keys
      20. E. Quick Reference
        1. Package java.security
          1. Class java.security.AlgorithmParameters
          2. Class java.security.AlgorithmParametersSpi
          3. Class java.security.DigestInputStream
          4. Class java.security.DigestOutputStream
          5. Class java.security.Identity
          6. Class java.security.IdentityScope
          7. Interface java.security.Key
          8. Class java.security.KeyFactory
          9. Class java.security.KeyFactorySpi
          10. Class java.security.KeyPair
          11. Class java.security.KeyPairGenerator
          12. Class java.security.KeyPairGeneratorSpi
          13. Class java.security.KeyStore
          14. Class java.security.MessageDigest
          15. Class java.security.MessageDigestSpi
          16. Interface java.security.Principal
          17. Interface java.security.PrivateKey
          18. Class java.security.Provider
          19. Interface java.security.PublicKey
          20. Class java.security.SecureRandom
          21. Class java.security.Security
          22. Class java.security.Signature
          23. Class java.security.SignatureSpi
          24. Class java.security.SignedObject
          25. Class java.security.Signer
        2. Package java.security.cert
          1. Class java.security.cert.Certificate
          2. Class java.security.cert.RevokedCertificate
          3. Class java.security.cert.X509Certificate
          4. Class java.security.cert.X509CRL
          5. Interface java.security.cert.X509Extension
        3. Package java.security.interfaces
          1. Interface java.security.interfaces.DSAKey
          2. Interface java.security.interfaces.DSAKeyPairGenerator
          3. Interface java.security.interfaces.DSAParams
          4. Interface java.security.interfaces.DSAPrivateKey
          5. Interface java.security.interfaces.DSAPublicKey
        4. Package java.security.spec
          1. Interface java.security.spec.AlgorithmParameterSpec
          2. Class java.security.spec.DSAParameterSpec
          3. Class java.security.spec.DSAPrivateKeySpec
          4. Class java.security.spec.DSAPublicKeySpec
          5. Class java.security.spec.EncodedKeySpec
          6. Interface java.security.spec.KeySpec
          7. Class java.security.spec.PKCS8EncodedKeySpec
          8. Class java.security.spec.X509EncodedKeySpec
        5. Package javax.crypto
          1. Class javax.crypto.Cipher
          2. Class javax.crypto.CipherInputStream
          3. Class javax.crypto.CipherOutputStream
          4. Class javax.crypto.CipherSpi
          5. Class javax.crypto.KeyAgreement
          6. Class javax.crypto.KeyAgreementSpi
          7. Class javax.crypto.KeyGenerator
          8. Class javax.crypto.KeyGeneratorSpi
          9. Class javax.crypto.NullCipher
          10. Class javax.crypto.SealedObject
          11. Interface javax.crypto.SecretKey
          12. Class javax.crypto.SecretKeyFactory
          13. Class javax.crypto.SecretKeyFactorySpi
        6. Package javax.crypto.interfaces
          1. Interface javax.crypto.interfaces.DHKey
          2. Interface javax.crypto.interfaces.DHPrivateKey
          3. Interface javax.crypto.interfaces.DHPublicKey
          4. Interface javax.crypto.interfaces.RSAPrivateKey
          5. Interface javax.crypto.interfaces.RSAPrivateKeyCrt
          6. Interface javax.crypto.interfaces.RSAPublicKey
        7. Package javax.crypto.spec
          1. Class javax.crypto.spec.DESKeySpec
          2. Class javax.crypto.spec.DESedeKeySpec
          3. Class javax.crypto.spec.DHGenParameterSpec
          4. Class javax.crypto.spec.DHParameterSpec
          5. Class javax.crypto.spec.DHPrivateKeySpec
          6. Class javax.crypto.spec.DHPublicKeySpec
          7. Class javax.crypto.spec.IvParameterSpec
          8. Class javax.crypto.spec.PBEKeySpec
          9. Class javax.crypto.spec.PBEParameterSpec
          10. Class javax.crypto.spec.RSAPrivateKeyCrtSpec
          11. Class javax.crypto.spec.RSAPrivateKeySpec
          12. Class javax.crypto.spec.RSAPublicKeySpec
      21. Index
      22. About the Author
      23. Colophon
      24. SPECIAL OFFER: Upgrade this ebook with O’Reilly