Chapter 10 only began to explore the fascinating subject of cryptography. The JCE is explicated in much more detail by Jonathan Knudsen in Java Cryptography (O’Reilly & Associates, 1998) Java Cryptography expands on the coverage of the Cipher and MessageDigest classes you’ll find in this book. It also includes thorough discussions of the java.security package and the Java Cryptography Extension (JCE), showing you how to use security providers and even implement your own provider. It discusses authentication, key management, and public and private key encryption and includes a secure talk application that encrypts all data sent over the network. If you write Java programs that communicate sensitive data, you’ll find this book indispensable.

For a more in-depth look at the mathematics and protocols that underlie the JCE, you’ll want to check out Bruce Schneier’s Applied Cryptography (John Wiley & Sons, 1995). This is the standard practical text on cryptographic protocols and algorithms, and the attacks on them. Schneier discusses a wide range of cryptographic algorithms, key management and exchange schemes, one-way hash functions, signature algorithms, and many other problems in sufficient detail to allow a competent programmer to implement them. Although Schneier’s language of choice is C, the techniques discussed are applicable in any language.

The formal specification of the Java Cryptography API is available from Sun at http://java.sun.com/products/jdk/1.2/docs/guide/security/CryptoSpec.html ...