Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:

Published byChloe Williamson Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:"— Presentation transcript:

1 1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website: http://java.sun.com

2 2 Goals Learn about JAVA Crypto Architecture How to use JAVA Crypto API ’ s Understand the JCE (Java Cryptography Extension) Be able to use java crypto functions (meaningfully) in your code JAAS (Java Authentication and Authorization Service) (Refer Java web site for JAAS details) JSSE (Java Secure Socket Extension) (Refer Java web site for JSSE details)

3 3 Introduction JDK Security API Core API for Java Built around the java.security package First release of JDK Security introduced "Java Cryptography Architecture" (JCA) Framework for accessing and developing cryptographic functionality JCA encompasses Parts of JDK 1.2 Security API related to cryptography Architecture that allows for multiple and interoperable cryptography implementations The Java Cryptography Extension (JCE) extends JCA Includes APIs for encryption, key exchange, and Message Authentication Code (MAC)

4 4 Java Cryptography Extension (JCE) Adds encryption, key exchange, key generation, message authentication code (MAC) Multiple “ providers ” supported Keys & certificates in “ keystore ” database Separate due to export control

5 5 JCE Architecture JCE: Cipher KeyAgreement KeyGenerator SecretKeyFactory MAC CSP 1 CSP 2 SPI API App 1App 2

6 6 Design Principles Implementation independence and interoperability "provider “ based architecture Set of packages implementing cryptographic services digital signature algorithms Programs request a particular type of object Various implementations working together, use each other's keys, or verify each other's signatures Algorithm independence and extensibility Cryptographic classes providing the functionality Classes are called engine classes, example Signature Addition of new algorithms straight forward

7 7 Building Blocks Key Certificate Keystore Message Digest Digital Signature SecureRandom Cipher MAC

8 8 Engine Classes and SPI Interface to specific type of cryptographic service Defines API methods to access cryptographic service Actual implementation specific to algorithms For example : Signature engine class Provides access to the functionality of a digital signature algorithm Actual implementation supplied by specific algorithm subclass "Service Provider Interface" (SPI) Each engine class has a corresponding abstract SPI class Defines the Service Provider Interface to be used by implementors SPI class is abstract - To supply implementation, provider must subclass

9 9 JCA Implementation SPI (Service Provider Interface) say FooSpi Engine Foo Algorithm MyAlgorithm Foo f = Foo.getInstance(MyAlgorithm);

10 10 General Usage No need to call constructor directly Define the algorithm reqd. getInstance() Initialize the keysize init() or initialize() Use the Object generateKey() or doFinal()

11 11 java.security classes Key KeyPair KeyPairGenerator KeyFactory Certificate CertificateFactory Keystore MessageDigest Signature SignedObject SecureRandom

12 12 Key Types SecretKey PublicKey PrivateKey Methods getAlgorthm() getEncoded() KeyPair= {PrivateKey, PublicKey}

13 13 KeyGenerator Generates instances of key Requires Algorithm getInstance(algo) Keylength, (random) Initialize(param, random) Generates required key/keypair

14 14 KeyFactory/SecretKeyFactory Converts a KeySpec into Keys KeySpec Depends on the algorithm Usually a byte[] (DES) Could also be a set of numbers (DSA) Required when the key is encoded and transferred across the network

15 15 Certificate Problem Java.security.Certificate is an interface Java.security.cert.Certificate is a class Which one to use when you ask for a Certificate? Import only the correct type Avoid “ import java.security.* ” Use X509Certificate

16 16 KeyStore Access to a physical keystore Can import/export certificates Can import keys from certificates Certificate.getPublicKey() Certificate.getPrivateKey() Check for certificate validity Check for authenticity

17 17 keytool Reads/writes to a keystore Unique alias for each certificate Password Encrypted Functionality Import Sign Request Export NOTE: Default is DSA !

18 18 Signature DSA, RSA Obtain a Signature Object getInstance(algo) getInstance(algorithm,provider)

19 19 Signature (signing) Initialize for signing initSign(PrivateKey) Give the data to be signed update(byte [] input) and variations doFinal(byte [] input) and variations Sign byte[] Signature.sign() NOTE: Signature does not contain the actual signature

20 20 Signature (verifying) Initialize for verifying initVerify(PublicKey) Give the data to be verifieded update(byte [] input) and variations doFinal(byte [] input) and variations Verify boolean Signature.verify()

21 21 SignedObject Signs and encapsulates a signed object Sign SignedObject(Serializable, Signature) Recover Object getContent() byte[] getSignature() Verify Verify(PublicKey, Signature) ! Need to initialize the instance of the signature

22 22 javax.crypto classes Cipher Mac KeyGenerator SecretKeyFactory SealedObject

23 23 Cipher DES, DESede, RSA, Blowfish, IDEA … Obtain a Cipher Object getInstance(algorithm/mode/padding) or getInstance(algorithm) or getInstance(algorithm, provider) eg “ DES/ECB/NoPadding ” or “ RSA ” Initialize init(mode, key) mode= ENCRYPT_MODE / DECRYPT_MODE

24 24 Cipher cont. Encrypt/Decrypt byte[] update(byte [] input) and variations byte[] doFinal(byte [] input) and variations Exceptions NoSuchAlgorithmException NoSuchPadding Exception InvalidKeyException

25 25 SealedObject Encrypts and encapsulates an encrypted object Encrypt SealedObject(Serializable, Cipher) Recover getObject(Cipher) or getObject(key) Cipher mode should be different!!

26 26 Wrapper Class : Crypto.java Adding a provider public Crypto() {java.security.Security.addProvider(new cryptix.provider.Cryptix());}

27 27 Enrcyption using RSA public synchronized byte[] encryptRSA(Serializable obj, PublicKey kPub) throws KeyException, IOException { try { Cipher RSACipher = Cipher.getInstance("RSA"); return encrypt(RSACipher, obj, kPub); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

28 28 Decryption using RSA public synchronized Object decryptRSA(byte[] msgE, PrivateKey kPriv) throws KeyException, IOException { try { Cipher RSACipher = Cipher.getInstance("RSA"); return decrypt(RSACipher, msgE, kPriv); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

29 29 Creating a signature public synchronized byte[] sign(byte[] msg, PrivateKey kPriv) throws SignatureException, KeyException, IOException { // Initialize the signature object for signing debug("Initializing signature."); try { Signature RSASig = Signature.getInstance("SHA-1/RSA/PKCS#1"); debug("Using algorithm: " + RSASig.getAlgorithm()); RSASig.initSign(kPriv); RSASig.update(msg); return RSASig.sign(); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

30 30 Verifying a signature public synchronized boolean verify(byte[] msg, byte[] sig, PublicKey kPub) throws SignatureException, KeyException { // Initialize the signature object for verifying debug("Initializing signature."); try { Signature RSASig = Signature.getInstance("SHA-1/RSA/PKCS#1"); RSASig.initVerify(kPub); RSASig.update(msg); return RSASig.verify(sig); } catch (NoSuchAlgorithmException e) { System.exit(1); } return false; }

Download ppt "1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:"

Similar presentations

Copyright © 2005 David M. Wheeler, All Rights Reserved Desert Code Camp: Introduction to Cryptography David M. Wheeler May 6 th 2006 Phoenix, Arizona.

Copyright © 2005 David M. Wheeler, All Rights Reserved Desert Code Camp: Introduction to Cryptography David M. Wheeler May 6 th 2006 Phoenix, Arizona.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Cryptography & The JCE Presented by Geoff Whittington, Fireball Technology Group.

Cryptography & The JCE Presented by Geoff Whittington, Fireball Technology Group.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
95-702 Distributed Systems1 Lecture 12: RSA. 95-702 Distributed Systems2 Plan for today: Introduce RSA and a toy example using small numbers. This is.

Distributed Systems1 Lecture 12: RSA Distributed Systems2 Plan for today: Introduce RSA and a toy example using small numbers. This is.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
The Java Crypto API ICW Lecture 3 Tom Chothia. Reminder of Last Time: Your programs defines “Classes”. Each class defines “Objects”. An Object is defined.

The Java Crypto API ICW Lecture 3 Tom Chothia. Reminder of Last Time: Your programs defines “Classes”. Each class defines “Objects”. An Object is defined.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.

Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.
Csci5233 Computer Security1 GS: Chapter 5 Asymmetric Encryption in Java.

Csci5233 Computer Security1 GS: Chapter 5 Asymmetric Encryption in Java.
CS255 Programming Project 1. Programming Project 1 Due: Friday Feb 8 th (11:59pm)‏ – Can use extension days Can work in pairs – One solution per pair.

CS255 Programming Project 1. Programming Project 1 Due: Friday Feb 8 th (11:59pm)‏ – Can use extension days Can work in pairs – One solution per pair.
Cheng-Chia Chen September 1999

Cheng-Chia Chen September 1999

Similar presentations

Ads by Google