1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:

Slides:



Advertisements
Similar presentations
Copyright © 2005 David M. Wheeler, All Rights Reserved Desert Code Camp: Introduction to Cryptography David M. Wheeler May 6 th 2006 Phoenix, Arizona.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Cryptography & The JCE Presented by Geoff Whittington, Fireball Technology Group.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Distributed Systems1 Lecture 12: RSA Distributed Systems2 Plan for today: Introduce RSA and a toy example using small numbers. This is.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
The Java Crypto API ICW Lecture 3 Tom Chothia. Reminder of Last Time: Your programs defines “Classes”. Each class defines “Objects”. An Object is defined.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.
Csci5233 Computer Security1 GS: Chapter 5 Asymmetric Encryption in Java.
CS255 Programming Project 1. Programming Project 1 Due: Friday Feb 8 th (11:59pm)‏ – Can use extension days Can work in pairs – One solution per pair.
Cheng-Chia Chen September 1999
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.
CSCI 6962: Server-side Design and Programming
Java supports encryption by a wide variety of packages: The standard java.security package The standard javax.crypto package Packages supplied by third.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
Java and Security Cryptography, Symmetric Key, Public Key, Authentication, Digital Signatures, Message Digests.
Signing, Sealing, and Guarding Java TM Objects Li Gong and Roland Schemers Javasoft, Sun Microsystems, Inc. “In This Paper, We Describe a Few New Constructs.
Content  Introduction  Signing, sealing and guarding Java object Motivation Design ( in terms of API ) Performance  Summary.
MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Unit 1: Protection and Security for Grid Computing Part 2
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
ECommerce for software ICE525 Chung Sukwon, Lee Ilnam.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Computer Network Lab. Encryption 컴퓨터 네트워크 실험실 조한진 / 이희규.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
COMPS311F Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
What is Digital Signature A digital signature is a bit of stream through which many things like verification of origin of document,the identity of the.
Networking with Java Carl Gunter ( ) Arvind Easwaran ( ) Michael May ( )
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
1 Session 3 Module 4: Java Security Module 5: Cryptography.
Csci5931 Web Security1 GS: Chapter 3 Encryption, Authentication and Java Cryptography.
Jaas Introduction. Outline l General overview of Java security Java 2 security model How is security maintained by Java and JVM? How can a programmer.
A Java implemented key collision attack on the Data Encryption Standard (DES) John Loughran, Tom Dowling NUI, Maynooth, Co. Kildare, Ireland PPPJ ‘03.
Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.
Dôležité triedy a interface: Cipher MAC SecureRandom KeyGenerator KeyPairGenerator Signature KeyStore.
1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.
©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.
MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
JCA, Cryptography for Java Programmer Shawn Shuang Zhang CS 627.
SOA Seminar1 Seminar on Service Oriented Architecture RSA.
Java Cryptography Nick Pullman DSU-MSIA Citigroup Information Security
“Java Cryptography” By Karim Kilany CSCI 485 Presentation Dr.Sherif Aly.
LAB#4 PROGRAMMING USING JAVA CRYPTOGRAPHIC LIBRARIES CPIT 425.
Java Assignment Related
Lab#7 Digital signature Cpit 425
Digital Signatures Assignment
CIPHER SUITE Each name has an algorithm divided into four parts: protocol, key exchange algorithm, encryption algorithm, and checksum. For example, the.
Presentation transcript:

1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:

2 Goals Learn about JAVA Crypto Architecture How to use JAVA Crypto API ’ s Understand the JCE (Java Cryptography Extension) Be able to use java crypto functions (meaningfully) in your code JAAS (Java Authentication and Authorization Service) (Refer Java web site for JAAS details) JSSE (Java Secure Socket Extension) (Refer Java web site for JSSE details)

3 Introduction JDK Security API Core API for Java Built around the java.security package First release of JDK Security introduced "Java Cryptography Architecture" (JCA) Framework for accessing and developing cryptographic functionality JCA encompasses Parts of JDK 1.2 Security API related to cryptography Architecture that allows for multiple and interoperable cryptography implementations The Java Cryptography Extension (JCE) extends JCA Includes APIs for encryption, key exchange, and Message Authentication Code (MAC)

4 Java Cryptography Extension (JCE) Adds encryption, key exchange, key generation, message authentication code (MAC) Multiple “ providers ” supported Keys & certificates in “ keystore ” database Separate due to export control

5 JCE Architecture JCE: Cipher KeyAgreement KeyGenerator SecretKeyFactory MAC CSP 1 CSP 2 SPI API App 1App 2

6 Design Principles Implementation independence and interoperability "provider “ based architecture Set of packages implementing cryptographic services digital signature algorithms Programs request a particular type of object Various implementations working together, use each other's keys, or verify each other's signatures Algorithm independence and extensibility Cryptographic classes providing the functionality Classes are called engine classes, example Signature Addition of new algorithms straight forward

7 Building Blocks Key Certificate Keystore Message Digest Digital Signature SecureRandom Cipher MAC

8 Engine Classes and SPI Interface to specific type of cryptographic service Defines API methods to access cryptographic service Actual implementation specific to algorithms For example : Signature engine class Provides access to the functionality of a digital signature algorithm Actual implementation supplied by specific algorithm subclass "Service Provider Interface" (SPI) Each engine class has a corresponding abstract SPI class Defines the Service Provider Interface to be used by implementors SPI class is abstract - To supply implementation, provider must subclass

9 JCA Implementation SPI (Service Provider Interface) say FooSpi Engine Foo Algorithm MyAlgorithm Foo f = Foo.getInstance(MyAlgorithm);

10 General Usage No need to call constructor directly Define the algorithm reqd. getInstance() Initialize the keysize init() or initialize() Use the Object generateKey() or doFinal()

11 java.security classes Key KeyPair KeyPairGenerator KeyFactory Certificate CertificateFactory Keystore MessageDigest Signature SignedObject SecureRandom

12 Key Types SecretKey PublicKey PrivateKey Methods getAlgorthm() getEncoded() KeyPair= {PrivateKey, PublicKey}

13 KeyGenerator Generates instances of key Requires Algorithm getInstance(algo) Keylength, (random) Initialize(param, random) Generates required key/keypair

14 KeyFactory/SecretKeyFactory Converts a KeySpec into Keys KeySpec Depends on the algorithm Usually a byte[] (DES) Could also be a set of numbers (DSA) Required when the key is encoded and transferred across the network

15 Certificate Problem Java.security.Certificate is an interface Java.security.cert.Certificate is a class Which one to use when you ask for a Certificate? Import only the correct type Avoid “ import java.security.* ” Use X509Certificate

16 KeyStore Access to a physical keystore Can import/export certificates Can import keys from certificates Certificate.getPublicKey() Certificate.getPrivateKey() Check for certificate validity Check for authenticity

17 keytool Reads/writes to a keystore Unique alias for each certificate Password Encrypted Functionality Import Sign Request Export NOTE: Default is DSA !

18 Signature DSA, RSA Obtain a Signature Object getInstance(algo) getInstance(algorithm,provider)

19 Signature (signing) Initialize for signing initSign(PrivateKey) Give the data to be signed update(byte [] input) and variations doFinal(byte [] input) and variations Sign byte[] Signature.sign() NOTE: Signature does not contain the actual signature

20 Signature (verifying) Initialize for verifying initVerify(PublicKey) Give the data to be verifieded update(byte [] input) and variations doFinal(byte [] input) and variations Verify boolean Signature.verify()

21 SignedObject Signs and encapsulates a signed object Sign SignedObject(Serializable, Signature) Recover Object getContent() byte[] getSignature() Verify Verify(PublicKey, Signature) ! Need to initialize the instance of the signature

22 javax.crypto classes Cipher Mac KeyGenerator SecretKeyFactory SealedObject

23 Cipher DES, DESede, RSA, Blowfish, IDEA … Obtain a Cipher Object getInstance(algorithm/mode/padding) or getInstance(algorithm) or getInstance(algorithm, provider) eg “ DES/ECB/NoPadding ” or “ RSA ” Initialize init(mode, key) mode= ENCRYPT_MODE / DECRYPT_MODE

24 Cipher cont. Encrypt/Decrypt byte[] update(byte [] input) and variations byte[] doFinal(byte [] input) and variations Exceptions NoSuchAlgorithmException NoSuchPadding Exception InvalidKeyException

25 SealedObject Encrypts and encapsulates an encrypted object Encrypt SealedObject(Serializable, Cipher) Recover getObject(Cipher) or getObject(key) Cipher mode should be different!!

26 Wrapper Class : Crypto.java Adding a provider public Crypto() {java.security.Security.addProvider(new cryptix.provider.Cryptix());}

27 Enrcyption using RSA public synchronized byte[] encryptRSA(Serializable obj, PublicKey kPub) throws KeyException, IOException { try { Cipher RSACipher = Cipher.getInstance("RSA"); return encrypt(RSACipher, obj, kPub); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

28 Decryption using RSA public synchronized Object decryptRSA(byte[] msgE, PrivateKey kPriv) throws KeyException, IOException { try { Cipher RSACipher = Cipher.getInstance("RSA"); return decrypt(RSACipher, msgE, kPriv); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

29 Creating a signature public synchronized byte[] sign(byte[] msg, PrivateKey kPriv) throws SignatureException, KeyException, IOException { // Initialize the signature object for signing debug("Initializing signature."); try { Signature RSASig = Signature.getInstance("SHA-1/RSA/PKCS#1"); debug("Using algorithm: " + RSASig.getAlgorithm()); RSASig.initSign(kPriv); RSASig.update(msg); return RSASig.sign(); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

30 Verifying a signature public synchronized boolean verify(byte[] msg, byte[] sig, PublicKey kPub) throws SignatureException, KeyException { // Initialize the signature object for verifying debug("Initializing signature."); try { Signature RSASig = Signature.getInstance("SHA-1/RSA/PKCS#1"); RSASig.initVerify(kPub); RSASig.update(msg); return RSASig.verify(sig); } catch (NoSuchAlgorithmException e) { System.exit(1); } return false; }

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.