Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.

Published byMariah Smith Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent."— Presentation transcript:

1 1 Session 4 Module 6: Digital signatures

2 Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent and flexible policy for applets and applications.  Types of Security Restrictions:  File Access Restrictions  Network Restrictions  Other Security Restrictions  Securing applet  Securing application

3 Digital Signatures / Session4 / 3 of 18 Module 4, 5 - Review (2)  Java Authentication & Authorization Service (JAAS) is an API that enables Java applications to access authentication & access control services without being tied to those services. Authentication Authorization  Cryptography is mechanism of encoding information in a secret coded form  JCA is the java security API is a new addition to library of java APIs. It is a framework written in java to access and develop cryptographic functionality  JCE is a set, it provides implements for encryption, key generation and agreement and message authentication code

4 Digital Signatures / Session4 / 4 of 18 Module 6 - Objectives  Introduction to Digital Signatures  Signing and verifying data using java tools  Signing and verifying data using security API

5 Digital Signatures / Session4 / 5 of 18 Digital signature  Digital signatures are used to digitally sign messages or objects.  Digital signatures is used to verify that the content of a message is unaltered, and help to identify the creator of a message.  Digital signature is used for: Ensuring message content integrity Verifying the authenticity of the message sender

6 Digital Signatures / Session4 / 6 of 18 How to create digital signature?  Digital signatures are generated by Public Key Cryptography, using public and private keys to encrypt and decrypt messages.  Public key: used by a receiver to decrypt a message  Private key: Used encrypt a message with his/her private key  Message digest: A message digest is a fixed-length result of converting the contents of a message into a hash-like a cyclic redundancy check SHA-1 and MD-5 are examples of algorithms for converting message text into a message digest

7 Digital Signatures / Session4 / 7 of 18 Working of digital signatures (1)  Digital signatures work by using the mechanisms of encryption and decryption.  Encryption A hash or a message digest is prepared using the Hashing Algorithm. The hashed data or message digest is encrypted using the sender’s private key. The digital signature and the sender’s public key are appended to the end of the message.

8 Digital Signatures / Session4 / 8 of 18 Working of digital signatures (2)  Decryption The receiver receives the message and a digital signed message digest. The receiver separately calculates a message digest for the received message. The receiver uses the sender’s public key to decrypt the signed message digest that was received and compares this to the independently calculated message digest. If the two digests do not match, the data may have been tampered with or the data may not be authentic or may not have been intended for the receiver.

9 Digital Signatures / Session4 / 9 of 18 Working of digital signatures (3) Message Message hash Sender Un-tampered Message New hash Receiver Calculate hash Encryption using hash Encrypted Message Signed hash+public key Calculate new hash Compared with signed hash

10 Digital Signatures / Session4 / 10 of 18 Drawbacks of digital signatures  Non-Repudiation Disclaiming responsibility for a sent message  Time Stamping Do not contain any record of the data and time when a particular document was signed

11 Digital Signatures / Session4 / 11 of 18 Digital Certificates  Digital certificates prevent impersonation by storing a widely known and distributed public key  A certification authority (CA) issues these certificates and ensures the validity of the public key contained in the certificate and the authenticity of the certificate owner.  Standards of digital certificates X.509:  was created by the international telephone standards body  is used by Microsoft’s Authenticode, Netscape’s Object Signing, and Marimba’s Channel Signing PGP (Pretty Good Privacy)  was developed by Phil Zimmermann  is used for encrypting, compressing and authenticating email messages and attachments.

12 Digital Signatures / Session4 / 12 of 18 Working with certificates  keytool utility can display, import and export certificates in addition to key pairs.  When a new public / private keypair is created, a self- signed certificate signed by the same entity that created the key pair is obtained.  The request for the certificate is made as follows:  Example: keytool –alias aptechkey –certreq –file test.txt

13 Digital Signatures / Session4 / 13 of 18 Verifying Data  Signing and Verifying Data using: Java Tools  Using Jar tool and Jarsigner tool Security API

14 Digital Signatures / Session4 / 14 of 18  Before java program can be digitally signed, it must be packaged into an archive form consisting of all class files and other files with the help of jar tool  jarsigner then digitally signs a java archive Example: jarsigner MyApplet.jar aptechkey  The key must have go through a verification process before use.  Password of the keystore and the password associated with the private key is required to authenticate an archive when the jarsigner is used.  The jarsigner is also used to verify a digitally signed archive by checking if the private key matches the Java archive. Using jar tool and jarsigner

15 Digital Signatures / Session4 / 15 of 18  Step 1: Generate a Key-Pair Generator KeyPairGenerator kpg = KeyPairGenerator.getInstance(“DSA”, “SUN”);  Step 2: Initialize the Key-Pair Generator SecureRandom r = SecureRandom.getInstance(“SHA1PRNG”,”SUN”); keyGenerator.initialize(1024,r); KeyPair p = keyGenerator.generateKeyPair(); PrivateKey privKey = p.getPrivate(); PublicKey pubKey = p.getPublic();  Step 3: Get a Signature Object Signature dsa = Signature.getInstance(“SHA1withDSA”,”SUN”);  Step 4: Initialize the Signature Object dsa.initPriv(privKey); Signing data using security API (1)

16 Digital Signatures / Session4 / 16 of 18 Signing data using security API (2)  Step 5: Supply the data to be signed to the Signature Object FileInputStream input = new FileInputStream(data.txt); BufferedInputStream inputBuf = new BufferedInputStream(input); byte [] dataBuffer = new byte[1024]; int len; while(inputBuf.available()!=0) { len = inputBuf.read(dataBuffer); dsa.update(databuffer,0,len); }  Step 6: Generate the Signature byte [] dataSignature = dsa.sign();  Step 7: Saving digital signature and public key in two different files

17 Digital Signatures / Session4 / 17 of 18 Verifying the signature  Create a Signature instance using the same signature algorithm as that used to generate the signature.  Initialize the signature instance with the public key.  Supply the signature object with the data to be verified by reading one byte array at a time.  Invoke the verify() method on the newly created Signature object to compare the two signatures.  The verify() method returns a Boolean value denoting the authenticity of the signature.

18 Digital Signatures / Session4 / 18 of 18 Module 6 - Summary  Digital signatures are used to digitally sign messages or objects to identify their creators  A digital certificate must be first imported as a trusted certificate and then the signature has to be verified to authenticate the sender  Signing and Verifying Data using: Java Tools Security API

Download ppt "1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:

1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
1 Lecture 5 George Koutsogiannakis/ Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES.

1 Lecture 5 George Koutsogiannakis/ Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming

Similar presentations

Ads by Google