LAB#4 PROGRAMMING USING JAVA CRYPTOGRAPHIC LIBRARIES CPIT 425

Java API  API : Application Programming Interface  2

Views Main Information Area Classes Packages 3

Cryptographic libraries  The cryptography APIs are organized into two distinct packages.  javax.crypto  javax.crypto package: Provides the classes and interfaces for cryptographic operations include encryption, key generation and key agreement, and Message Authentication Code (MAC) generation.  java.security  java.security package: Provides the classes and interfaces to support the generation and storage of cryptographic public key pairs, as well as a number of exportable cryptographic operations including those for message digest and signature generation. 4

javax.crypto package  It is composed of many classes.  There are a few core classes you should know: 1-The Cipher class 2-The Cipher Stream classes 3-The KeyGenerator class 4-The KeyAgreement class 5-The Mac Class  /package-summary.html /package-summary.html 5

Cipher class  It is core class that is required in every cryptographic program.  This class provides the functionality of a cryptographic cipher for encryption and decryption.  To create a Cipher object:  Call the Cipher's getInstance method  Pass the name of the requested transformation to it. And optionally, the name of a provider may be specified. A transformation is a string that describes the operation (or set of operations) to be performed on the given input, to produce some output. It includes: name of a cryptographic algorithm (e.g., DES) a feedback mode (optional) followed by padding scheme. (optional) 6

Cipher class i.e. transformation is of the form: "algorithm/mode/padding" or "algorithm“  For example: Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");  To Initialize the cipher object: it must be initialized using the method : init(mode, key).  Mode is one of the class fields : Cipher.ENCRYPT_MODE or Cipher.DECRYPT_MODE and …  Example: c.init(Cipher.ENCRYPT_MODE, secretkey);  method update() can be called any number of times to pass byte arrays for encryption or decryption  For termination: by a doFinal() method : c.doFinal(); 7

Cipher class  For example, the following two lines use the cipher and key instances you created to encrypt a byte array called textBytes.  The result is stored in a byte array called encryptedBytes. Cipher c= Cipher.getInstance(“DES/ECB/PKCS5Padding”); c.init(Cipher.ENCRYPT_MODE, key); byte[] encryptedBytes = c.doFinal( textBytes ); 8

Cipher Stream classes Secure streams are provided by the CipherInputStream and CipherOutputStream classes. 1. CipherInputStream Class:  It is composed of an InputStream and a Cipher.  if the embedded Cipher has been initialized for decryption, the CipherInputStream will attempt to decrypt the data it reads from the underlying InputStream before returning them to the application.  Ex: FileInputStream fis = new FileInputStream("a.txt"); CipherInputStream cis = new CipherInputStream(fis, cipher1); 9

Cipher Stream classes 2. CipherOutputStream Class:  It is composed of an OutputStream and a Cipher.  if the embedded Cipher has been initialized for encryption, the CipherOutputStream will encrypt its data, before writing them out to the underlying output stream.  EX: FileOutputStream fos = new FileOutputStream("b.txt"); CipherOutputStream cos = new CipherOutputStream(fos, cipher1); 10

KeyGenerator class  This class provides the functionality of a (symmetric) key generator.  KeyGenerator objects are reusable, i.e., after a key has been generated, the same KeyGenerator object can be re-used to generate further keys.  There are two ways to generate a key:  Algorithm-Independent Initialization  Algorithm-Specific Initialization  For generating keys use a getInstance() and pass in the algorithm as a string,also you have to implement generateKey() method.  Ex: KeyGenerator kg= KeyGenerator.getInstance("DES"); Key key =kg.generateKey(); 11

KeyAgreement class  This class provides methods for key agreement(or key exchange) protocol such as the Diffie-Hellman protocol.  It provides an engine for the implementation of a key agreement algorithm.  This class allows for two cooperating parties to generate the same secret key while preventing parties unrelated to the agreement from generating the same key. 12

Mac Class  This class provides the functionality of a "Message Authentication Code" (MAC) algorithm.  Similar to Cipher class, the Mac class is initialized to specify what MAC algorithm and key that should be used.  Then, it computes the MAC based on operations such as update(), doFinal() similar to Cipher class methods. 13

Need to do…  Study these slides well,,, you will need them next labs. GOOD LUCK 14