Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:

Similar presentations


Presentation on theme: "1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:"— Presentation transcript:

1 1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website: http://java.sun.com

2 2 Goals Learn about JAVA Crypto Architecture How to use JAVA Crypto API ’ s Understand the JCE (Java Cryptography Extension) Be able to use java crypto functions (meaningfully) in your code JAAS (Java Authentication and Authorization Service) (Refer Java web site for JAAS details) JSSE (Java Secure Socket Extension) (Refer Java web site for JSSE details)

3 3 Introduction JDK Security API Core API for Java Built around the java.security package First release of JDK Security introduced "Java Cryptography Architecture" (JCA) Framework for accessing and developing cryptographic functionality JCA encompasses Parts of JDK 1.2 Security API related to cryptography Architecture that allows for multiple and interoperable cryptography implementations The Java Cryptography Extension (JCE) extends JCA Includes APIs for encryption, key exchange, and Message Authentication Code (MAC)

4 4 Java Cryptography Extension (JCE) Adds encryption, key exchange, key generation, message authentication code (MAC) Multiple “ providers ” supported Keys & certificates in “ keystore ” database Separate due to export control

5 5 JCE Architecture JCE: Cipher KeyAgreement KeyGenerator SecretKeyFactory MAC CSP 1 CSP 2 SPI API App 1App 2

6 6 Design Principles Implementation independence and interoperability "provider “ based architecture Set of packages implementing cryptographic services digital signature algorithms Programs request a particular type of object Various implementations working together, use each other's keys, or verify each other's signatures Algorithm independence and extensibility Cryptographic classes providing the functionality Classes are called engine classes, example Signature Addition of new algorithms straight forward

7 7 Building Blocks Key Certificate Keystore Message Digest Digital Signature SecureRandom Cipher MAC

8 8 Engine Classes and SPI Interface to specific type of cryptographic service Defines API methods to access cryptographic service Actual implementation specific to algorithms For example : Signature engine class Provides access to the functionality of a digital signature algorithm Actual implementation supplied by specific algorithm subclass "Service Provider Interface" (SPI) Each engine class has a corresponding abstract SPI class Defines the Service Provider Interface to be used by implementors SPI class is abstract - To supply implementation, provider must subclass

9 9 JCA Implementation SPI (Service Provider Interface) say FooSpi Engine Foo Algorithm MyAlgorithm Foo f = Foo.getInstance(MyAlgorithm);

10 10 General Usage No need to call constructor directly Define the algorithm reqd. getInstance() Initialize the keysize init() or initialize() Use the Object generateKey() or doFinal()

11 11 java.security classes Key KeyPair KeyPairGenerator KeyFactory Certificate CertificateFactory Keystore MessageDigest Signature SignedObject SecureRandom

12 12 Key Types SecretKey PublicKey PrivateKey Methods getAlgorthm() getEncoded() KeyPair= {PrivateKey, PublicKey}

13 13 KeyGenerator Generates instances of key Requires Algorithm getInstance(algo) Keylength, (random) Initialize(param, random) Generates required key/keypair

14 14 KeyFactory/SecretKeyFactory Converts a KeySpec into Keys KeySpec Depends on the algorithm Usually a byte[] (DES) Could also be a set of numbers (DSA) Required when the key is encoded and transferred across the network

15 15 Certificate Problem Java.security.Certificate is an interface Java.security.cert.Certificate is a class Which one to use when you ask for a Certificate? Import only the correct type Avoid “ import java.security.* ” Use X509Certificate

16 16 KeyStore Access to a physical keystore Can import/export certificates Can import keys from certificates Certificate.getPublicKey() Certificate.getPrivateKey() Check for certificate validity Check for authenticity

17 17 keytool Reads/writes to a keystore Unique alias for each certificate Password Encrypted Functionality Import Sign Request Export NOTE: Default is DSA !

18 18 Signature DSA, RSA Obtain a Signature Object getInstance(algo) getInstance(algorithm,provider)

19 19 Signature (signing) Initialize for signing initSign(PrivateKey) Give the data to be signed update(byte [] input) and variations doFinal(byte [] input) and variations Sign byte[] Signature.sign() NOTE: Signature does not contain the actual signature

20 20 Signature (verifying) Initialize for verifying initVerify(PublicKey) Give the data to be verifieded update(byte [] input) and variations doFinal(byte [] input) and variations Verify boolean Signature.verify()

21 21 SignedObject Signs and encapsulates a signed object Sign SignedObject(Serializable, Signature) Recover Object getContent() byte[] getSignature() Verify Verify(PublicKey, Signature) ! Need to initialize the instance of the signature

22 22 javax.crypto classes Cipher Mac KeyGenerator SecretKeyFactory SealedObject

23 23 Cipher DES, DESede, RSA, Blowfish, IDEA … Obtain a Cipher Object getInstance(algorithm/mode/padding) or getInstance(algorithm) or getInstance(algorithm, provider) eg “ DES/ECB/NoPadding ” or “ RSA ” Initialize init(mode, key) mode= ENCRYPT_MODE / DECRYPT_MODE

24 24 Cipher cont. Encrypt/Decrypt byte[] update(byte [] input) and variations byte[] doFinal(byte [] input) and variations Exceptions NoSuchAlgorithmException NoSuchPadding Exception InvalidKeyException

25 25 SealedObject Encrypts and encapsulates an encrypted object Encrypt SealedObject(Serializable, Cipher) Recover getObject(Cipher) or getObject(key) Cipher mode should be different!!

26 26 Wrapper Class : Crypto.java Adding a provider public Crypto() {java.security.Security.addProvider(new cryptix.provider.Cryptix());}

27 27 Enrcyption using RSA public synchronized byte[] encryptRSA(Serializable obj, PublicKey kPub) throws KeyException, IOException { try { Cipher RSACipher = Cipher.getInstance("RSA"); return encrypt(RSACipher, obj, kPub); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

28 28 Decryption using RSA public synchronized Object decryptRSA(byte[] msgE, PrivateKey kPriv) throws KeyException, IOException { try { Cipher RSACipher = Cipher.getInstance("RSA"); return decrypt(RSACipher, msgE, kPriv); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

29 29 Creating a signature public synchronized byte[] sign(byte[] msg, PrivateKey kPriv) throws SignatureException, KeyException, IOException { // Initialize the signature object for signing debug("Initializing signature."); try { Signature RSASig = Signature.getInstance("SHA-1/RSA/PKCS#1"); debug("Using algorithm: " + RSASig.getAlgorithm()); RSASig.initSign(kPriv); RSASig.update(msg); return RSASig.sign(); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

30 30 Verifying a signature public synchronized boolean verify(byte[] msg, byte[] sig, PublicKey kPub) throws SignatureException, KeyException { // Initialize the signature object for verifying debug("Initializing signature."); try { Signature RSASig = Signature.getInstance("SHA-1/RSA/PKCS#1"); RSASig.initVerify(kPub); RSASig.update(msg); return RSASig.verify(sig); } catch (NoSuchAlgorithmException e) { System.exit(1); } return false; }


Download ppt "1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:"

Similar presentations


Ads by Google