1 / 30

Goals

Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website: http://java.sun.com. Goals. Learn about JAVA Crypto Architecture How to use JAVA Crypto API ’ s Understand the JCE (Java Cryptography Extension)

amadis
Download Presentation

Goals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HomeworkStudy Java CryptographybyReading the rest of slidesand accessing Sun’s Java website: http://java.sun.com

  2. Goals • Learn about JAVA Crypto Architecture • How to use JAVA Crypto API’s • Understand the JCE (Java Cryptography Extension) • Be able to use java crypto functions (meaningfully) in your code • JAAS (Java Authentication and Authorization Service) (Refer Java web site for JAAS details) • JSSE (Java Secure Socket Extension) (Refer Java web site for JSSE details)

  3. Introduction • JDK Security API • Core API for Java • Built around the java.security package • First release of JDK Security introduced "Java Cryptography Architecture" (JCA) • Framework for accessing and developing cryptographic functionality • JCA encompasses • Parts of JDK 1.2 Security API related to cryptography • Architecture that allows for multiple and interoperable cryptography implementations • The Java Cryptography Extension (JCE) extends JCA • Includes APIs for encryption, key exchange, and Message Authentication Code (MAC)

  4. Java Cryptography Extension (JCE) • Adds encryption, key exchange, key generation, message authentication code (MAC) • Multiple “providers” supported • Keys & certificates in “keystore” database • Separate due to export control

  5. JCE Architecture App 1 App 2 API JCE: Cipher KeyAgreement KeyGenerator SecretKeyFactory MAC SPI CSP 2 CSP 1

  6. Design Principles • Implementation independence and interoperability • "provider“ based architecture • Set of packages implementing cryptographic services • digital signature algorithms • Programs request a particular type of object • Various implementations working together, use each other's keys, or verify each other's signatures • Algorithm independence and extensibility • Cryptographic classes providing the functionality • Classes are called engine classes, example Signature • Addition of new algorithms straight forward

  7. Building Blocks • Key • Certificate • Keystore • Message Digest • Digital Signature • SecureRandom • Cipher • MAC

  8. Engine Classes and SPI • Interface to specific type of cryptographic service • Defines API methods to access cryptographic service • Actual implementation specific to algorithms • For example : Signature engine class • Provides access to the functionality of a digital signature algorithm • Actual implementation supplied by specific algorithm subclass • "Service Provider Interface" (SPI) • Each engine class has a corresponding abstract SPI class • Defines the Service Provider Interface to be used by implementors • SPI class is abstract - To supply implementation, provider must subclass

  9. JCA Implementation • SPI (Service Provider Interface) • say FooSpi • Engine • Foo • Algorithm • MyAlgorithm • Foo f = Foo.getInstance(MyAlgorithm);

  10. General Usage • No need to call constructor directly • Define the algorithm reqd. • getInstance() • Initialize the keysize • init() or initialize() • Use the Object • generateKey() or doFinal()

  11. java.security classes • Key • KeyPair • KeyPairGenerator • KeyFactory • Certificate • CertificateFactory • Keystore • MessageDigest • Signature • SignedObject • SecureRandom

  12. Key • Types • SecretKey • PublicKey • PrivateKey • Methods • getAlgorthm() • getEncoded() • KeyPair= {PrivateKey, PublicKey}

  13. KeyGenerator • Generates instances of key • Requires Algorithm • getInstance(algo) • Keylength, (random) • Initialize(param, random) • Generates required key/keypair

  14. KeyFactory/SecretKeyFactory • Converts a KeySpec into Keys • KeySpec • Depends on the algorithm • Usually a byte[] (DES) • Could also be a set of numbers (DSA) • Required when the key is encoded and transferred across the network

  15. Certificate • Problem • Java.security.Certificate is an interface • Java.security.cert.Certificate is a class • Which one to use when you ask for a Certificate? • Import only the correct type • Avoid “import java.security.*” • Use X509Certificate

  16. KeyStore • Access to a physical keystore • Can import/export certificates • Can import keys from certificates • Certificate.getPublicKey() • Certificate.getPrivateKey() • Check for certificate validity • Check for authenticity

  17. keytool • Reads/writes to a keystore • Unique alias for each certificate • Password Encrypted • Functionality • Import • Sign Request • Export NOTE: Default is DSA !

  18. Signature • DSA, RSA • Obtain a Signature Object • getInstance(algo) • getInstance(algorithm,provider)

  19. Signature (signing) • Initialize for signing • initSign(PrivateKey) • Give the data to be signed • update(byte [] input) and variations • doFinal(byte [] input) and variations • Sign • byte[] Signature.sign() NOTE: Signature does not contain the actual signature

  20. Signature (verifying) • Initialize for verifying • initVerify(PublicKey) • Give the data to be verifieded • update(byte [] input) and variations • doFinal(byte [] input) and variations • Verify • boolean Signature.verify()

  21. SignedObject • Signs and encapsulates a signed object • Sign • SignedObject(Serializable, Signature) • Recover • Object getContent() • byte[] getSignature() • Verify • Verify(PublicKey, Signature) ! Need to initialize the instance of the signature

  22. javax.crypto classes • Cipher • Mac • KeyGenerator • SecretKeyFactory • SealedObject

  23. Cipher • DES, DESede, RSA, Blowfish, IDEA … • Obtain a Cipher Object • getInstance(algorithm/mode/padding) • or getInstance(algorithm) • or getInstance(algorithm, provider) eg “DES/ECB/NoPadding” or “RSA” • Initialize • init(mode, key) • mode= ENCRYPT_MODE / DECRYPT_MODE

  24. Cipher cont. • Encrypt/Decrypt • byte[] update(byte [] input) and variations • byte[] doFinal(byte [] input) and variations • Exceptions • NoSuchAlgorithmException • NoSuchPadding Exception • InvalidKeyException

  25. SealedObject • Encrypts and encapsulates an encrypted object • Encrypt • SealedObject(Serializable, Cipher) • Recover • getObject(Cipher) • or getObject(key) Cipher mode should be different!!

  26. Wrapper Class : Crypto.java • Adding a provider • public Crypto() { java.security.Security.addProvider(new cryptix.provider.Cryptix());}

  27. Enrcyption using RSA public synchronized byte[] encryptRSA(Serializable obj, PublicKey kPub) throws KeyException, IOException { try { Cipher RSACipher = Cipher.getInstance("RSA"); return encrypt(RSACipher, obj, kPub); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

  28. Decryption using RSA public synchronized Object decryptRSA(byte[] msgE, PrivateKey kPriv) throws KeyException, IOException { try { Cipher RSACipher = Cipher.getInstance("RSA"); return decrypt(RSACipher, msgE, kPriv); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

  29. Creating a signature public synchronized byte[] sign(byte[] msg, PrivateKey kPriv) throws SignatureException, KeyException, IOException { // Initialize the signature object for signing debug("Initializing signature."); try { Signature RSASig = Signature.getInstance("SHA-1/RSA/PKCS#1"); debug("Using algorithm: " + RSASig.getAlgorithm()); RSASig.initSign(kPriv); RSASig.update(msg); return RSASig.sign(); } catch (NoSuchAlgorithmException e) { System.exit(1); } return null; }

  30. Verifying a signature public synchronized boolean verify(byte[] msg, byte[] sig, PublicKey kPub) throws SignatureException, KeyException { // Initialize the signature object for verifying debug("Initializing signature."); try { Signature RSASig = Signature.getInstance("SHA-1/RSA/PKCS#1"); RSASig.initVerify(kPub); RSASig.update(msg); return RSASig.verify(sig); } catch (NoSuchAlgorithmException e) { System.exit(1); } return false; }

More Related