1 / 19

GS: Chapter 5 Asymmetric Encryption in Java

GS: Chapter 5 Asymmetric Encryption in Java. Topics. Ciphers, modes and padding Asymmetric encryption in Java Session key encryption File encryption/decryption using RSA Key agreement. Ciphers, Modes and Padding.

dmccarroll
Download Presentation

GS: Chapter 5 Asymmetric Encryption in Java

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. GS: Chapter 5Asymmetric Encryption in Java csci5233 Computer Security

  2. Topics • Ciphers, modes and padding • Asymmetric encryption in Java • Session key encryption • File encryption/decryption using RSA • Key agreement csci5233 Computer Security

  3. Ciphers, Modes and Padding • The ECB (Electronic Code Book) mode encrypts the plaintext a block at a time. • Asymmetric ciphers are almost always used in ECB mode. Why? • The block size is usually almost equal to the size of the key. Example: 1024-bit RSA ~= data block of 117 bytes csci5233 Computer Security

  4. Ciphers, Modes and Padding • When the size of the data is less than the size of the block, padding is needed. • RSA uses two forms of padding: PKCS#1 – the standard form of padding in RSA; insecure when used for encrypting plaintext with obvious patterns in it (like English text) OAEP (Optimal Asymmetric Encryption Padding) – an improvement on PKCS#1. csci5233 Computer Security

  5. Asymmetric encryption in Java • The steps of using asymmetric encryption in Java is similar to using symmetric encryption: • Create a key; • Create and initialize a cipher using the key; • Use the cipher to encrypt or decrypt, by specifying appropriate mode. • The main difference is that an asymmetric cipher requires a key pair: a public and a private key. csci5233 Computer Security

  6. Major Java Classes for Key Pairs • java.security.KeyPair public final class KeyPair extends Object implements Serializable • java.security.PublicKey public interface PublicKey extends Key This interface contains no methods or constants. It merely serves to group (and provide type safety for) all public key interfaces. Note: The specialized public key interfaces extend this interface. See, for example, the DSAPublicKey interface in java.security.interfaces. csci5233 Computer Security

  7. Major Java Classes for Key Pairs • java.security.PrivateKey Similar to the PublicKey interface, except that it is for the private key • java.security.KeyPairGenerator public abstract class KeyPairGenerator extends KeyPairGeneratorSpi • The KeyPairGenerator class is used to generate pairs of public and private keys. • Key pair generators are constructed using the getInstance factory methods. csci5233 Computer Security

  8. Session key encryption • Oddly enough, the greatest value in using asymmetric encryption is in encrypting symmetric keys. Why? (discussed earlier in Chapter 2) • Exercise: Explain how session key encryption works. • SimpleRSAExample.java (or find it at http://sce.cl.uh.edu/yang/teaching/proJavaSecurityCode.html) csci5233 Computer Security

  9. File encrypt/decrypt using RSA • Steps: • Use an AES session key to encrypt the file. (Note: Each file is encrypted by a different session key.) • Use RSA to encrypt the session key. • Store the encrypted session key inside the file. • Source code: FileEncryptorRSA.java csci5233 Computer Security

  10. File encrypt/decrypt using RSA • FileEncryptor is started with one of three options: -c: create key pair and write it to 2 files -e: encrypt a file, given as an argument -d: decrypt a file, given as an argument csci5233 Computer Security

  11. File encrypt/decrypt using RSA • Format of the encrypted file csci5233 Computer Security

  12. File encrypt/decrypt using RSA • The decryption steps csci5233 Computer Security

  13. Key agreement • javax.crypto Class KeyAgreement This class provides the functionality of a key agreement (or key exchange) protocol. For each of the correspondents in the key exchange, doPhase needs to be called. For example, if this key exchange is with one other party, doPhase needs to be called once, with the lastPhase flag set to true. csci5233 Computer Security

  14. Key agreement KeydoPhase(Key key, boolean lastPhase)Executes the next phase of this key agreement with the given key that was received from one of the other parties involved in this key agreement. csci5233 Computer Security

  15. Key agreement • If this key exchange is with two other parties, doPhase needs to be called twice, the first time setting the lastPhase flag to false, and the second time setting it to true. There may be any number of parties involved in a key exchange. • With the doPhase method, Diffie-Hellman allows any number of public keys to be added to perform a key agreement. csci5233 Computer Security

  16. Key agreement • Once all the keys have been passed in with doPhase( ), a call to generateSecret( ) will perform the actual key agreement and return a byte array that is the shared secret.  byte[] generateSecret()Generates the shared secret and returns it in a new buffer.  int generateSecret(byte[] sharedSecret, int offset)Generates the shared secret, and places it into the buffer sharedSecret, beginning at offset inclusive. SecretKeygenerateSecret(String algorithm)Creates the shared secret and returns it as a SecretKey object of the specified algorithm. csci5233 Computer Security

  17. csci5233 Computer Security

  18. Key agreement for a Chat Application • The sample application • KeyAgreementClient.java • KeyAgreementServer.java csci5233 Computer Security

  19. Next • Message digest, Digital signatures & Certificates (GS: 6) csci5233 Computer Security

More Related