220 likes | 543 Views
Topics. What is JCEWhat is in Sun's JCE ProviderArchitectureFeaturesInstallationPassword Based Encryption (PBE) PBE ExampleKey Agreement Protocols: Diffie-HellmanKAP ExampleOther PackagesConclusion. What is JCE. Provides a standard for encryption API'sProvides a frame work for multiple Cr
E N D
1. Java Cryptography Extension Richard Cannings
Department of Mathematics
University of Calgary
2. Topics What is JCE
What is in Suns JCE Provider
Architecture
Features
Installation
Password Based Encryption (PBE)
PBE Example
Key Agreement Protocols: Diffie-Hellman
KAP Example
Other Packages
Conclusion
3. What is JCE Provides a standard for encryption APIs
Provides a frame work for multiple Cryptography Service Providers (CSP)
Sun provides a reference Provider
Designed for Export
4. What is in Suns JCE Provider Symmetric Key Cryptosystems (SKC)
DES, Triple DES, Blowfish
Password Based Encryption (PBE)
MD5 with DES, MD5 with Triple DES
Message Authentication Codes (MAC)
MD5, SHA1
Key Agreement Protocols (KAP)
Diffie-Hellman
5. JCE Architecture
6. Features Unapproved Providers can not plugin
Providers unusable without framework
Crypto Strength is automatically configured by the jurisdiction of the application
7. Installation Download and Unzip JCE
Add all the JAR files as an extension
Set permissions for the JCE
8. Installation (Contd) Register the SunJCE Provider
Statically, by adding the following to java.security:
security.provider.N=com.sun.crypto.provider.SunJCE
Or dynamically, by adding the following into each application:
Security.addProvider(new com.sun.crypto.provider.SunJCE());
9. Password Based Encryption (PBE) A secure method of encrypting data with a password.
To encrypt, enter a password and to decrypt you must enter the exact same password. A Symmetric Key Cryptosystem (SKC)
10. PBE Example: Creating the Cipher Cipher c;
PBEParameterSpec paramSpec;
SecretKey passwordKey;
paramSpec = new PBEParameterSpec( salt, 20 );
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());
SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
passwordKey = kf.generateSecret( keySpec );
c = Cipher.getInstance("PBEWithMD5AndDES");
11. PBE Example: Encrypting public void encrypt(DataInputStream dis, DataOutputStream dos)
throws Exception {
c.init(Cipher.ENCRYPT_MODE, passwordKey, paramSpec);
CipherInputStream cis = new CipherInputStream( dis, c );
int i;
while ( (i = cis.read()) >= 0 ) {
dos.write(i);
}
}
12. Key Agreement Protocols: Diffie-Hellman Setup: An appropriate prime p and prime a, 2<a<p, are selected and publicly published.
Protocol Messages:
A sends B: ax % p, for any 1 <= x <= p-2
B sends A: ay % p, for any 1 <= y <= p-2
Protocol Actions:
B receives ax and calculates K=(ax)y
B receives ay and calculates K=(ay)x
13. KAP Example: Creating Key Pairs KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(dhSkipParamSpec);
// dbSkipParamSpec defines how the numbers will be create.
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
// Alice creates and initializes her DH KeyAgreement object
KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
aliceKeyAgree.init(aliceKpair.getPrivate());
// send byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded();
// to Bob.
// Bob will now to the same
14. KAP Example: Encoding the public key and perform the exponentiation KeyFactory bobKeyFac = KeyFactory.getInstance("DH");
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc);
PublicKey alicePubKey = bobKeyFac.generatePublic(x509KeySpec);
// perform the exponentiation
bobKeyAgree.doPhase(alicePubKey, true);
// Alice now does the same
15. Other Packages Baltimore KeyTools (http://www.baltimore.com)
RSA JSafe (in the JSSE) (http://www.rsasecurity.com)
16. Conclusion More flexible than JSSE
Completely free
including Baltimores KeyTool.
All the cryptography primitives necessary for secure, authenticated, and integral communication
17. Assignment Choose 1 of 2 assignments
Implement the DH Algorithm
Or
Add Public Key Cryptography to the ChatClient/ChatServer suite.