300 likes | 437 Views
Security in Java. TWO DISTINCT TOPICS Support for security in java.security.* API Building your own sandbox using java.lang.SecurityManager. Security API. The Java Security API in JDK 1.1 is incomplete and will change in future releases.
E N D
Security in Java • TWO DISTINCT TOPICS • Support for security in java.security.* API • Building your own sandbox using java.lang.SecurityManager
Security API • The Java Security API in JDK 1.1 is incomplete and will change in future releases. • It is not possible to import or export public or private keys used to generate and verify digital signatures. • A separate release (Java Cryptography Extensions) provides API and algorithms relating to encryption and decryption.
Security • Support for specific certificate formats is also not available. • Use the JDK 1.1 Java Security API interfaces and classes at your own risk and in full knowledge that some will be modified, expanded, replaced, or eliminated in future releases.
Vocabulary • Public Key • A number that is advertised by an entity that together with a private key can be used for secure messages. To send an encrypted message I encode it with the public key of the sender. • Private Key • A number known only to an entity participating in encryption
Vocabulary • Digital Signature • A string of bits that is computed from some data (the data being "signed") and the private key of an entity. The signature can be used to verify that the data came from the entity. • Message Digest • A one way hash function • Message digest algorithms produce unique and reliable identifiers of data. The digests are sometimes called "digital fingerprints" of data.
Vocabulary • Certificate • A digitally signed statement from one entity, saying that the public key of some other entity has some particular value. If you trust the entity that signed a certificate, you trust that the association in the certificate between the specified public key and another particular entity is authentic.
Vocabulary • Encryption • The process of taking data (called cleartext) and a short string (a key) and producing ciphertext, which is data meaningless to a third-party who does not know the key • Decryption • The inverse of encryption; the process of taking ciphertext and a short key string, and producing cleartext.
Java Security API • defines classes that provide functionality for a type of cryptography algorithm • MessageDigest class • Signature class • KeyPairGenerator class • Instances of the classes are used to carry out the operations
Security Bridges • The classes only provide access to the functionality of a type of algorithm. • The algorithms come from “providers”
Default Algorithms • JDK default provider “SUN” supplies implementations of the DSA algorithm for digital signatures • MD5 and SHA-1 for message digests • No default key management is provided.
Encryption and Decryption • APIs for data encryption and decryption, together with some default algorithm implementations, will be released separately in a "Java Cryptography Extension" (JCE); an add-on package to JDK, in accordance with U.S. export control regulations.
Signature Class • The Signature class is an designed to provide the functionality of a digital signature algorithm such as DSA or RSA with MD5. A signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
Signature Properties • Given the public key corresponding to the private key used to generate the signature, it is possible to verify the authenticity and integrity of the input. • The signature and the public key do not reveal anything about the private key.
Signature Objects • A Signature object can be used to generate a digital signature for data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
The MessageDigest Class • The MessageDigest class provide the functionalitys of cryptographically secure Message Digest Algorithms message such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest. A digest has the following properties:
MessageDigest Properties • It is computationally infeasible to find another input string that will generate the same digest. • The digest does not reveal anything about the input that was used to generate it.
MessageDigest Objects • Message digest objects are used to produce the unique and reliable identifiers of data sometimes called the "digital fingerprints" of data
Key Interfaces • The Key interface is the top-level interface for all keys. It defines the functionality shared by all key objects. All keys have three characteristics
Key Characteristics • An Algorithm • An Encoded Form (a representation for use outside of Java) • A Format (the name of the Encoded Form)
Key objects • Keys are generally obtained through key generators, certificates, or various Identity classes used to manage keys
The PublicKey and PrivateKey Interfaces • The PublicKey and PrivateKey interfaces are method-less interfaces, used for type-safety and type-identification for public keys and private keys
The KeyPair Class • The KeyPair class is a simple holder for a key pair (a public key and a private key). It has two public methods, one for returning the private key, and the other for returning the public key
The KeyPairGenerator Class • The KeyPairGenerator class is used to generate pairs of public and private keys
Security Managers • A security manager is an object that determines whether potentially threatening operations should be allowed. The System class is used to get and set a security Manager. • Each java application can have its own security manager objects that acts as a security guard..
Security Manager Class • The Security Manager Class is an abstract class that provides a programming interface and partial implementation for security managers. • By default applications have no security manager. • Browsers and applet viewers do create a security manager.
Application Security Managers • Programmer must write a security manager • Applications must install a security manager
Writing a Security Manager • create a subclass of the SecurityManager class • override methods to customize the verifications and approvals needed by your application.
Overriding • All of SecurityManager's checkXXX() methods operate in the same way: • If access is allowed, the method returns. • If access is not allowed, the method throws a SecurityException.
Default • The default implementation provided by the SecurityManager class is public void checkXXX(...) { //disallow throw new SecurityException(); } • So you probably have to override a lot of methods.
Installing • To install a security manager the setSecurityManager method of the class System is used System.setSecurityManager( new MySecurityManager());