Scribd
Upload
2 views4 pages

Lect 3

Uploaded by

rachelsteelbird
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views4 pages

Lect 3

Uploaded by

rachelsteelbird
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Java Support for Cryptography

Java Cryptography Architecture (JCA)


Chapter 3

 Separate concepts, algorithms, and implementations

Introduction to Java Cryptography 


Concepts: e.g. ciphers, signatures, message digests, …
Algorithms: e.g. RSA, DSA, MD5, …
 Implementations: supplied by different cryptographic
providers, e.g. Sun
 java.security.*
 Java Cryptography Extension (JCE)
 Supports encryption/decryption
 javax.crypto.*
 In the past, separate from standard JDK due to US export
restrictions
 Now integrated into J2SE

Algorithms and Implementation


Cryptographic Concept Classes Providers
 Java provides many cryptographic objects  Different algorithms for same cryptographic concept
Example: a MessageDigest object

 Different implementations for the same algorithm
 This is not a message digest (bit string), but rather, an

object for creating and using a message digest  Provided by different providers
Default provider: SUN / SunJCE
 These objects are created using factory methods 

 getInstance()
 A static method (i.e. class method), does not need an  General idea of Java cryptography: encapsulation
instance to run. Invoked directly from a class (similar to
Math.sqrt(), Integer.valueOf(), …)  Algorithm/implementation details hidden from programmers
 Returns an instance (i.e. object) of a class  Only need to know the concepts
 E.g. MessageDigest.getInstance(“MD5”) is invoked on
the MeesageDigest class directly, to create an object of
class MessageDigest

3 4
Random Numbers Keys in Java
 What is random?  Recall: what is a key?
 Uniform distribution; independence  A parameter to a cipher (e.g. the value n in rot-n)
 Why need random?  A numeric value, or equivalently, a bit string
 Many cryptographic algorithms use random numbers for  Different values of key gives different encryption results
initialization
 As session information to avoid some attacks  Key size:
Usually long (e.g. 512 bits) for security (prevent brute-force
 How to generate random numbers? 

attack)
 Unfortunately, computers are deterministic, and are bad at
generating true random numbers  Too long will make program slow
 Pseudorandom number generator (PRNG): looks random  In Java, a key is represented by an interface
(unpredictable)  Hides implementation detail
 java.util.Random
 Not secure enough
 java.security.SecureRandom: a secure PRNG
5 6

The java.security.Key interface Extensions of the Key Interface


 All keys have  Specific interfaces defined for secret keys or
 An algorithm: the algorithm for which the key works public/private keys
 An encoded form: a representation as a byte array  For clarity and type safety only; no new methods
 javax.crypto.SecretKey
 A format: the format of representation, e.g. X.509
 java.security.PublicKey
 Three methods in the Key interface:  java.security.PrivateKey
String getAlgorithm()

 Key pairs: represented by java.security.KeyPair
 Returns the name of algorithm for which this key is used  KeyPair(PublicKey publicKey, PrivateKey
 byte[] getEncoded() privateKey) // constructor
 Returns the encoded value of the key  PublicKey getPublic()
 String getFormat()  PrivateKey getPrivate()
 Returns public and private keys, respectively, from a key
 Returns the name of the encoding format
pair

7 8
Key Generators More on Key Generators
 How to create a key?  Examples:
 Step 1: Obtain a key generator object for the specific  A 1024-bit key pair for DSA signatures
algorithm KeyPairGenerator kpg = KeyPairGenerator.getInstance(“DSA”);
 java.security.KeyPairGenerator (for public/private kpg.initialize(1024);
key pairs) KeyPair kp = kpg.genKeyPair();
 javax.crypto.KeyGenerator (for secret keys)
 A DES key
 Step 2: Initialize the key generator KeyGenerator kg = KeyGenerator.getInstance(“DES”);
 E.g. abstract void initialize(int strength, kg.init(new SecureRandom());
SecureRandom sr) SecretKey key = kg.generateKey();
 Step 3: Ask the key generator to generate a key (or
key pair)  Note: public (KeyPairGenerator) and private
 E.g. abstract KeyPair genKeyPair() (KeyGenerator) key generators have different method
names, e.g. initialize() vs. init()
 E.g. abstract SecretKey generateKey()

9 10

Algorithm Initialization Key Specifications


 Overloaded initialization methods for KeyGenerator:  How to store a key on disk, or transmit over the
 static final void init(SecureRandom rand) network?
 static final void init(int strength)  A Java Key is an abstract object, not a concrete
 static final void init(int strength, representation (e.g. a sequence of bytes)
SecureRandom rand)  A KeySpec is an interface for the specification of a
 Strength: usually is length of key key’s data, sometimes called key material
 Similarly for KeyPairGenerator (see book/API for details)  E.g. for RSA/DSA, a key pair consists of several numbers
 What if more specific initialization parameter for an  A concrete representation, but not as “raw” as a byte array
algorithm is required?  Can convert to/from “raw materials”
 java.security.AlgorithmParameterSpec  There are subclasses for individual algorithms
 Empty interface; a “box” for passing parameters  Two methods:
 public void initialize(AlgorithmParameterSpec  Serialization
params)  using KeyFactory

11 12
SecretKeyFactory (for Secret
Key Factories Keys)
 A KeyFactory converts a Key object to/from its  Example: from things to keys
specification (a KeySpec) // a method to create a DES key from a byte array
public SecretKey makeDESKey(byte[] input) {
 (No, this is not a factory for generating keys.) SecretKeyFactory desFactory =
SecretKeyFactory.getInstance(“DES”);
 Relationships: KeySpec spec = new DESKeySpec(input);
return desFactory.generateSecret(spec);
KeyFactory KeyGenerator }

 Example: from keys to things


// a method to translate a DES key into a byte array
public byte[] makeBytesFromDESKey(SecretKey key) {
SecretKeyFactory desFactory =
Key SecretKeyFactory.getInstance(“DES”);
DESKeySpec spec = (DESKeySpec)desFactory.getKeySpec(key,
KeySpec Bytes DESKeySpec.class);
return spec.getKey();
}

13 14

KeyFactory (for Public Keys) Summary


 Obtain the object  Java architecture for cryptography
static final KeyFactory getInstance(String

 Concepts, algorithms, providers
algorithm)
 From things to keys (public or private):  Key management in Java
 final PublicKey generatePublic(KeySpec keyspec)  The Key Interface
 final PrivateKey generatePrivate(KeySpec keyspec)  Relation between Key, KeyGenerator, KeyFactory, and
 From keys to things: KeySpec
 final KeySpec getKeySpec(Key key, Class keySpec)
 Handles both public and private keys
 Returns a KeySpec of the appropriate class (supplied in argument)

15 16

You might also like