100% found this document useful (4 votes)

24 views

PDF (Ebook) Cryptography and Cryptanalysis in Java: Creating and Programming Advanced Algorithms with Java SE 17 LTS and Jakarta EE 10 by Stefania Loredana Nita, Marius Iulian Mihailescu ISBN 9781484281048, 1484281047 download

The document provides information about various ebooks related to cryptography and cryptanalysis, including titles focused on Java, MATLAB, C++, and C#. It includes details such as authors, ISBN numbers, and links for downloading the ebooks. Additionally, it outlines the structure and content of the book 'Cryptography and Cryptanalysis in Java' by Stefania Loredana Nita and Marius Iulian Mihailescu.

Uploaded by

zabebahipsy

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (4 votes)

24 views

PDF (Ebook) Cryptography and Cryptanalysis in Java: Creating and Programming Advanced Algorithms with Java SE 17 LTS and Jakarta EE 10 by Stefania Loredana Nita, Marius Iulian Mihailescu ISBN 9781484281048, 1484281047 download

Uploaded by

zabebahipsy

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 65

Download the Full Ebook and Access More Features - ebooknice.

com

(Ebook) Cryptography and Cryptanalysis in Java:

Creating and Programming Advanced Algorithms with
Java SE 17 LTS and Jakarta EE 10 by Stefania
Loredana Nita, Marius Iulian Mihailescu ISBN
9781484281048, 1484281047
https://ebooknice.com/product/cryptography-and-
cryptanalysis-in-java-creating-and-programming-advanced-
algorithms-with-java-se-17-lts-and-jakarta-ee-10-42712576

OR CLICK HERE

DOWLOAD EBOOK

Download more ebook instantly today at https://ebooknice.com

Instant digital products (PDF, ePub, MOBI) ready for you
Download now and discover formats that fit your needs...

Start reading on any device today!

(Ebook) Cryptography and Cryptanalysis in Java: Creating

and Programming Advanced Algorithms with Java SE 17 LTS
and Jakarta EE 10 by Stefania Loredana Nita; Marius Iulian
Mihailescu ISBN 9781484281048, 9781484281055, 1484281047,
https://ebooknice.com/product/cryptography-and-cryptanalysis-in-java-
1484281055
creating-and-programming-advanced-algorithms-with-java-se-17-lts-and-
jakarta-ee-10-42814048
ebooknice.com

(Ebook) Cryptography and Cryptanalysis in MATLAB: Creating

and Programming Advanced Algorithms by Marius Iulian
Mihailescu, Stefania Loredana Nita ISBN 9781484273333,
1484273338
https://ebooknice.com/product/cryptography-and-cryptanalysis-in-
matlab-creating-and-programming-advanced-algorithms-34605210

ebooknice.com

(Ebook) Pro Cryptography and Cryptanalysis with C++23:

Creating and Programming Advanced Algorithms, 2nd Edition
by Marius Iulian Mihailescu, Stefania Loredana Nita
https://ebooknice.com/product/pro-cryptography-and-cryptanalysis-
with-c-23-creating-and-programming-advanced-algorithms-2nd-
edition-50569844
ebooknice.com

(Ebook) Pro Cryptography and Cryptanalysis with C++20:

Creating and Programming Advanced Algorithms by Marius
Iulian Mihailescu, Stefania Loredana Nita ISBN
9781484265857, 1484265858
https://ebooknice.com/product/pro-cryptography-and-cryptanalysis-
with-c-20-creating-and-programming-advanced-algorithms-46651728

ebooknice.com
(Ebook) Pro Cryptography and Cryptanalysis with C++23:
Creating and Programming Advanced Algorithms by Marius
Iulian Mihailescu, Stefania Loredana Nita ISBN
9781484294499, 1484294491
https://ebooknice.com/product/pro-cryptography-and-cryptanalysis-
with-c-23-creating-and-programming-advanced-algorithms-50581682

ebooknice.com

(Ebook) Cryptography and Cryptanalysis in Java, 2nd

Edition by Stefania Loredana Nita, Marius Iulian
Mihailescu ISBN 9798868804403, 8868804409
https://ebooknice.com/product/cryptography-and-cryptanalysis-in-
java-2nd-edition-58449812

ebooknice.com

(Ebook) Pro Cryptography and Cryptanalysis: Creating

Advanced Algorithms with C# and .NET by Marius Iulian
Mihailescu; Stefania Loredana Nita ISBN 9780471128458,
9780849385216, 9781484263679, 0471128457, 0849385210,
https://ebooknice.com/product/pro-cryptography-and-cryptanalysis-
1484263677
creating-advanced-algorithms-with-c-and-net-15202074

ebooknice.com

(Ebook) Pro Cryptography and Cryptanalysis with C++23:

Creating and Programming Advanced Algorithms by Marius
Iulian Mihailescu, Stefania Loredana Nita ISBN
9781484294505, 1484294505,
https://ebooknice.com/product/pro-cryptography-and-cryptanalysis-
6f9e8543-3b6f-4ca5-883e-c08c930a6ca8,
with-c-23-creating-and-programming-advanced-algorithms-50594370
6F9E8543-3B6F-4CA5-883E-C08C930A6CA8
ebooknice.com

(Ebook) Pro Cryptography and Cryptanalysis with C++20:

Creating and Programming Advanced Algorithms by Marius
Iulian Mihailescu ISBN 9781484265857, 1484265858
https://ebooknice.com/product/pro-cryptography-and-cryptanalysis-
with-c-20-creating-and-programming-advanced-algorithms-36373792

ebooknice.com
Cryptography and
Cryptanalysis in Java
Creating and Programming Advanced
Algorithms with Java SE 17 LTS
and Jakarta EE 10

Stefania Loredana Nita

Marius Iulian Mihailescu
Cryptography and Cryptanalysis in Java: Creating and Programming Advanced
Algorithms with Java SE 17 LTS and Jakarta EE 10
Stefania Loredana Nita Marius Iulian Mihailescu
Bucharest, Romania Bucharest, Romania

ISBN-13 (pbk): 978-1-4842-8104-8 ISBN-13 (electronic): 978-1-4842-8105-5

https://doi.org/10.1007/978-1-4842-8105-5

Copyright © 2022 by Stefania Loredana Nita and Marius Iulian Mihailescu

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with
every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an
editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the
trademark.
The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not
identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to
proprietary rights.
While the advice and information in this book are believed to be true and accurate at the date of publication,
neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or
omissions that may be made. The publisher makes no warranty, express or implied, with respect to the
material contained herein.
Managing Director, Apress Media LLC: Welmoed Spahr
Acquisitions Editor: Steve Anglin
Development Editor: Laura Berendson
Copy Editor: Kimberly Wimpsett
Editorial Operations Manager: Mark Powers
Cover designed by eStudioCalamar
Cover image by Anna Zakharova on Unsplash (www.unsplash.com)
Distributed to the book trade worldwide by Apress Media, LLC, 1 New York Plaza, New York, NY 10004,
U.S.A. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail [email protected], or visit
www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer
Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.
For information on translations, please email [email protected]; for reprint, paperback,
or audio rights, please e-mail [email protected].
Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBook versions and
licenses are also available for most titles. For more information, reference our Print and eBook Bulk Sales
web page at www.apress.com/bulk-sales.
Any source code or other supplementary material referenced by the author in this book is available to
readers on GitHub (github.com/apress). For more detailed information, please visit www.apress.com/
source-code.
Printed on acid-free paper
To our families and to the wonderful readers. May this book be a true
inspiration for everyone…and remember: “If you think technology can
solve your security problems, then you don’t understand the problems,
and you don’t understand technology.”
—Bruce Schneier
Table of Contents
About the Authors�� ix

About the Technical Reviewer�� xi

Chapter 1: Introduction�� 1
Cryptography and Cryptanalysis�� 3
Book Structure�� 4
Conclusion�� 6
References�� 6

Chapter 2: J DK 17: New Features�� 9

Conclusion�� 18
References�� 18

Chapter 3: R
oadmap and Vision for Jakarta EE 10�� 21
Conclusion�� 27
References�� 28

Chapter 4: J ava Cryptography Architecture�� 29

Architecture and Design Principles�� 31
JCA Classes and Algorithms�� 34
Algorithms and Engine Classes�� 35
Interfaces and Main Classes�� 36
Data Encryption�� 36
Hash Functions�� 39
Signatures�� 41
Conclusion�� 46
References�� 46

v
Table of Contents

Chapter 5: C
lassical Cryptography�� 47
Caesar Cipher�� 48
Implementation�� 49
Cryptanalysis�� 53
Vigenère Cipher�� 53
Implementation�� 56
Cryptanalysis�� 59
Hill Cipher�� 60
Implementation�� 61
Cryptanalysis�� 67
Conclusion�� 68
References�� 68

Chapter 6: F ormal Techniques for Cryptography�� 71

Definitions�� 71
Probabilities and Statistics�� 73
Conditional Probability�� 74
Random Variables�� 74
Entropy�� 75
A Little Algebra�� 76
Elliptic Curves�� 82
Conclusion�� 84
References�� 84

Chapter 7: P
seudorandom Number Generators�� 87
Examples of PRNGs�� 89
Linear Congruential PRNGs�� 89
Blum-Blum-Shub PRNG�� 89
Linear Circuit PRNGs�� 90
Other PRNGs�� 91
PRNGs Security�� 91
Java.util.Random Class�� 92

vi
Table of Contents

Conclusion�� 97
References�� 97

Chapter 8: H
ash Functions�� 101
Conclusion�� 109
References�� 110

Chapter 9: S
ymmetric Encryption Algorithms�� 113
Data Encryption Standard�� 113
The Generation of Keys�� 115
Encryption and Decryption Process�� 116
Operation Modes for DES�� 117
Advanced Encryption Standard�� 123
Encryption and Decryption Process�� 123
Operation Modes for AES�� 124
Conclusion�� 129
References�� 130

Chapter 10: A
symmetric Encryption Schemes�� 131
RSA�� 133
ElGamal�� 138
Merkle-Hellman�� 143
The Knapsack Approach�� 143
Algorithms�� 144
Conclusion�� 145
References�� 145

Chapter 11: S
ignature Schemes�� 147
Conclusion�� 156
References�� 156

vii
Table of Contents

Chapter 12: Identification Schemes�� 159

FFS Identification protocol�� 161
Conclusion�� 170
References�� 170

Chapter 13: L attice-Based Cryptography and NTRU�� 173

Practical Implementation of the NTRU Library�� 176
Conclusion�� 192
References�� 192

Chapter 14: A
dvanced Encryption Schemes�� 195
Homomorphic Encryption�� 195
Searchable Encryption�� 199
Conclusion�� 201
References�� 201

Chapter 15: C
ryptography Tools�� 205
CryptTool�� 205
OpenSSL�� 215
Conclusion�� 221
References�� 222

Index�� 223

viii
About the Authors
Stefania Loredana Nita, PhD, is a lecturer at “Ferdinand I” Military Technical Academy
of Bucharest and a software developer and researcher at the Institute for Computers. Her
PhD thesis was on advanced cryptographic schemes using searchable encryption and
homomorphic encryption. At the Military Technical Academy, she teaches the Formal
Languages and Translators and Database Application Development courses. She worked
for more than two years as an assistant lecturer at the University of Bucharest where
she taught courses on subjects such as advanced programming techniques, simulation
methods, and operating systems. Her research activity is in the cryptography field, with
a focus on searchable encryption and homomorphic encryption. She is also interested
in blockchain, quantum cryptography, machine learning, and artificial intelligence.
At the Institute for Computers, she is working on research and development projects
that involve cloud computing security, the Internet of Things, and big data. She has
authored or co-authored more than 28 papers at conferences and for journals and has
co-authored five books. Also, she holds an MSc in software engineering and two BSc
degrees in computer science and mathematics.

Marius Iulian Mihailescu, PhD, has worked in the academic and industry sector
for more than 15 years. Currently, he is an associate professor (senior lecturer) of
engineering and computer science at “Spiru Haret” University, Romania, and as a side
job he is a project manager at the Institute for Computers where he is managing different
projects using different technologies, such as DevOps, Scrum, Agile, C#, Microsoft
SQL Server, Syncfusion, ASP.NET, and VUE. At the university, he has taught several
key computer science courses about information security, functional programming,
Interne of Things, blockchain, software development methods (Microsoft Azure,
Entity Framework, NHibernate, LINQ-to-SQL, UX with DevExpress controls, etc.), and
development web applications (HTML 5, CSS 3, Bootstrap, JavaScript, AJAX, NodeJS,
VUE, Laravel, mRabbit, ASP.NET, PHP). He has authored or co-authored more than

ix
About the Authors

30 articles in conference proceedings, 25 articles in journals, and six books. For three
years he worked as an IT officer at Royal Caribbean Cruises Ltd. where he dealt with IT
infrastructures, data security, and satellite communications systems. He received his
PhD in 2014, and his thesis was on applied cryptography over biometrics data. He holds
two MSc degrees in information security and software engineering, from “Ferdinand I”
Military Technical Academy and the University of Bucharest, Romania.

x
About the Technical Reviewer
Doug Holland is a software engineer and architect at Microsoft Corporation. He
holds a master’s degree in software engineering from the University of Oxford. Before
joining Microsoft, he was honored with the Microsoft MVP and Intel Black Belt
Developer awards.

xi
CHAPTER 1

Introduction
In the last decade, technology has rapidly evolved. Statistics show that 64.2 zettabytes of
data were generated in 2020 (1 zettabyte is equivalent to 1021 bytes or 1012 gigabytes), and
it is predicted that by 2025, the digital data generated will reach 181 zettabytes [1, 2].
Electronic communication has become an essential part of our lives, and due to its
rapid evolution, all manner of security issues have arisen. Because digital messages,
in all of their forms, are sent daily over public networks across the world, the need
for secure channels and security mechanisms has also increased. Digital devices and
communications should have digital signatures that make them easy to authenticate.
Modern cryptography provides solutions for all these requirements.
The era in which we are living is considered the “zettabytes era,” in which technology
allows humans and electronic devices to generate and send information instantly, at
any time and any place. Advanced technologies, such as the Internet of Things, fog
computing, edge computing, smart vehicles, drones, smart houses, and many other
complex software (desktop/web/mobile) solutions or architectures, are evolving so
quickly that it is difficult to keep up with security requirements. For example, at the time
of this book’s writing, there are 160,974 records of vulnerabilities registered on the CVE
platform [3]. However, lessons can be learned even from failures, so by analyzing such
vulnerabilities, security solutions can be improved.
One of the most important aspects considered when complex systems are
designed and implemented is knowledge. In antiquity, the Latins said Scientia
potentia est, meaning “Knowledge is power” [4]. In the 21s century, this is even more
true; information falling into the wrong hands can lead to huge business losses and
catastrophic outcomes. Cryptography and information security provide security

1
© Stefania Loredana Nita and Marius Iulian Mihailescu 2022
S. L. Nita and M. I. Mihailescu, Cryptography and Cryptanalysis in Java,
https://doi.org/10.1007/978-1-4842-8105-5_1
Chapter 1 Introduction

mechanisms that can protect information shared between senders and recipients over
insecure channels, so that unauthorized users cannot access or alter the transmitted
information. Over time, there were encryption systems that were broken by attackers by
exploiting vulnerabilities of the systems.
The word cryptography comes from the Greek words kryptos and graphein, meaning
“hidden” and “writing,” respectively. As its name suggests, the purpose of cryptography
is to hide messages from unauthorized individuals and to keep their integrity. Although
the study of cryptography has been around only about 100 years, it was used in different
forms from ancient times. However, over time there have been various primary methods
of hiding secret messages, starting with hieroglyphs, continuing with Caesar's famous
cipher, followed by the Vigenère cipher, Hebern’s rotor machine, and the famous
Enigma machine. Nevertheless, hiding messages was not the only occupation close
to cryptography or, rather, information security. Another example is authentication or
identity verification; this was often done through seals.
Cryptography is considered an art, especially in its primary phases. The history of
cryptography began in ancient Egypt, alongside the art of writing, during a time when
humans started organizing in different social groups. This organization led to a natural
need of transmitting information only to certain individuals, with the same group, tribe,
etc. Early forms of cryptography were hieroglyphs, which started to be used about 4,000
ago by Egyptians—only they recognized the symbols and their meaning. An inscription
carved circa 1900 BC contains the first known evidence of cryptography (in some kind).
It is located in Egypt nobleman Khnumhotep II’s tomb, in the main chamber [5]. In this
inscription, some symbols have a different form than usual, and the scribe’s intent was
not necessary to hide a message; rather, he wanted the symbols to look nobler than usual
according to the social status of the deceased. Although the inscription does not hide
a message, it contains an altered/transformed form of the original symbols, being the
oldest proof of such an approach. Then, cryptography in the ancient world moved to a
substitution approach, in which every symbol of an alphabet was replaced by another
symbol based on a secret rule. This was happening around 500–600 BC. The next notable
cipher was Caesar’s cipher. Caesar was a Roman emperor who was communicating
with his army generals with encoded messages, using a substitution within the Roman
alphabet. Each letter was shifted a certain number of positions in the alphabet, usually
three. For example, the correspondent of A was D, of B was E, and so on. This is an
important historical cipher that is mentioned often in cryptography literature. The next
important achievement in cryptography was in the Middle Ages by Leon Battista Alberti,
who implemented polyalphabetic substitution. Two rotating copper disks were used that
2
Chapter 1 Introduction

had the alphabet inscribed on them. Different variations of polyalphabetic substitution

ciphers were used, but the most known such cipher is Vigenère. Then in the 19th
century, the encryption methods evolved and became more technical. The beginning
of modern cryptography starts mainly with the Enigma machine, although the rotors
were used a few years before Enigma’s invention. Considered unbreakable, the Enigma
machine was invented by German engineer Arthur Scherbius at the end of World War
I, but it was extensively used in World War II by the German army. Enigma is based on
more rotors that work electromechanically, and it scrambles the letters of the alphabet.
During World War II, cryptography alongside cryptanalysis evolved quickly and became
mathematized. Then modern cryptography continued with symmetric encryption (using
a private key for both encryption and decryption) and was followed by asymmetric
encryption (where a public key is used for encryption and a private key for decryption)
introduced by Diffie and Hellmann in 1976. Since then, different types of encryption
systems evolved from each type of cryptography (symmetric or asymmetric).
For a more detailed history or interesting facts about cryptography, you can consult
[6] and [7].
The book aims to present the main topics of cryptography, information security, and
cryptanalysis from a practical perspective, by providing examples of implementations
in Java. The book addresses a large audience, such as security experts, military experts
and researchers, ethical hackers, teachers in academia, researchers, software developers,
and software engineers, and it can represent a good starting point in developing secure
applications, together with [8], [9], [10].

Cryptography and Cryptanalysis

When working with information security and data protection, the concepts of
cryptology, cryptography, and cryptanalysis should be clear. These are defined here, as
presented in [8, 9]:

• Cryptology is defined as the science or art of secret writings; the main

goal is to protect and defend the secrecy and confidentiality of the
information with the help of cryptographic algorithms.

• Cryptography represents the defensive side of cryptology; the main

objective is to create and design cryptographic systems and their
rules. When we are dealing with cryptography, we can observe a

3
Chapter 1 Introduction

special kind of art, an art that is based on protecting the information

by transforming it into an unreadable format, called ciphertext.

• Cryptanalysis is the offensive side of cryptology; its main objective

is to study the cryptographic systems with the scope to provide
the necessary characteristics in such a way to fulfill the function
for which they have been designed. Cryptanalysis can analyze the
cryptographic systems of third parties through the cryptograms
realized with them, breaking them to obtain useful information
for their business purpose. Cryptanalysts, code breakers, or ethical
hackers are the people who in the field of cryptanalysis.

• Cryptographic primitive represents a well-established or low-level

cryptographic algorithm is used to build cryptographic protocols.
Examples of such routines include hash functions or encryption
functions.

Book Structure
This book contains 15 chapters, in which the main aspects of classical and modern
cryptography are presented. Generally, the chapters will cover the foundation of the
presented concept/mechanism/technique from a mathematical perspective and then a
practical implementation or use cases in Java. The following chapters are detailed here:

• Chapter 2, “JDK 17: New Features”: This chapter will cover the new
features of Java 17 and will show some practical examples.

• Chapter 3, “Roadmap and Vision for Jakarta EE10”: This chapter

will present the basic usage of Jakarta EE and explain how security
mechanisms can be integrated.

• Chapter 4, “Java Cryptography Architecture”: This chapter presents

the built-in functions of Java that can be used in cryptography. These
are encapsulated in Java’s cryptography application programming
interface (API) called Java Cryptography Architecture (JCA).

• Chapter 5, “Classical Cryptography”: This chapter will describe classic

enciphering techniques. These ciphers use basic mathematical
functions but represent a good starting point in understanding

4
Chapter 1 Introduction

the purpose of cryptography and its basic rules. For each classic
algorithm, the mathematical description will be presented followed
by the implementation in Java.

• Chapter 6, “Formal Techniques for Cryptography”: This chapter

is focused on the formal aspects of cryptography. It will present,
without going into too many technical details, the main
mathematical elements used in cryptography that are mandatory to
understand; it will also define some specific terms of cryptography.

• Chapter 7, “Pseudorandom Generators”: Randomness is one of

the most important concepts used in cryptography. This chapter
will present what pseudorandom generators are and why are they
important in cryptography. One section of the chapter is dedicated to
the Java.util.Random class.

• Chapter 8, “Hash Functions”: This chapter will explore how hash

values can be generated for different types of data and will present and
implement some important hash functions, like the MD or SHA families.

• Chapter 9, “Symmetric Encryption Algorithms”: This chapter will

explain what symmetric encryption is and will present two of the
most important and used symmetric cryptosystems: AES and DES.

• Chapter 10, “Asymmetric Encryption Schemes”: This chapter will

highlight the differences between symmetric and asymmetric
cryptography and describe and implement two of the most important
cryptosystems of this category: RSA and ElGamal. Also, the chapter
presents the Merkle-Hellman Knapsack System, which is interesting
due to its approach.

• Chapter 11, “Signature Schemes”: This chapter will explain what

cryptographic signature schemes are, why are they so important,
and where can they be used. Then, it will present some important
signature schemes, such as ElGamal.

5
Chapter 1 Introduction

• Chapter 12, “Identification Schemes”: This chapter will explain what

other important cryptographic schemes, namely, identification
schemes, are; why are they so important; and where can they be
used. Then, it will present some important identification schemes,
such as CVE.

• Chapter 13, “Lattice-Based Cryptography and NTRU”: This chapter

will present the main concepts of lattice-based cryptography and will
describe the NTRU encryption system that is included in this branch
of cryptography.

• Chapter 14, “Advanced Encryption Schemes”: This chapter will cover

two relatively new encryption techniques, namely, searchable and
homomorphic encryption. The second one is very exciting, especially
the fully homomorphic encryption, which is considered the holy grail
of cryptography.

• Chapter 15, “Cryptography tools”: This chapter will discuss

cryptography tools that can be used to check the correctness of their
implementations, such as CrypTool or OpenSSL.

Conclusion
This first chapter covered the objectives of the book and highlighted the need
for cryptography and information security. Then it explained what cryptology,
cryptography, and cryptanalysis mean. Finally, the chapter described each upcoming
chapter so you can find information of interest quickly.

References
[1]. Volume of data/information created, captured, copied, and
consumed worldwide from 2010 to 2025, https://www.statista.
com/statistics/871513/worldwide-data-created/

[2]. Zettabyte era, https://en.wikipedia.org/wiki/Zettabyte_Era

[3]. CVE, https://cve.mitre.org/

6
Chapter 1 Introduction

[4]. Scientia potentia est, https://en.wikipedia.org/wiki/

Scientia_potentia_est

[5]. Sidhpurwala, H. (2013). “A Brief History of Cryptography”.

Available online: https://www.redhat.com/en/blog/brief-
history-cryptography

[6]. History of cryptology. Available online: https://www.britannica.

com/topic/cryptology/History-of-cryptology

[7]. Damico, T. M. (2009). A brief history of cryptography. Inquiries

Journal, 1(11).

[8]. Mihailescu, M. I., & Nita, S. L. (2021). Pro Cryptography and

Cryptanalysis: Creating Advanced Algorithms with C# and
.NET. Apress.

[9]. Mihailescu, M. I., & Nita, S. L. (2021). Pro Cryptography and

Cryptanalysis with C++ 20: Creating and Programming Advanced
Algorithms. Apress.

[10]. Mihailescu, M. I., & Nita, S. L. (2021). Cryptography and

Cryptanalysis in MATLAB. Apress.

7
CHAPTER 2

JDK 17: New Features

The Java Platform—developed by Oracle—includes two components: Java Standard
Edition (Java SE) and the Java Development Kit (JDK). Java SE is a computing platform
that is used to create software applications by developing and deploying portable code
for environments such as desktops and servers. Java SE includes different application
programming interfaces (APIs) and the Java Class Library. Examples of packages
included in Java SE are java.io, java.math, java.util, etc., and it includes APIs such
as Applet, AWT, Collections, Swing, JDBC, etc. You can find more about Java SE and its
editions at [1].
JDK is the Java development environment, which has two components: Java
Language Specification (JLS) and Java Virtual Machine Specification (JVMS). At the
moment of writing this book, the latest version of JDK is 17.0.1, released on October 19,
2021, but Java 17 and the Long Term Support (LTS) were released on September 14, 2021.
Being an LTS version, JDK 17 will receive support and updates until at least September
2024 [2]. Some great resources for Java developers are at [3], which will provide soon
a built-in Java compiler to test the examples, and [4], which is the official Oracle
documentation.
In JDK 17, several changes include new features, feature removals, and feature
deprecations. You can find the complete list of changes in Java 17 at [5], [6], and [7].
The changes are encoded as “JEP” followed by a number, where JEP means JDK
Enhancement Proposals. Some of the main changes are listed in the following lists.
New features:

• JEP 306: Restore Always-Strict Floating-Point Semantics

• JEP 356: Enhanced Pseudorandom Number Generators

• JEP 382: New macOS Rendering Pipeline

• JEP 391: macOS/AArch64 Port

9
© Stefania Loredana Nita and Marius Iulian Mihailescu 2022
S. L. Nita and M. I. Mihailescu, Cryptography and Cryptanalysis in Java,
https://doi.org/10.1007/978-1-4842-8105-5_2
Chapter 2 JDK 17: New Features

• JEP 403: Strongly Encapsulate JDK Internals

• JEP 406: Pattern Matching for switch (Preview)

• JEP 409: Sealed Classes

• JEP 412: Foreign Function & Memory API (Incubator)

• JEP 414: Vector API (Second Incubator)

• JEP 415: Context-Specific Deserialization Filters

Removals:

• JEP 407: Remove RMI Activation

• JEP 410: Remove the Experimental AOT and JIT Compiler

Deprecations:

• JEP 398: Deprecate the Applet API for Removal

• JEP 411: Deprecate the Security Manager for Removal

Note that in the following examples, the Eclipse environment should be configured
for use with Java 17. We’ll now elaborate on the JEPs of interest to the field of
cryptography.
JEP306, “Restore Always-Strict Floating-Point Semantics.” This new feature
brings back the semantics before introducing the strict and default floating-point
modes in Java SE 1.2. The purpose of this modification is to make it easy to work with
libraries for numeric usages, such as java.lang.Math or java.lang.StrictMath. The
variations of the types of calculations (strict, strict floating-point) were due to hardware
constraints in that some processors suffered from overheating issues while performing
strict computations. However, nowadays processors have overcome such constraints;
therefore, strict computations can be used safely without restrictions. You can learn
more about JEP306 at [8].
JEP356, “Enhanced Pseudorandom Number Generators.” This one is of
interest for cryptography use. This new feature includes new interface types and new
implementations for pseudorandom number generators (PRNGs), which are included
in the java.util.random package. The new implementations contain jumpable
PRNGs and a completely new class for splittable PRNGs, called LXM. The purpose of
this feature is to make it easier to use PRNGs and to eliminate two weaknesses in the
SplittableRandom class discovered in 2016.

10
Chapter 2 JDK 17: New Features

In Listing 2-1 are printed available PRNGs with some information about them:
their type (arbitrary jumpable, hardware, jumpable, leapable, splittable, statistical,
stochastic, or streamable) and the number of bits used to maintain the state of the seed.
After that, lines 28 and 29 show how PRNGs are instantiated in the new Java 17, while
line 31 shows the old instantiation of the Random class. Lines 33, 34, and 36 show the
default representation for the new implementations and the shortcut for the default
representation, respectively. Figure 2-1 shows the results.

Listing 2-1. Using PRNGs in Java 17

1   import java.util.Random;
2   import java.util.random.RandomGenerator;
3   import java.util.random.RandomGeneratorFactory;
4   import java.util.stream.Stream;
5
6   public class JEP356Example {
7
8         public static void main(String[] args) {
9
10               Stream<RandomGeneratorFactory<RandomGenerator>> allPRNGs =
RandomGeneratorFactory.all();
11               allPRNGs.map(prng -> prng.name() + " [ Group: "  + prng.
group() + "; "
12                           + (prng.isArbitrarilyJumpable() ? " arbitrary-
jump" : "")
13                           + (prng.isHardware()? " hardware" : "")
14                           + (prng.isJumpable() ? " jump" : "")
15                           + (prng.isLeapable()? " leap" : "")
16                           + (prng.isSplittable() ? " split" : "")
17                           + (prng.isStatistical()? " statistical" : "")
18                           + (prng.isStochastic()? " stochastic" : "")
19                           + (prng.isStreamable() ? " stream" : "")
20                           + "; noOfBits: "+ prng.stateBits()
21                           + "]"
22                           ).sorted().forEach(System.out::println);
23

11
Chapter 2 JDK 17: New Features

24               System.out.println("\n*****\n");
25
26               RandomGenerator prng1 = RandomGeneratorFactory.
of("Random").create(45);
27               System.out.println("prng1 - " + prng1.getClass());
28               RandomGenerator prng2 = new Random(45);
29               System.out.println("prng2 - " + prng2.getClass());
30               RandomGenerator prng3 = RandomGeneratorFactory.
getDefault().create(45);
31               System.out.println("prng3 - " + prng3.getClass());
32               RandomGenerator prng4 = RandomGenerator.getDefault();
33               System.out.println("prng4 - " + prng4.getClass());
34         }
35   }

Figure 2-1. The result of Listing 2-1

12
Chapter 2 JDK 17: New Features

In Figure 2-1, the Legacy category is for the old implementation of PRNGs, while LXM
and Xoroshiro are newly introduced. Note that the new implementations are not thread-
safe; namely, the same instance can be shared between more threads (although this is
not a common practice while developing applications). Instead, java.util.Random and
java.security.SecureRandom are thread-safe. You can learn more about JEP 356 at [9].
JEP403, “Strongly Encapsulate JDK Internals.” This is one of the features that
enhances the security of the JDK, as the internal APIs cannot be accessed with
the --illegal-access option at the command line anymore; this is because in JDK 17
all internal elements are now strongly encapsulated. The exceptions are crucial APIs,
such as sun.misc.Unsafe. The purpose of this feature is to encourage developers to
use standard APIs instead of internal APIs. This change increases the security and
the maintainability of the JDK. On the official page of this JEP, the developers give
some examples of pieces of code that will not work anymore in JDK 17 and provide
explanations for each example. You can learn more about JEP 403 at [10].
JEP406, “Pattern Matching for switch (Preview).” By far, using pattern matching
in switch expressions and statements will be easier and more elegant. In addition, this
will save a lot of lines of code. Listing 2-2 is an example of pattern matching for switch
that can be used in cryptography. Consider three classes that implement the RSA, AES,
and ElGamal algorithms (lines 1–11); the user should introduce only the secret key or the
pair of the secret key and public key corresponding to the chosen encryption system’s
type. Note that for the following example, the usage of preview language features should
be enabled in order to work properly.

Listing 2-2. Example of Pattern Matching for switch

1   class RSA {
2
3   }
4
5   class AES {
6
7   }
8
9   class ElGamal {
10
11   }

13
Chapter 2 JDK 17: New Features

12
13   public class JEP406Example {
14
15         static void TypeOfKeys(Object o) {
16               if (o instanceof RSA ) {
17                   System.out.println("Two keys needed. Type the secret on
the first line. Type the public key on the second line.");
18               } else if (o instanceof AES) {
19                   System.out.println("One key needed. Type the secret
key on the first line.");
20               } else if (o instanceof ElGamal) {
21                   System.out.println("Two keys needed. Type the secret on
the first line. Type the public key on the second line.");
22               }
23         }
24
25         static void TypeOfKeysPatternSwitch(Object o) {
26               if(o == null)
27                  throw new NullPointerException();
28               else
29               {
30                     switch (o.getClass().toString()) {
31                             case null -> throw new NullPointerException();
32                             case "RSA2" -> System.out.println("Two keys
needed. Type the secret on the first line. Type
the public key on the second line.");
33                             case "AES2" -> System.out.println("One key
needed. Type the secret key on the first line.");
34                             case "ElGamal2" -> System.out.println("Two keys
needed. Type the secret on the first line. Type
the public key on the second line.");
35                             default -> System.out.println("Pick an
encryption system");
36                     }
37               }
38         }
14
Chapter 2 JDK 17: New Features

39
40         public static void main(String[] args) {
41               TypeOfKeys(new RSA());
42               TypeOfKeysPatternSwitch(new RSA());
43
44               System.out.println("\n***\n");
45
46               TypeOfKeys(new AES());
47               TypeOfKeysPatternSwitch(new AES());
48         }
49   }

In Listing 2-2, two approaches were used to print the message for the user: the
regular one, in the function TypeOfKeys (lines 16–27), and the version with pattern
matching for the switch statement (lines 29–45). Note that the result should be the same
for the same type of object that is passed to the two functions. You can check the result in
Figure 2-2, and you can learn more about JEP 406 at [11].

Figure 2-2. The result of using pattern matching for switch

JEP409, “Sealed Classes.” These types of classes are important in object-oriented

programming because they can restrict the list of classes or interfaces that are extensions
or implementations of them, giving more control to the code that implements them.
For example, consider there is a fixed collection of encryption systems stored within an
enum. As there is a fixed number of encryption systems, a default clause wouldn’t be
necessary when switching between them; see Listing 2-3.

15
Chapter 2 JDK 17: New Features

Listing 2-3. Sketch for Cryptosystems Stored as enum

enum Cryptosystem { AES, RSA, ElGamal }

Cryptosystem cipher = ...

switch (cipher) {
  case AES: ...
  case RSA: ...
  case ElGamal: ...
}

In situations in which a given number of kinds of values should be managed (instead

of managing a set of values), a hierarchy of classes can be used for listing these kinds of
values. For the previous enum example, this would be transformed into Listing 2-4.

Listing 2-4. Converting the enum Example to a Class Hierarchy

interface Cryptosystem { ... }

final class AES implements Cryptosystem { ... }
final class RSA implements Cryptosystem { ... }
final class ElGamal implements Cryptosystem { ... }

However, superclasses should be widely accessible but not widely extensible. Sealed
classes were introduced to give more control over how extensibility and implementation
are used. The previous example can be modified by using sealed classes as shown in
Listing 2-5.

Listing 2-5. Sealed Classes

1 public class JEP409Example {

2
3         static void Test(Cryptosystem c) {
4               if (c instanceof AES_Cryptosystem)
5                     System.out.println("AES chosen");
6               else
7                     if (c instanceof RSA_Cryptosystem)
8                           System.out.println("RSA chosen");

16
Chapter 2 JDK 17: New Features

9                     else
10                           throw new RuntimeException("Unknown instance
of Cryptosystem.");
11
12         }
13         public static void main(String[] args) {
14               AES_Cryptosystem aes = new AES_Cryptosystem();
15               RSA_Cryptosystem rsa = new RSA_Cryptosystem();
16
17               Test(aes);
18               Test(rsa);
19         }
20   }

In Listing 2-5, three classes are used: Cryptosystem, AES_Cryptosystemn, and RSA_
Cryptosystem. Note that to use them as sealed classes and classes that extend the sealed
class, each class must be defined in its own file. To prevent further extensions, the classes
that extend the sealed class should be declared as final. Here is the definition for the
three classes used in the example:

public abstract sealed class Cryptosystem

permits AES_Cryptosystem, RSA_Cryptosystem {

String encryptMessage() { return null;}

String decryptMessage() { return null; }
}

public final class AES_Cryptosystem extends Cryptosystem {

public final class RSA_Cryptosystem extends Cryptosystem {

You can find more examples of sealed classes at [12].

JEP412, “Foreign Function & Memory API (Incubator).” With this new feature, Java
code can work with foreign code and data from outside of the Java runtime, other than
C. In cryptography, this can be useful, especially when working with mathematical tools.

17
Chapter 2 JDK 17: New Features

For example, Matlab code can be used for mathematical functions or algorithms that
are already implemented, such as statistical functions. Using the foreign code is safe and
efficient. You can learn more about JEP412 at [13].
JEP414, “Vector API (Second Incubator).” Using this feature achieves better
performance and implementation for vector instructions compared to equivalent scalar
computations. The improved API provides features such as translating byte vectors to
Boolean arrays, or vice versa. You can learn more about JEP412 at [14].
JEP415, “Context-Specific Deserialization Filters.” This is another example of
a feature that is great for cryptographic purposes. The motivation behind this feature
lies in the fact that data that is received from different sources is untrusted because in
the world of the Internet, often the source is unknown, untrusted, or unauthenticated.
Therefore, when untrusted data is deserialized, it can be dangerous. For example, an
attacker can exploit the vulnerabilities behind serialized/deserialized data injecting
malicious behavior. With this feature, a filter factory for Java Virtual Machine (JVM)
was introduced that can be configured. When it is instantiated as an object of the
ObjectInputStream type, the JVM filter factory is invoked, and the result is used to
initialize each filter per stream. You can learn more about JEP415 at [15].

Conclusion
This chapter presented the main features added in Java 17. By far one of the most
exciting added features is the new pseudorandom generator implementations and
pattern matching for switch instructions. The chapter presented some use cases for
cryptography.

References
[1]. Java SE at a Glance, https://www.oracle.com/ro/java/
technologies/java-se-glance.html

[2]. Java Downloads, https://www.oracle.com/java/technologies/

downloads/#java17

[3]. https://dev.java/

18
Chapter 2 JDK 17: New Features

[4]. JDK 17 Documentation, https://docs.oracle.com/en/java/

javase/17/

[5]. JDK 17 Release Notes, https://www.oracle.com/java/

technologies/javase/17-relnote-issues.html

[6]. Java® Platform, Standard Edition & Java Development Kit Version
17 API Specification, https://docs.oracle.com/en/java/
javase/17/docs/api/index.html

[7]. JDK 17.0.1 General-Availability Release, https://jdk.

java.net/17/

[8]. JEP 306: Restore Always-Strict Floating-Point Semantics, https://

openjdk.java.net/jeps/306

[9]. JEP 356: Enhanced Pseudorandom Number Generators, https://

openjdk.java.net/jeps/356

[10]. JEP 403: Strongly Encapsulate JDK Internals, https://openjdk.

java.net/jeps/403

[11]. JEP 406: Pattern Matching for switch (Preview), https://openjdk.

java.net/jeps/406

[12]. JEP 409: Sealed Classes, https://openjdk.java.net/jeps/409

[13]. JEP 412: Foreign Function & Memory API (Incubator), https://
openjdk.java.net/jeps/412

[14]. JEP 414: Vector API (Second Incubator), https://openjdk.java.

net/jeps/414

[15]. JEP 415: Context-Specific Deserialization Filters, https://

openjdk.java.net/jeps/415

19
CHAPTER 3

Roadmap and Vision

for Jakarta EE 10
Jakarta EE 10 will represent the first major release of Jakarta EE, and its goal is to deliver a
specific set of specifications for Jakarta EE technologies.
By late 2021, the key themes that have been proposed by the community for shaping
Jakarta EE 10 are as follows:

• Aligning with Java Standard Edition (SE)

• Filling the gaps in the standardization

• Aligning with contexts and dependency injection (CDI)

Starting with Java EE 8, Jakarta Security is a new API with three authentication
procedures: Basic, Form, and an extension of Form that perfectly suits the process of
implementation within Java Server Faces (JSF).
With Jakarta EE 10, the goal is to add new authentication mechanisms. The first
mechanism on the list is represented by Client-Cert and Digest. In this way, Jakarta
Security will provide a total replacement of the authentication mechanisms that are
supported by Java Servlet. Another goal is to offer support for OpenID, OAuth, and JSON
Web Token (JWT). JWT is an interesting topic that is currently under discussion due to
the process of adding it to the MicroProfile project.
Jakarta Security supports different annotations, such as @RolesAllowed and @RunAs,
with support for further extensions. At the moment, @RolesAllowed is supported only
by EJB in Jakarta EE. The annotation will throw an exception if access is denied by a
bean method.
Related to the authentication mechanisms, @RolesAllows will trigger an
authentication mechanism when access is denied by a Jakarta REST resource method.

21
© Stefania Loredana Nita and Marius Iulian Mihailescu 2022
S. L. Nita and M. I. Mihailescu, Cryptography and Cryptanalysis in Java,
https://doi.org/10.1007/978-1-4842-8105-5_3
Chapter 3 Roadmap and Vision for Jakarta EE 10

The Jakarta EE 10 platform will include a serious set of components; Table 3-1 shows
their status.

Table 3-1. Jakarta EE 10 Web Profile

Component Status

Authentication 3.0 Updated

Concurrency 3.0 Updated
CDI 4.0 Updated
Expressions Language 5.0 Updated
Faces 4.0 Updated
Security 3.0 Updated
Servlet 6.0 Updated
Standard Tag Libraries 3.0 Updated
Persistence 3.1 Updated
Server Pages 3.1 Updated
WebSocket 2.1 Updated
Bean Validation 3.0 Not updated
Debugging Support 2.0 Not updated
Enterprise Beans Lite 4.0 Not updated
Managed Beans 2.0 Not updated
Transactions 2.0 Not updated
RESTful Web Services 3.1 Updated
JSON Processing 2.1 Updated
JSON Binding 2.1 Updated
Annotations 2.0 Not updated
Interceptors 2.0 Not updated
Dependency Injection 2.0 Not updated
CDI Lite 4.0 Updated/new
Config 1.0 New

22
Chapter 3 Roadmap and Vision for Jakarta EE 10

User-friendly authentication modules are one of the most important features

handled by Jakarta Security within Jakarta EE 10; they enable authorization rules that
can be easily implemented.
These authorization modules are designed to work as low-level, portable
mechanisms. The steps used to develop and install these modules have become more
stable, making them more useful for business applications.
The specifications that are available with the Jakarta EE 10 platform and Web
Profile for business applications are as follows, according to the Jakarta EE 10 Release
Plan (https://eclipse-ee4j.github.io/jakartaee-platform/jakartaee10/
JakartaEE10ReleasePlan):

• Jakarta EE Platform 10 (updated feature)

• Jakarta EE Web Profile 10 (updated feature)

• Jakarta Activation 2.1 (updated feature)

• Jakarta Annotations 2.1 (updated feature for Web Profile)

• Jakarta Authentication 3.0 (updated feature for Web Profile)

• Jakarta Authorization 2.1 (updated feature)

• Jakarta Batch 2.1 (updated feature)

• Jakarta Bean Validation 3.0 (feature for Web Profile)

• Jakarta Concurrency 3.0 (updated feature for Web Profile)

• Jakarta Connectors 2.1 (updated feature)

• Jakarta Contexts and Dependency Injection 4.0 (updated feature)

• Jakarta Debugging Support for Other Languages 2.0 (feature for Web Profile)
• Jakarta Dependency Injection 2.0 (feature for Web Profile)

• Jakarta Enterprise Beans 4.0

• Jakarta Enterprise Beans 4.0 Lite (feature Web Profile)

• Jakarta Enterprise Web Services 2.0 (optional feature)

• Jakarta Expression Language 5.0 (updated feature for Web Profile)

23
Chapter 3 Roadmap and Vision for Jakarta EE 10

• Jakarta Interceptors 2.0 (feature for Web Profile)

• Jakarta JSON Binding 3.0 (updated feature for Web Profile)

• Jakarta JSON Processing 2.1 (updated feature Web Profile)

• Jakarta Mail 2.1 (updated feature)

• Jakarta Managed Beans 2.0 (Web Profile)

• Jakarta Messaging 3.1 (updated feature)

• Jakarta Persistence 3.1 (updated feature for Web Profile)

• Jakarta RESTful Web Services 3.1 (updated feature for Web Profile)

• Jakarta Security 3.0 (updated feature for Web Profile)

• Jakarta Server Faces 4.0 (updated feature for Web Profile)

• Jakarta Server Pages 3.1 (updated feature for Web Profile)

• Jakarta Servlet 6.0 (updated feature for Web Profile)

• Jakarta SOAP with Attachments 3.0 (optional feature)

• Jakarta Standard Tag Library 3.0 (feature for Web Profile)

• Jakarta Transactions 2.0 (feature for Web Profile)

• Jakarta WebSocket 2.1 (feature for Web Profile)

• Jakarta XML Binding 4.0 (optional feature)

• Jakarta XML Web Services 4.0 (optional feature)

At the time of this book’s writing, the tool that contains portable modules for low-
level authorization had not yet been incorporated into Jakarta Security 1.0, as it had
not yet been fully evaluated. For example, to have a solution that identifies the scope
of an application, checking for the bridging role against an external service is the best
strategy, instead of taking all the roles and assigning them when the invocation call is
authenticated. Such an example is shown here:

1   import java.io.UnsupportedEncodingException;
2   import java.security.KeyPair;
3   import java.security.KeyPairGenerator;
4   import java.security.NoSuchAlgorithmException;

24
Chapter 3 Roadmap and Vision for Jakarta EE 10

5   import java.security.NoSuchProviderException;
6   import java.security.PrivateKey;
7   import java.security.PublicKey;
8   import java.security.SecureRandom;
9
10   @ApplicationScoped
11   public class ApressAuthorizationModule {
12
13       @Inject
14       SecurityConstraints apressSecurityConstraints
15
16       @Inject
17       ApressService apressService;
18
19       @PostAuthenticate
20       @PreAuthorize
21       @ByRole
22       public Boolean appressLogic(
23           Caller apressCaller, Permission apressReqPermission) {
24
25           return apressSecurityConstraints.getRequiredRoles(apressReq
Permission)
26                   .stream()
27                   .anyMatch(apressAccessRole -> apressService.
isInRole(apressCaller, apressAccessRole));
28       }
29
30   }

Jakarta CDI represents the main component model within the platform, and many
components are being aligned with it already. The important components include the
following:

• The @Transactional annotation gets a new definition in Jakarta

Transactions.

• The managed bean annotations is being deprecated in JSF.

• CDI has been developed and improved in Jakarta Security.

25
Chapter 3 Roadmap and Vision for Jakarta EE 10

The following components related to Jakarta EE 10 take full advantage of CDI:

• When CDI is enabled, the features of the Jakarta Enterprise

Beans programming model will be more flexible. Because of the
modernization process within Jakarta EE 10, the features are
converted to specifications where they fit perfectly. Here are some
examples:

• Definitions for @Lock, @Schedule, @Asynchronous, and

@MaxConcurrency are included. Security mechanisms have
also been improved, and special mechanisms are dedicated to
working with these annotations.

• Another important definition that is included is related to the

message-driven bean-style @MessageListener within Jakarta
Messaging.

• Jakarta Security will have two annotations that will need to deal
with it: @RolesAllowed and @RunAs.

• Most of the additional mechanisms are developed in such a way that

they can be injected with the help of CDI to provide deprecations of
their own features with respect for CDI and easy integration within
CDI. These mechanisms can be summarized as follows:

• Jakarta RESTful Web Services

• Jakarta Batch

• Jakarta Concurrency

Other new potential specifications within Jakarta EE 10 are the following:

• Jakarta NoSQL and Eclipse JNoSQL for giving access to Jakarta EE

applications

• Jakarta Model-View-Controller (MVC)

26
Chapter 3 Roadmap and Vision for Jakarta EE 10

Next, looking at the future of Jakarta EE 10, there are new challenges, but they will
not be covered. Most of the components provide experimentation together with analysis
and development. Those features are summarized as follows:

• Jakarta Servlet or a variant much lighter

• Jakarta Persistence, with support for reactive NIO Java Database

Connectivity (JDBC)

• Jakarta Restful Web Services

• Jakarta MVC

The Java platform and Jakarta EE 10 provide a number of important built-in

providers for implementing basic and advanced security services that are used within
different types of projects. The main components that work in both Java Platform and
Jakarta EE 10 can be summarized as follows:

• Java Cryptographic Extension (JCE): JCE represents an extension

from Sun Microsystems for providing encryption and decryption
operation for data blocks. JCE represents an important component of
the Java Cryptography Architecture (JCA) implementation.

• Java Secure Socket Extension (JSSE): One of the most important data
protocols is represented by the Secure Sockets Layer (SSL), which
provides data integrity by providing encryption. JSSE has a standard
interface and proper implementation for the SSL protocol.

• Java Authentication and Authorization Service (JAAS): JAAS offers an

implementation for user authentication. It provides a wide range of
login mechanisms within a specific architecture and a dedicated API.

Good references specialized for Jakarta EE are [1-3] and generally for Java are [4-7].

Conclusion
In this chapter, we provided a short overview of the main components and challenges
covered by the new Jakarta EE 10 and how these components will impact the developing
process of the software applications and the implementation of security mechanisms.

27
Chapter 3 Roadmap and Vision for Jakarta EE 10

An important aspect at this stage of development is represented by the new security

authentication mechanisms that have been released. You should now be able to describe
and understand the main challenges and components within Jakarta EE 10.

References
[1]. Juneau, Josh. Jakarta EE Recipes: A Problem-Solution Approach,
Apress, 2020.

[2]. Manelli, Luciano, and Giulio Zambon. Beginning Jakarta EE Web

Development: Using JSP, JSF, MySQL, and Apache Tomcat for
Building Java Web Applications. Apress, 2020.

[3]. Saeed, Luqman. Introducing Jakarta EE CDI Contexts and

Dependency Injection for Enterprise Java Development. Apress :
Imprint: Apress, 2020.

[4]. Horstmann, Cay S. Core Java. Eleventh edition, Pearson, 2019.

[5]. Bloch, Joshua. Effective Java. Third edition, Addison-Wesley, 2018.

[6]. McLaughlin, Brett, et al. Head First Object-Oriented Analysis and

Design. 1st ed, O’Reilly, 2007.

[7]. Sierra, Kathy, and Bert Bates. Head First Java. 2nd ed,
O’Reilly, 2005.

28
CHAPTER 4

Java Cryptography
Architecture
The Java Cryptography Architecture (JCA) framework offers capabilities for working with
cryptography algorithms and offers methods for a variety of cryptography primitives.
The cryptography algorithms and methods are implemented and offered through the
java.security package.
The Java platform is designed in such a way that the most important aspects and
components that characterize security are included in an easy and modern approach for
developers. The following are the most important components:

• Secure communication

• Language safety

• Public key infrastructure

• Authentication

• Access control

JCA represents only a small part of the entire Java platform, which has a provider
and a set of APIs for different cryptography primitives, such as digital signatures, hash
functions, validation of certificates, encryption algorithms/primitives, cryptography key
generation functions, key management, and algorithms for generating random numbers.
The provider was designed as architecture with respect for the following principles:

• Extensibility of the algorithms: Java is quite flexible when it comes to

providing its proper cryptography algorithms or custom providers’
and third-party libraries/frameworks. An important aspect that needs
to be taken into consideration when developing applications and
using third-party frameworks and libraries is to make sure that the

29
© Stefania Loredana Nita and Marius Iulian Mihailescu 2022
S. L. Nita and M. I. Mihailescu, Cryptography and Cryptanalysis in Java,
https://doi.org/10.1007/978-1-4842-8105-5_4
Chapter 4 Java Cryptography Architecture

implementation is tested and standardized accordingly. Everything

that is outside of the standardization process requires more attention
as a developer.

• Assuring the interoperability and implementing proper support: As

a programming language and developing technology for software
applications, Java guarantees interoperability, which is an important
criterion to satisfy even the most drastic requirements, especially
when you are dealing with different platforms (e.g., Windows ⟷
Ubuntu ⟷ Mac) for the same applications.

• Guaranteeing the independence of the cryptography algorithms

implementation: When you are dealing with the implementation
process for security algorithms, there is no need to implement the
algorithms from scratch. Thus, developers and software engineers
can use the security libraries and make proper requests for the
cryptography algorithms/primitives that they want to implement.
The algorithms are already implemented and standardized
accordingly.

JCA when used with JDK has two main components:

• The first component introduces the definitions and provides support

for different cryptographic services. Different contributors provide
different versions of implementations. The framework provides the
following important packages:

• java.security

• javax.crypto

• javax.crypto.spec

• javax.crypto.interfaces

• The second component provides the actual implementation of the

cryptography algorithms/primitives. The providers are as follows:

• Sun

• SunRsaSign

• SunJCE

30
Chapter 4 Java Cryptography Architecture

Architecture and Design Principles

As we mentioned, assuring independent implementation and interoperability, along
with the independence and extensibility of algorithms, plays an important role and
represents the main principles taken into consideration when JCA was designed and
implemented.
As an example, you can use a digital signature or hash function without considering
how the algorithms were implemented. So, you don’t have to worry about the details of
the implementation or the algorithms that represent the foundation for the concepts.
One of the fundamental questions that comes up is, how is the independence
of the algorithm fulfilled? The main thing that a developer has to do is to define the
cryptography engines or services along with the definition of the classes that offer
capabilities and different functionalities specific to those cryptographic engines. The
name of the concepts, according to some references guides [1], is known as engine
classes. There are a few examples that help in this area, shown here:

• Cipher class

• KeyPairGenerator class

• KeyFactory class

• MessageDigest class

• Signature class

Another question that will come up is, how is independence implemented? The
Cryptographic Service Provider (CSP) represents a package or a set of packages that
provides implementations for a variety of cryptographic services, such as digital
signatures algorithms, hash algorithms, and key management algorithms. Simply stated,
interoperability in information security is the ability of different implementations to
achieve their goals by working with each other, exchanging cryptography keys between
them, or being able to check each other’s cryptography keys.
The final question is, what is the importance and meaning of algorithm extensibility?
The answer relies in the simplicity of how the engine classes are added in a very easy and
modern way.

31
Chapter 4 Java Cryptography Architecture

The base class java.security.Provider comprises all the security providers. For
each CSP we will have an instance of this class. The class will offer the following:

• A list with all the security algorithms and security services that are
implemented

• The provider name

To use JCA, you simply specify the request for a certain object and its type. With
every JDK that you install, one or more providers will be installed and set by default.
Let’s see an example of JCA in action. The first thing you need to do is to make a
simple request for a certain type of object, such as MessageDigest, and to invoke or call a
certain algorithm/service, such as the SHA-512 algorithm.

message_hash = MessageDigest.getInstance("SHA-512");
message_hash = MessageDigest.getInstance("SHA-384",
"ImplementedProvider1");

Note that the previous lines of code are just an example snippet. In real use,
ImplementedProvider1 should be replaced with a valid provider. For example, a provider
for SHA-384 is SUN. Java enables users to determine the providers available by using the
following code:

Provider[] providers = Security.getProviders();

Figure 4-1 and Figure 4-2 show the requesting process for the SHA-512 algorithm
to hash a message. The ordering process shows three different ways of how a hash
algorithm is invoked and how a provider can be used as a source of the implementation.
Based on the architectures shown in Figure 4-1 and Figure 4-2, the developers can add
any other components (e.g., services, interfaces, third-party functions, etc.) and develop
new architectures based on them.
Returning to the independence of the algorithms, their definition will achieve the
proper goal of providing the implementation of providers that are compliant with the
defined interfaces. This is known as an application programming interface (API), and
it will guarantee that all applications will use it to access a specific type of service.

32
Chapter 4 Java Cryptography Architecture

Figure 4-1. Searching process for provider

33
Chapter 4 Java Cryptography Architecture

Figure 4-2. Requesting a specific provider

JCA Classes and Algorithms

This section presents the classes and algorithms within JCA.

34
Chapter 4 Java Cryptography Architecture

Algorithms and Engine Classes

The engine class is special because it offers an interface for a certain type of cryptography
service. The following operations and components are offered by an engine class:

• Objects: The objects contain the encrypted data and have the
capability to move them to certain and upper abstraction layers. Such
examples include certificates or cryptography key containers.

• Cryptography primitive operations: These include encryption/

decryption operations, digital signatures, hashing messages, etc.

• Generators or convertors: These include mechanisms used for

different cryptography concepts/mechanisms, such as cryptography
keys or various parameters for cryptography algorithms.

You can find a comprehensive list with examples and case studies at [1]. Table 4-1
lists the most important ones.

Table 4-1. Engine Classes and Their Purpose

Engine Class Purpose

KeyPairGenerator This generates a pair of public and private keys for a certain algorithm.
KeyGenerator For an algorithm, the class will generate new secret keys.
KeyAgreement The instance of the class is used by one or two parties to establish a
cryptographic key to be used within a specific cryptographic operation.
Cipher The class will use the keys (generated for encryption and decryption
data). The class provides a set of various algorithms, such as
asymmetric encryption, symmetric encryption, and password-based
encryption.
MessageDigest This provides functionalities for computing the hash value for a certain
message.
SecureRandom This provides functionalities for generating random numbers.

35
Chapter 4 Java Cryptography Architecture

Interfaces and Main Classes

Table 4-2 lists the main classes and interfaces that JCA deals with. The list has been
designed based on how useful and frequently used a class/interface is.

Table 4-2. Classes/Interfaces and Their Purpose

Class/Interface Purpose

Provider This generates a pair of public and private keys for a certain algorithm.
Security For an algorithm, this class will generate new secret keys.
MessageDigest An instance of this class is used by one or two parties for establishing a
cryptographic key to be used within a specific cryptographic operation.
Cipher This class will use the keys (generated for encryption and decryption
data). The class provides a set of various algorithms, such as
asymmetric encryption, symmetric encryption, and password-based
encryption.
KeyAgreement This provides functionalities for computing the hash value for a certain
message.
CertificateFactory This provides functionalities for generating random numbers.
Key This provides functionalities for working with keys.

For a comprehensive list, the resource listed in [1] should be consulted.

The most important packages that are used in practice are java.security, javax.
crypto, javax.crypto.interfaces, java.security.interfaces, javax.crypto.spec,
java.security.cert, and java.security.spec.

Data Encryption
To work with data encryption, the Cipher class offers the right tools (e.g., functions,
methods, etc.). The Cipher class is part of the javax.crypto package.
The workflow is straightforward to follow, as shown here and in Listing 4-1:

1. Declare a KeyPairGenerator object.

2. The KeyPairGenerator has to be initialized accordingly,

specifying the algorithm that will be used.

36
Another Random Document on
Scribd Without Any Related Topics
100—Dick Merriwell’s Intuition
191—Dick Merriwell’s Placer Find

To be published in May, 1928.

192—Dick Merriwell’s Fighting Chance

193—Frank Merriwell’s Tact

To be published in June, 1928.

194—Frank Merriwell’s Puzzle

195—Frank Merriwell’s Mystery

RATTLING GOOD ADVENTURE

SPORT STORIES
Stories of the Big Outdoors
There has been a big demand for outdoor stories, and a very
considerable portion of it has been for the Maxwell Stevens stories
about Jack Lightfoot, the athlete.
These stories are not, strictly speaking, stories for boys, but boys
everywhere will find a great deal in them to interest them.
ALL TITLES ALWAYS IN PRINT

1—Jack Lightfoot, the Athlete

2—Jack Lightfoot’s Crack Nine
3—Jack Lightfoot Trapped
4—Jack Lightfoot’s Rival
5—Jack Lightfoot in Camp
6—Jack Lightfoot’s Canoe Trip
7—Jack Lightfoot’s Iron Arm
8—Jack Lightfoot’s Hoodoo
9—Jack Lightfoot’s Decision
10—Jack Lightfoot’s Gun Club
11—Jack Lightfoot’s Blind
12—Jack Lightfoot’s Capture
13—Jack Lightfoot’s Head Work
14—Jack Lightfoot’s Wisdom

The Dealer
who handles the STREET & SMITH NOVELS is a man worth
patronizing. The fact that he does handle our books proves that he
has considered the merits of paper-covered lines, and has decided
that the STREET & SMITH NOVELS are superior to all others.
He has looked into the question of the morality of the paper-
covered book, for instance, and feels that he is perfectly safe in
handing one of our novels to any one, because he has our assurance
that nothing except clean, wholesome literature finds its way into
our lines.
Therefore, the STREET & SMITH NOVEL dealer is a careful and
wise tradesman, and it is fair to assume selects the other articles he
has for sale with the same degree of intelligence as he does his
paper-covered books.
Deal with the STREET & SMITH NOVEL dealer.
STREET & SMITH CORPORATION
79 Seventh Avenue New York City
*** END OF THE PROJECT GUTENBERG EBOOK CAPTAIN SPARKLE,
PIRATE; OR, A HARD MAN TO CATCH ***

Updated editions will replace the previous one—the old editions will
be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright in
these works, so the Foundation (and you!) can copy and distribute it
in the United States without permission and without paying
copyright royalties. Special rules, set forth in the General Terms of
Use part of this license, apply to copying and distributing Project
Gutenberg™ electronic works to protect the PROJECT GUTENBERG™
concept and trademark. Project Gutenberg is a registered trademark,
and may not be used if you charge for an eBook, except by following
the terms of the trademark license, including paying royalties for use
of the Project Gutenberg trademark. If you do not charge anything
for copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such as
creation of derivative works, reports, performances and research.
Project Gutenberg eBooks may be modified and printed and given
away—you may do practically ANYTHING in the United States with
eBooks not protected by U.S. copyright law. Redistribution is subject
to the trademark license, especially commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the free

distribution of electronic works, by using or distributing this work (or
any other work associated in any way with the phrase “Project
Gutenberg”), you agree to comply with all the terms of the Full
Project Gutenberg™ License available with this file or online at
www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand, agree
to and accept all the terms of this license and intellectual property
(trademark/copyright) agreement. If you do not agree to abide by all
the terms of this agreement, you must cease using and return or
destroy all copies of Project Gutenberg™ electronic works in your
possession. If you paid a fee for obtaining a copy of or access to a
Project Gutenberg™ electronic work and you do not agree to be
bound by the terms of this agreement, you may obtain a refund
from the person or entity to whom you paid the fee as set forth in
paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only be

used on or associated in any way with an electronic work by people
who agree to be bound by the terms of this agreement. There are a
few things that you can do with most Project Gutenberg™ electronic
works even without complying with the full terms of this agreement.
See paragraph 1.C below. There are a lot of things you can do with
Project Gutenberg™ electronic works if you follow the terms of this
agreement and help preserve free future access to Project
Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright law
in the United States and you are located in the United States, we do
not claim a right to prevent you from copying, distributing,
performing, displaying or creating derivative works based on the
work as long as all references to Project Gutenberg are removed. Of
course, we hope that you will support the Project Gutenberg™
mission of promoting free access to electronic works by freely
sharing Project Gutenberg™ works in compliance with the terms of
this agreement for keeping the Project Gutenberg™ name associated
with the work. You can easily comply with the terms of this
agreement by keeping this work in the same format with its attached
full Project Gutenberg™ License when you share it without charge
with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the
terms of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.

1.E. Unless you have removed all references to Project Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project Gutenberg™
work (any work on which the phrase “Project Gutenberg” appears,
or with which the phrase “Project Gutenberg” is associated) is
accessed, displayed, performed, viewed, copied or distributed:
This eBook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this eBook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is derived

from texts not protected by U.S. copyright law (does not contain a
notice indicating that it is posted with permission of the copyright
holder), the work can be copied and distributed to anyone in the
United States without paying any fees or charges. If you are
redistributing or providing access to a work with the phrase “Project
Gutenberg” associated with or appearing on the work, you must
comply either with the requirements of paragraphs 1.E.1 through
1.E.7 or obtain permission for the use of the work and the Project
Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is posted

with the permission of the copyright holder, your use and distribution
must comply with both paragraphs 1.E.1 through 1.E.7 and any
additional terms imposed by the copyright holder. Additional terms
will be linked to the Project Gutenberg™ License for all works posted
with the permission of the copyright holder found at the beginning
of this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files containing a
part of this work or any other work associated with Project
Gutenberg™.

1.E.5. Do not copy, display, perform, distribute or redistribute this

electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1
with active links or immediate access to the full terms of the Project
Gutenberg™ License.

1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if you
provide access to or distribute copies of a Project Gutenberg™ work
in a format other than “Plain Vanilla ASCII” or other format used in
the official version posted on the official Project Gutenberg™ website
(www.gutenberg.org), you must, at no additional cost, fee or
expense to the user, provide a copy, a means of exporting a copy, or
a means of obtaining a copy upon request, of the work in its original
“Plain Vanilla ASCII” or other form. Any alternate format must
include the full Project Gutenberg™ License as specified in
paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™ works
unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or providing

access to or distributing Project Gutenberg™ electronic works
provided that:

• You pay a royalty fee of 20% of the gross profits you

derive from the use of Project Gutenberg™ works
calculated using the method you already use to calculate
your applicable taxes. The fee is owed to the owner of the
Project Gutenberg™ trademark, but he has agreed to
donate royalties under this paragraph to the Project
Gutenberg Literary Archive Foundation. Royalty payments
must be paid within 60 days following each date on which
you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly
marked as such and sent to the Project Gutenberg Literary
Archive Foundation at the address specified in Section 4,
“Information about donations to the Project Gutenberg
Literary Archive Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of
receipt that s/he does not agree to the terms of the full
Project Gutenberg™ License. You must require such a user
to return or destroy all copies of the works possessed in a
physical medium and discontinue all use of and all access to
other copies of Project Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full

refund of any money paid for a work or a replacement
copy, if a defect in the electronic work is discovered and
reported to you within 90 days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™

electronic work or group of works on different terms than are set
forth in this agreement, you must obtain permission in writing from
the Project Gutenberg Literary Archive Foundation, the manager of
the Project Gutenberg™ trademark. Contact the Foundation as set
forth in Section 3 below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on, transcribe
and proofread works not protected by U.S. copyright law in creating
the Project Gutenberg™ collection. Despite these efforts, Project
Gutenberg™ electronic works, and the medium on which they may
be stored, may contain “Defects,” such as, but not limited to,
incomplete, inaccurate or corrupt data, transcription errors, a
copyright or other intellectual property infringement, a defective or
damaged disk or other medium, a computer virus, or computer
codes that damage or cannot be read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for

the “Right of Replacement or Refund” described in paragraph 1.F.3,
the Project Gutenberg Literary Archive Foundation, the owner of the
Project Gutenberg™ trademark, and any other party distributing a
Project Gutenberg™ electronic work under this agreement, disclaim
all liability to you for damages, costs and expenses, including legal
fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR
NEGLIGENCE, STRICT LIABILITY, BREACH OF WARRANTY OR
BREACH OF CONTRACT EXCEPT THOSE PROVIDED IN PARAGRAPH
1.F.3. YOU AGREE THAT THE FOUNDATION, THE TRADEMARK
OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL
NOT BE LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT,
CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES EVEN IF
YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you

discover a defect in this electronic work within 90 days of receiving
it, you can receive a refund of the money (if any) you paid for it by
sending a written explanation to the person you received the work
from. If you received the work on a physical medium, you must
return the medium with your written explanation. The person or
entity that provided you with the defective work may elect to provide
a replacement copy in lieu of a refund. If you received the work
electronically, the person or entity providing it to you may choose to
give you a second opportunity to receive the work electronically in
lieu of a refund. If the second copy is also defective, you may
demand a refund in writing without further opportunities to fix the
problem.

1.F.4. Except for the limited right of replacement or refund set forth
in paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of damages.
If any disclaimer or limitation set forth in this agreement violates the
law of the state applicable to this agreement, the agreement shall be
interpreted to make the maximum disclaimer or limitation permitted
by the applicable state law. The invalidity or unenforceability of any
provision of this agreement shall not void the remaining provisions.

1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation,

the trademark owner, any agent or employee of the Foundation,
anyone providing copies of Project Gutenberg™ electronic works in
accordance with this agreement, and any volunteers associated with
the production, promotion and distribution of Project Gutenberg™
electronic works, harmless from all liability, costs and expenses,
including legal fees, that arise directly or indirectly from any of the
following which you do or cause to occur: (a) distribution of this or
any Project Gutenberg™ work, (b) alteration, modification, or
additions or deletions to any Project Gutenberg™ work, and (c) any
Defect you cause.

Section 2. Information about the Mission

of Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new computers.
It exists because of the efforts of hundreds of volunteers and
donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project Gutenberg™’s
goals and ensuring that the Project Gutenberg™ collection will
remain freely available for generations to come. In 2001, the Project
Gutenberg Literary Archive Foundation was created to provide a
secure and permanent future for Project Gutenberg™ and future
generations. To learn more about the Project Gutenberg Literary
Archive Foundation and how your efforts and donations can help,
see Sections 3 and 4 and the Foundation information page at
www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-profit
501(c)(3) educational corporation organized under the laws of the
state of Mississippi and granted tax exempt status by the Internal
Revenue Service. The Foundation’s EIN or federal tax identification
number is 64-6221541. Contributions to the Project Gutenberg
Literary Archive Foundation are tax deductible to the full extent
permitted by U.S. federal laws and your state’s laws.

The Foundation’s business office is located at 809 North 1500 West,

Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up
to date contact information can be found at the Foundation’s website
and official page at www.gutenberg.org/contact

Section 4. Information about Donations to

the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission of
increasing the number of public domain and licensed works that can
be freely distributed in machine-readable form accessible by the
widest array of equipment including outdated equipment. Many
small donations ($1 to $5,000) are particularly important to
maintaining tax exempt status with the IRS.

The Foundation is committed to complying with the laws regulating

charities and charitable donations in all 50 states of the United
States. Compliance requirements are not uniform and it takes a
considerable effort, much paperwork and many fees to meet and
keep up with these requirements. We do not solicit donations in
locations where we have not received written confirmation of
compliance. To SEND DONATIONS or determine the status of
compliance for any particular state visit www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states where

we have not met the solicitation requirements, we know of no
prohibition against accepting unsolicited donations from donors in
such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot make

any statements concerning tax treatment of donations received from
outside the United States. U.S. laws alone swamp our small staff.

Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.

Section 5. General Information About

Project Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could be
freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose network of
volunteer support.
Project Gutenberg™ eBooks are often created from several printed
editions, all of which are confirmed as not protected by copyright in
the U.S. unless a copyright notice is included. Thus, we do not
necessarily keep eBooks in compliance with any particular paper
edition.

Most people start at our website which has the main PG search
facility: www.gutenberg.org.

This website includes information about Project Gutenberg™,

including how to make donations to the Project Gutenberg Literary
Archive Foundation, how to help produce our new eBooks, and how
to subscribe to our email newsletter to hear about new eBooks.
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.