Cryptography with Java
- May 28, 2004
- Example Programs and crypttool
- Cryptographic Services and Providers
- Cryptographic Keys
- Encryption and Decryption
- Message Digest
- Message Authentication Code
- Digital Signature
- Key Agreement
- Summary of Cryptographic Operations
- Cryptography with crypttool
- Limited versus Unlimited Cryptography
- Performance of Cryptographic Operations
- Practical Applications
- Legal Issues with Cryptography
- Further Reading
Cryptography, or the art, science and mathematics of keeping messages secure, is at the heart of modern computer security. Primitive cryptographic operations such as one-way hash functions, also known as message digests, and encryption, either with symmetric or asymmetric algorithms, form the basis for higher level mechanisms such as MAC (Message Authentication Code), digital signature and certificates. At yet another level, these are merely building blocks for security infrastructure consisting of PKI, secure communication protocols such as SSL and SSH, and products incorporating these technologies.
The study of principles and algorithms behind these cryptographic operations and security protocols is fascinating but of little practical relevance to a Java programmer. A typical Java programmer programs at a much higher level, dealing mostly with the APIs, configuration options, proper handling of cryptographic entities such as certificates and keystores, and interfacing with other security products to satisfy the application's security needs. At times, there may be decisions to be made with respect to the most appropriate mechanism, algorithms, parameters and other relevant aspects for solving the problem at hand. At other times, the challenge may be to design the application so that it can be deployed under different situations to satisfy different security and performance needs. At yet other times, the primary objective may be simply to achieve the best possible performance, scalability and availability of the application without compromising the level of security by selecting the right security products. Our discussion of cryptography with Java in this and subsequent chapters is structured around this notion of usefulness and practicality to a typical Java programmer.
Two Java APIs, JCA (Java Cryptography Architecture) and JCE (Java Cryptography Extension) both part of J2SE SDK v1.4, define the general architecture and specific services for cryptographic operations. Among these, JCA was introduced first and specifies the architectural framework for cryptographic support in Java. It also includes Java classes for digital signature, message digest and other associated services. JCE classes follow the same general structure as JCA classes, and include classes for encryption and decryption, MAC computation and a few others. We discuss the JCA architectural framework and explore various cryptographic services available with JCA and JCE in this chapter. Toward this, we develop simple programs making use of these APIs and look at their source code.
Though we talk about some of the JCA and JCE APIs and present code fragments, the discussion of Java interfaces, classes and methods is anything but exhaustive. Our intent is to get a better view of the overall picture and understand their inter-relations. If you do need the complete information on any specific topic, refer to the J2SE SDK Javadocs and the respective specification documents. Keep in mind that the purpose of this chapter is to make you, a Java and J2EE programmer, feel at home with cryptographic capabilities of Java and not to make you an expert on developing security software.
Example Programs and crypttool
As mentioned in the JSTK (Java Security Tool Kit) section of the Preface, this book is accompanied by a collection of utilities and example programs, termed as JSTK software. This software includes not only the source files of example programs presented throughout this book but also the various utility programs that I wrote in the course of researching and using Java APIs for this book. Refer to Appendix C for more information on this software.
Example programs are usually good for illustrating use of specific APIs but are not written for flexible handling of input, output and other user specified parameters. In this book, we come across situations when it would be handy to have a tool that could perform some of the operations illustrated earlier in the text but in a more flexible manner. You will find most operations of this kind available through an appropriate command line tool packaged within JSTK.
Example programs illustrated in this chapter can be found in the directory %JSTK_HOME%\src\jsbook\ch3\ex1, where the environment variable JSTK_HOME points to the JSTK home directory. The utility program covering most of the operations is crypttool and can be invoked by command "bin\crypttool" on a Windows machine and by "bin/crypttool.sh" on a UNIX or Linux machine, from the JSTK home directory. We talk more about this utility in later in this chapter.