- Example Programs and crypttool
- Cryptographic Services and Providers
- Cryptographic Keys
- Encryption and Decryption
- Message Digest
- Message Authentication Code
- Digital Signature
- Key Agreement
- Summary of Cryptographic Operations
- Cryptography with crypttool
- Limited versus Unlimited Cryptography
- Performance of Cryptographic Operations
- Practical Applications
- Legal Issues with Cryptography
- Further Reading
Summary of Cryptographic Operations
We have covered a number of cryptographic operations, their characteristics and uses in the previous sections. Let us recap the main points with help of Figure 3-3.
Figure 3-3. Cryptographic operations and their uses.
Here is the basic scenario: Alice has some data she wants to share with Bob. Depending upon the situation, she could use one or more of the cryptographic operations discussed in this chapter, as explained below.
Ensure that the data has not been accidentally corrupted. Alice computes the digest of the data and sends the digest value along with the message. Bob, after receiving the data, computes the digest and matches it against the received value. A successful match implies that the data is not corrupted.
Ensure that the data has not been maliciously modified. In this case, Alice cannot rely on digest value, as the malicious middleman could simply replace the digest value after modifying the data. So, she arranges to share a secret key with Bob and uses this key to compute the MAC of the data. Not being in the possession of the secret key, the middleman now cannot replace the MAC.
Ensure that the data remains confidential. Alice shares a secret key with Bob and uses this key to encrypt the data with a symmetric encryption algorithm.
Ensure that the data remains confidential but without a shared secret key. Alice has Bob's public key. She uses this key to encrypt the data. Bob decrypts it using his private key.
Prove to Bob that the data has come from Alice. Alice uses her private key to sign the data. Bob can verify the signature using her public key and be sure that the data indeed originated from Alice. This also guarantees that the data has not been modified in transit.
Prove to Bob that the data came from Alice and keep it confidential. Alice signs the data with her private key and then encrypts it using Bob's public key. Bob decrypts it using his private key and verifies the signature using Alice's public key.
J2SE SDK includes classes to carry out these operations programmatically but includes no ready-made tool. As mentioned earlier, JSTK software includes a tool called cryptool written using these classes. The next section talks about this tool. You may find it useful to experiment with different input values for cryptographic operation, keys, algorithm and input data.