1 / 10

TMNS Security Workshop Java part

Join our Java Cryptography workshop to learn about Java virtual machine features, the concept of 'sandbox' for applets, dynamic security JAAS, declarative security J2EE, and cryptography in Java.

dhawley
Télécharger la présentation

TMNS Security Workshop Java part

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TMNS Security WorkshopJava part September 11, 2003 www.tmns.com

  2. Overview • Java virtual machine features • Concept of ‘sandbox’ for Applets • Dynamic security JAAS • Declarative security J2EE • Cryptography www.tmns.com

  3. Java Cryptography Extension • Part of J2SE > 1.4.0 • Relies on ‘service provider’ • Unapproved providers cannot plug-in • Strength is dependent on ‘jurisdiction’ of application www.tmns.com

  4. Built-in provider • SunJCE • DES • DESede • AES (with Java 2 SDK, v 1.4.2) • Blowfish • PBEWithMD5AndDES • PBEWithMD5AndTripleDES • Diffie-Hellman key agreement among multiple parties • HmacMD5 • HmacSHA1 www.tmns.com

  5. Adding a provider (1) • Make sure JDK is first in path !!!! • Fetch Cryptix stuff • http://cryptix.org/products/jce/ • Bottom of page, 800 Kbyte • Unzip and copy to <jre>/lib/ext • Cryptix-jce-provider.jar www.tmns.com

  6. Adding a provider (2) Partial contents of <jdk>\jre\lib\security\java.security # # List of providers and their preference orders (see above): # security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.sun.rsajca.Provider security.provider.4=com.sun.crypto.provider.SunJCE security.provider.5=sun.security.jgss.SunProvider Security.provider.6=cryptix.jce.provider.CryptixCrypto www.tmns.com

  7. Let’s verify the providers • Fetch Java examples and source • www.waltersnel.nl • Unjar source • Jar xf tmnsJceExamplesSource.jar • Run provider overview • Java –cp tmnsJceExamples com.tmns.security.ProviderOverview • Was cryptix provider recognized ? www.tmns.com

  8. We just added… • Ciphers • Blowfish, CAST5, DES, IDEA, MARS, RC2, RC4, RC6, Rijndael, Serpent, SKIPJACK, Square, TripleDES, Twofish • KeyAgreements • Diffie-Hellman • Modes • CBC, CFB-(8, 16, 24, ..., blocksize), ECB, OFB-(blocksize), openpgpCFB • Hashes • MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-0, SHA-1, SHA-256/384/512, Tiger • MACs • HMAC-MD2, HMAC-MD4, HMAC-MD5, HMAC-RIPEMD-128, HMAC-RIPEMD-160, HMAC-SHA-0, HMAC-SHA-1, HMAC-Tiger • Signatures • RawDSA, RSASSA-PKCS1, RSASSA-PSS • Assymetric ciphers • RSAES-OAEP, RSA/PKCS#1, ElGamal/PKCS#1 • SecureRandom SPIs • /dev/urandom on systems that support it (FreeBSD, Linux, OpenBSD and possibly other UNIXen) www.tmns.com

  9. The examples (1) • Com.tmns.security.ProviderOverview • Lists recognized providers • Com.tmns.security.MessageDigestDemo • Generates RIPEMD-128 hash • Com.tmns.security.SymCipherDemo • DES (56 bit) symmetric encryption • Com.tmns.security.AsymCipherDemo • RSA signature, verification and encryption • Com.tmns.security.printCertificateInfo • Reads X509 certificate (.pem) www.tmns.com

  10. The examples (2) • Com.tmns.security.CertStoreDemo • Creates in-memory certificate store • Com.tmns.security.PrintCertPath • Finds certificate path www.tmns.com

More Related