1 / 24

Cryptography & Network Security Exercise 2

Cryptography & Network Security Exercise 2. MSc. NGUYEN CAO DAT. Goals. Learn about JCA (Java Cryptography Architecture) Understand the JCE (Java Cryptography Extension) How to use Java Crypto API’s How to use Java BigInteger class. References.

jadzia
Télécharger la présentation

Cryptography & Network Security Exercise 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography & Network SecurityExercise 2 MSc. NGUYEN CAO DAT

  2. Goals • Learn about JCA (Java Cryptography Architecture) • Understand the JCE (Java Cryptography Extension) • How to use Java Crypto API’s • How to use Java BigInteger class

  3. References • [1].Java Cryptography, Jonathan Knudsen, O'Reilly Media, 2010. • [2].http://download.oracle.com/javase/1.4.2/docs/guide/security/CryptoSpec.html • [3].http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html • [4].http://download.oracle.com/javase/1.4.2/docs/api/java/math/BigInteger.html

  4. Introduction (1/2) • JDK Security API • Core API for Java • Built around the java.security package • First release of JDK Security introduced "Java Cryptography Architecture" (JCA) • Framework for accessing and developing cryptographic functionality • JCA encompasses • Parts of JDK 1.2 Security API related to cryptography • Architecture that allows for multiple and interoperable cryptography implementations

  5. Introduction (2/2) • The Java Cryptography Extension (JCE) • Extends JCA ->javax.crypto.* • Includes APIs for encryption, key exchange, and Message Authentication Code (MAC) • Multiple “providers” supported • Keys & certificates in “keystore” database

  6. Design Principles • Implementation independence and interoperability • "provider“ based architecture • Set of packages implementing cryptographic services • Programs request a particular type of object • Various implementations working together, use each other's keys, or verify each other's signatures • Algorithm independence and extensibility • Cryptographic classes providing the functionality • Classes are called engine classes, example Signature • Addition of new algorithms straight forward

  7. Architecture (1/2)

  8. Architecture (2/2) • Cryptographic Service Providers • Sun, SunJSSE, SunJCE, SunRsaSign • SUN provider (default) • JCA provides APIs to query providers and services • Key management • “keystore” database: keys and certificates • Available to applications • Authentication • Signing

  9. JCA Overview • Core classes and interfaces related to Java cryptography • Contains 2 provider classes that are used to manage and maintain the service providers • Provider: class that represents a cryptographic service provider • Security: class that manages the installed providers and their security properties • Contains a number of engine classes which are used to interface with cryptographic services

  10. JCA Engine Classes • MessageDigest: used to implement one-way hash functions such as MD5 or SHA • Signature: used to implement digital signatures • KeyPairGenerator: used to create public/private key pairs for different algorithms • KeyFactory: used to convert keys into key specifications and then vice-versa • CertificateFactory: used to generate certificates • KeyStore: used to create a keystore which maintains keys and certificates in memory for later usage • AlgorithmParameters: used to maintain the security parameters for specific algorithms • AlgorithmParameterGenerator: used to create a set of parameters to be used for specific algorithms • SecureRandom: used to create random or pseudo-random numbers

  11. Create Message Digest byte[] dataBytes = “This is test data”.getBytes(); MessageDigest md = MessageDigest.getInstance("SHA1"); md.update(dataBytes); byte[] digest = md.digest(); First, the test data is populated. Second, a concrete message digest object is created with SHA1 as the cryptographic algorithm Third, the message digest object is updated; i.e. the digest is updated using the current bytes Finally, the digest method completes the algorithm JcaMessageDigest.java JCA Examples (1/2)

  12. Create Keystore KeyStore ks = KeyStore.getInstance("JCEKS"); ks.load(null,password.toCharArray()); java.io.FileOutputStream fos = new java.io.FileOutputStream(keyFilePath); ks.store(fos, password.toCharArray()); fos.close(); First, create the concrete KeyStore object. Second, load “ks” with a null input Third, create the output stream to save the file. Fourth, the store method saves the KeyStore to the file specified and protects it with the password Finally, close the output stream. JcaCertificateTest.java JCA Examples (2/2)

  13. JCE Overview • Originally created as an optional extension package for cryptographic services subject to U.S. export controls • Uses JCA’s “provider” and “security” classes to manage its service providers • Comprised of all “engine” classes

  14. JCE Engine Classes • Cipher: provides encryption and decryption functionality • CipherInputStream & CipherOutputStream: used as a convenient way to encrypt or decrypt information using streams • Mac: used to check the integrity of messages based on a secret key • KeyGenerator: used to generate symmetric keys • SecretKeyFactory: similar to the KeyFactory of JCA which converts keys into key specifications and vice-versa • SealedObject: used to create a serialized object which is protected using cryptography • KeyAgreement: provides functionality to use a key agreement protocol • Interfaces: provides interfaces for Diffie-Hellman keys • Spec: similar to algorithmParamaters of JCA which provides key and parameter specifications for different algorithms

  15. Generate Secret Key KeyGenerator kg = KeyGenerator.getInstance(“DES”); SecretKey sKey = kg.generateKey(); A secret key is used for symmetric encryption/decryption First, create a concrete key generator object; in this case a DES key Second, create a SecretKey object and call the generateKey method of the KeyGenerator object to retrieve the key JceSecretKeyTest.java JCE Examples (1/2)

  16. Encrypt byte[] testdata = “Understanding Java Cryptography”.getBytes(); Cipher myCipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); myCipher.init(Cipher.ENCRYPT_MODE, sKey); byte[] cipherText = myCipher.doFinal(testdata); First, load some test data. Second, create a concrete Cipher object Third, initialize the cipher with the secret key for encryption Finally, the doFinal method actually encrypts the data JCE Examples (2/2)

  17. Examples • An application to encrypt text files • An application to decrypt text files

  18. Provider Class • Providers are installed in a given preference order, the order in which the provider list is searched if a specific provider is not requested. • Example • PROVIDER1 • SHA1withDSA, SHA-1, MD5, DES, and DES3 • Preference order 1 • PROVIDER2 • SHA1withDSA, MD2, MD5, RC4, and RSA • Preference order 2 Signature dsa = Signature.getInstance("SHA1withDSA","PROVIDER_2");

  19. Installing Providers • Installing the Provider Classes (two ways) • Place a zip or JAR file containing the classes anywhere in your classpath. • Supply your provider JAR file as an "installed" or "bundled" extension.  • Configuring the Provider • Add the provider to your list of approved providers • Static method • Edit the java.security file in the lib/security directory of the SDK • security.provider.n=masterClassName

  20. Security class • Manage installed providers and security-wide properties • Only static methods and never instantiated • The methods for adding or removing providers, and for setting Security properties. • Can only be executed by a trusted program, that is: • Local application not running a security manager • An applet or application with permission

  21. Java BigInteger class (1/3) • Constructor public BigInteger(String val) throws NumberFormatException • Example BigInteger m = new BigInteger(“92387569832653429874569286898623498”)

  22. Java BigInteger class (2/3) • Methods • public BigInteger add(BigInteger val) • public BigInteger subtract(BigInteger val) • public BigInteger multiply(BigInteger val) • public BigInteger divide(BigInteger val) throws ArithmeticException • public BigInteger remainder(BigInteger val)throws ArithmeticException

  23. Java BigInteger class (3/3) • Others methods • public BigInteger modPow(BigInteger e, BigInteger m) : a^e (mod m) • public BigInteger modInverse(BigInteger m) throws ArithmeticException: • public BigInteger shiftLeft(int n) • public BigInteger shiftRight(int n) • Example

  24. Exercises • 1. Run the programs above • Check if you can supply a key as user input? • What other encryption algorithms you may use? And Try them. • Write a java program to retrieve the HTML file at URL http://www.cse.hcmut.edu.vn/ , encrypt the contents and store it into a local file “index.enc”, then decrypt the file “index.enc” and store it into a local file “index.dec”. • Try to encrypt your emails sent to your friends.

More Related