1 / 17

Java Cryptography Extension

Topics. What is JCEWhat is in Sun's JCE ProviderArchitectureFeaturesInstallationPassword Based Encryption (PBE) PBE ExampleKey Agreement Protocols: Diffie-HellmanKAP ExampleOther PackagesConclusion. What is JCE. Provides a standard for encryption API'sProvides a frame work for multiple Cr

tehya
Télécharger la présentation

Java Cryptography Extension

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Java Cryptography Extension Richard Cannings Department of Mathematics University of Calgary

    2. Topics What is JCE What is in Suns JCE Provider Architecture Features Installation Password Based Encryption (PBE) PBE Example Key Agreement Protocols: Diffie-Hellman KAP Example Other Packages Conclusion

    3. What is JCE Provides a standard for encryption APIs Provides a frame work for multiple Cryptography Service Providers (CSP) Sun provides a reference Provider Designed for Export

    4. What is in Suns JCE Provider Symmetric Key Cryptosystems (SKC) DES, Triple DES, Blowfish Password Based Encryption (PBE) MD5 with DES, MD5 with Triple DES Message Authentication Codes (MAC) MD5, SHA1 Key Agreement Protocols (KAP) Diffie-Hellman

    5. JCE Architecture

    6. Features Unapproved Providers can not plugin Providers unusable without framework Crypto Strength is automatically configured by the jurisdiction of the application

    7. Installation Download and Unzip JCE Add all the JAR files as an extension Set permissions for the JCE

    8. Installation (Contd) Register the SunJCE Provider Statically, by adding the following to java.security: security.provider.N=com.sun.crypto.provider.SunJCE Or dynamically, by adding the following into each application: Security.addProvider(new com.sun.crypto.provider.SunJCE());

    9. Password Based Encryption (PBE) A secure method of encrypting data with a password. To encrypt, enter a password and to decrypt you must enter the exact same password. A Symmetric Key Cryptosystem (SKC)

    10. PBE Example: Creating the Cipher Cipher c; PBEParameterSpec paramSpec; SecretKey passwordKey; paramSpec = new PBEParameterSpec( salt, 20 ); PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray()); SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); passwordKey = kf.generateSecret( keySpec ); c = Cipher.getInstance("PBEWithMD5AndDES");

    11. PBE Example: Encrypting public void encrypt(DataInputStream dis, DataOutputStream dos) throws Exception { c.init(Cipher.ENCRYPT_MODE, passwordKey, paramSpec); CipherInputStream cis = new CipherInputStream( dis, c ); int i; while ( (i = cis.read()) >= 0 ) { dos.write(i); } }

    12. Key Agreement Protocols: Diffie-Hellman Setup: An appropriate prime p and prime a, 2<a<p, are selected and publicly published. Protocol Messages: A sends B: ax % p, for any 1 <= x <= p-2 B sends A: ay % p, for any 1 <= y <= p-2 Protocol Actions: B receives ax and calculates K=(ax)y B receives ay and calculates K=(ay)x

    13. KAP Example: Creating Key Pairs KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH"); aliceKpairGen.initialize(dhSkipParamSpec); // dbSkipParamSpec defines how the numbers will be create. KeyPair aliceKpair = aliceKpairGen.generateKeyPair(); // Alice creates and initializes her DH KeyAgreement object KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH"); aliceKeyAgree.init(aliceKpair.getPrivate()); // send byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded(); // to Bob. // Bob will now to the same

    14. KAP Example: Encoding the public key and perform the exponentiation KeyFactory bobKeyFac = KeyFactory.getInstance("DH"); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc); PublicKey alicePubKey = bobKeyFac.generatePublic(x509KeySpec); // perform the exponentiation bobKeyAgree.doPhase(alicePubKey, true); // Alice now does the same

    15. Other Packages Baltimore KeyTools (http://www.baltimore.com) RSA JSafe (in the JSSE) (http://www.rsasecurity.com)

    16. Conclusion More flexible than JSSE Completely free including Baltimores KeyTool. All the cryptography primitives necessary for secure, authenticated, and integral communication

    17. Assignment Choose 1 of 2 assignments Implement the DH Algorithm Or Add Public Key Cryptography to the ChatClient/ChatServer suite.

More Related