Transcript Document

Java supports encryption by a wide variety of packages:
• The standard java.security package
• The standard javax.crypto package
• Packages supplied by third parties
www.cryptix.org
www.bouncycastle.org
copy jar files onto your machine
& include in CLASSPATH
setenv CLASSPATH .:/Users/driley/Library/bcprov-jdk15-130.jar
Edit the java.security file to include the provider.
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=com.apple.crypto.provider.Apple
...
security.provider.8=org.bouncycastle.jce.provider.BouncyCastleProvider
As of Java 1.4 the SunJCE is a built-in provider.
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html
The Java encryption packages include classes that are useful for generating keys.
java.security.Key
java.security.KeyPair
javax.crypto.KeyGenerator
java.security.KeyPairGenerator
java.security.SecureRandom
Two Steps for generating a new key (or pair)
1) Create generator key/pair by calling a static method named getInstance).
2) Call generateKey object, passing a random number.
Sample Symmetric Code
1) KeyGenerator generator = KeyGenerator.getInstance(“DESede”);
2)
generator.init(new SecureRandom());
Key key = generator.generateKey();
Sample Public-key Code
1) KeyPairGenerator generator = KeyPairGenerator.getInstance(“RSA”);
2)
generator.initialize(2048, new SecureRandom());
KeyPair keyPair = generator.generateKeyPair();
Four Steps for encrypting/decrypting
1) Create an encrypting object using javax.crypto.Cipher.
(This is done by calling a static method named getInstance).
2) Call init on the Cipher object, passing the key & setting the mode to encrypt/decrypt.
3) Fill a byte array from plaintext to be encrypted (or ciphertext to be decrypted).
4) Call doFinal on the object, passing the byte array; this returns the result of
encrypting/decrypting.
• getInstance specifies algorithm via 1st argument String
Algorithm/ChainingMode/Padding
• getInstance specifies supplier via second (optional) argument
Four Steps for encrypting/decrypting
1) Create an encrypting object using javax.crypto.Cipher.
(This is done by calling a static method named getInstance).
2) Call init on the Cipher object, passing the key & setting the mode to encrypt/decrypt.
3) Fill a byte array from plaintext to be encrypted (or ciphertext to be decrypted).
4) Call doFinal on the object, passing the byte array; this returns the result of
encrypting/decrypting.
Symmetric Sample
1) Cipher encoder = Cipher.getInstance(“DESede/ECB/PKCS5Padding”);
2) encoder.init(Cipher.ENCRYPT_MODE, key);
3) byte[] buffer = getPlaintext();
4) byte[] encodedMsg = encoder.doFinal(buffer);
must be encoder.getBlockSize() or smaller
1) Cipher decoder = Cipher.getInstance(“DESede/ECB/PKCS5Padding”);
2) decoder.init(Cipher.DECRYPT_MODE, key);
3) byte[] buffer = getCiphertext();
4) byte[] decodedMsg = decoder.doFinal(buffer);
Four Steps for encrypting/decrypting
1) Create an encrypting object using javax.crypto.Cipher.
(This is done by calling a static method named getInstance).
2) Call init on the Cipher object, passing the key & setting the mode to encrypt/decrypt.
3) Fill a byte array from plaintext too be encrypted (or ciphertext to be decrypted).
4) Call doFinal on the object, passing the byte array; this returns the result of
encrypting/decrypting.
Public-key Sample
1) Cipher encoder = Cipher.getInstance(“RSA/NONE/PKCS1Padding”, “BC”);
2) encoder.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
3) byte[] buffer = getPlaintext();
4) byte[] encodedMsg = encoder.doFinal(buffer);
must be encoder.getBlockSize() or smaller