Cryptography & Network security exercise 2
Others methods
public BigInteger modPow(BigInteger e,
BigInteger m) : a^e (mod m)
public BigInteger modInverse(BigInteger m)
throws ArithmeticException:
public BigInteger shiftLeft(int n)
public BigInteger shiftRight(int n)
24 trang |
Chia sẻ: nguyenlam99 | Lượt xem: 807 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Cryptography & Network security exercise 2, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
Cryptography & Network Security
Exercise 2
MSc. NGUYEN CAO DAT
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Goals
Learn about JCA (Java Cryptography
Architecture)
Understand the JCE (Java
Cryptography Extension)
How to use Java Crypto API’s
How to use Java BigInteger class
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
References
[1].Java Cryptography, Jonathan Knudsen,
O'Reilly Media, 2010.
[2].
2/docs/guide/security/CryptoSpec.html
[3].
cs/technotes/guides/security/crypto/Crypt
oSpec.html
[4].
2/docs/api/java/math/BigInteger.html
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Introduction (1/2)
• JDK Security API
• Core API for Java
• Built around the java.security package
• First release of JDK Security introduced "Java
Cryptography Architecture" (JCA)
• Framework for accessing and developing cryptographic
functionality
• JCA encompasses
• Parts of JDK 1.2 Security API related to cryptography
• Architecture that allows for multiple and interoperable
cryptography implementations
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Introduction (2/2)
• The Java Cryptography Extension (JCE)
• Extends JCA -> javax.crypto.*
• Includes APIs for encryption, key exchange, and Message
Authentication Code (MAC)
• Multiple “providers” supported
• Keys & certificates in “keystore” database
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Design Principles
• Implementation independence and interoperability
• "provider“ based architecture
• Set of packages implementing cryptographic services
• Programs request a particular type of object
• Various implementations working together, use each other's
keys, or verify each other's signatures
• Algorithm independence and extensibility
• Cryptographic classes providing the functionality
• Classes are called engine classes, example Signature
• Addition of new algorithms straight forward
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Architecture (1/2)
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Architecture (2/2)
• Cryptographic Service Providers
• Sun, SunJSSE, SunJCE, SunRsaSign
• SUN provider (default)
• JCA provides APIs to query providers and
services
• Key management
▫ “keystore” database: keys and certificates
▫ Available to applications
Authentication
Signing
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
JCA Overview
•Core classes and interfaces related to Java
cryptography
•Contains 2 provider classes that are used to
manage and maintain the service providers
•Provider: class that represents a cryptographic service
provider
•Security: class that manages the installed providers and
their security properties
•Contains a number of engine classes which are
used to interface with cryptographic services
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
JCA Engine Classes
• MessageDigest: used to implement one-way hash
functions such as MD5 or SHA
• Signature: used to implement digital signatures
• KeyPairGenerator: used to create public/private key
pairs for different algorithms
• KeyFactory: used to convert keys into key specifications
and then vice-versa
• CertificateFactory: used to generate certificates
• KeyStore: used to create a keystore which maintains keys
and certificates in memory for later usage
• AlgorithmParameters: used to maintain the security
parameters for specific algorithms
• AlgorithmParameterGenerator: used to create a set of
parameters to be used for specific algorithms
• SecureRandom: used to create random or pseudo-
random numbers
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
JCA Examples (1/2)
Create Message Digest
byte[] dataBytes = “This is test data”.getBytes();
MessageDigest md = MessageDigest.getInstance("SHA1");
md.update(dataBytes);
byte[] digest = md.digest();
•First, the test data is populated.
•Second, a concrete message digest object is created with
SHA1 as the cryptographic algorithm
•Third, the message digest object is updated; i.e. the digest is
updated using the current bytes
•Finally, the digest method completes the algorithm
• JcaMessageDigest.java
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
JCA Examples (2/2)
Create Keystore
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(null,password.toCharArray());
java.io.FileOutputStream fos = new
java.io.FileOutputStream(keyFilePath);
ks.store(fos, password.toCharArray());
fos.close();
•First, create the concrete KeyStore object.
•Second, load “ks” with a null input
•Third, create the output stream to save the file.
•Fourth, the store method saves the KeyStore to the file specified and
protects it with the password
•Finally, close the output stream.
•JcaCertificateTest.java
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
JCE Overview
•Originally created as an optional extension
package for cryptographic services subject
to U.S. export controls
•Uses JCA’s “provider” and “security”
classes to manage its service providers
•Comprised of all “engine” classes
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
JCE Engine Classes
• Cipher: provides encryption and decryption functionality
• CipherInputStream & CipherOutputStream: used as a
convenient way to encrypt or decrypt information using
streams
• Mac: used to check the integrity of messages based on a
secret key
• KeyGenerator: used to generate symmetric keys
• SecretKeyFactory: similar to the KeyFactory of JCA which
converts keys into key specifications and vice-versa
• SealedObject: used to create a serialized object which is
protected using cryptography
• KeyAgreement: provides functionality to use a key
agreement protocol
• Interfaces: provides interfaces for Diffie-Hellman keys
• Spec: similar to algorithmParamaters of JCA which
provides key and parameter specifications for different
algorithms
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
JCE Examples (1/2)
Generate Secret Key
KeyGenerator kg = KeyGenerator.getInstance(“DES”);
SecretKey sKey = kg.generateKey();
•A secret key is used for symmetric encryption/decryption
•First, create a concrete key generator object; in this case a
DES key
•Second, create a SecretKey object and call the generateKey
method of the KeyGenerator object to retrieve the key
•JceSecretKeyTest.java
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
JCE Examples (2/2)
Encrypt
byte[] testdata = “Understanding Java Cryptography”.getBytes();
Cipher myCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
myCipher.init(Cipher.ENCRYPT_MODE, sKey);
byte[] cipherText = myCipher.doFinal(testdata);
•First, load some test data.
•Second, create a concrete Cipher object
•Third, initialize the cipher with the secret key for encryption
•Finally, the doFinal method actually encrypts the data
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Examples
• An application to encrypt text files
• An application to decrypt text files
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Provider Class
• Providers are installed in a given preference order,
the order in which the provider list is searched if a
specific provider is not requested.
• Example
▫ PROVIDER1
SHA1withDSA, SHA-1, MD5, DES, and DES3
Preference order 1
▫ PROVIDER2
SHA1withDSA, MD2, MD5, RC4, and RSA
Preference order 2
Signature dsa =
Signature.getInstance("SHA1withDSA","PROVIDER_2");
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Installing Providers
• Installing the Provider Classes (two ways)
• Place a zip or JAR file containing the classes anywhere
in your classpath.
• Supply your provider JAR file as an "installed" or
"bundled" extension.
• Configuring the Provider
• Add the provider to your list of approved providers
• Static method
• Edit the java.security file in the lib/security directory of
the SDK
security.provider.n=masterClassName
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Security class
• Manage installed providers and security-wide
properties
• Only static methods and never instantiated
• The methods for adding or removing providers,
and for setting Security properties.
• Can only be executed by a trusted program, that
is:
▫ Local application not running a security manager
▫ An applet or application with permission
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Java BigInteger class (1/3)
• Constructor
public BigInteger(String val) throws
NumberFormatException
• Example
BigInteger m = new
BigInteger(“9238756983265342987456928689862
3498”)
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Java BigInteger class (2/3)
• Methods
public BigInteger add(BigInteger val)
public BigInteger subtract(BigInteger val)
public BigInteger multiply(BigInteger val)
public BigInteger divide(BigInteger val) throws
ArithmeticException
public BigInteger remainder(BigInteger
val)throws ArithmeticException
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Java BigInteger class (3/3)
• Others methods
public BigInteger modPow(BigInteger e,
BigInteger m) : a^e (mod m)
public BigInteger modInverse(BigInteger m)
throws ArithmeticException:
public BigInteger shiftLeft(int n)
public BigInteger shiftRight(int n)
• Example
BK
TP.HCM
Cryptography & Network Security
Trường ĐHBK TP.HCM - Khoa Khoa học & Kỹ thuật máy tính 2009
Exercises
1. Run the programs above
2. Check if you can supply a key as user input?
3. What other encryption algorithms you may use?
And Try them.
4. Write a java program to retrieve the HTML file at
URL , encrypt the
contents and store it into a local file “index.enc”,
then decrypt the file “index.enc” and store it into
a local file “index.dec”.
5. Try to encrypt your emails sent to your friends.
Các file đính kèm theo tài liệu này:
- ex2_networksecurity_9206.pdf