Docstoc

The Java Crypto API

Document Sample
The Java Crypto API Powered By Docstoc
					The Java Crypto API

    ICW Lecture 3
     Tom Chothia
     Reminder of Last Time:
• Your programs defines “Classes”.

• Each class defines “Objects”.

• An Object is defined as having a number of
  “Fields” that store data...

• ...and a number of “Methods” that perform
  computation.
                This Time:

• Read and write from files.
• Generate and handle keys.
• How to encrypt and decrypt
  –   public key encryption,
  –   and symmetric key encryption.
• Hashes.
• Keystores
    But this Lecture is Really
           About: APIs
• APIs are Application Programming
  Interfaces.

• They are libraries of useful programs
  that do most of the work for us.

• A lot of programming Java is using the
  right API.
    Reading and Writing to a File
     Make a java.io.File object.
     Get the input and output streams.
     Put wrappers round the steams, e.g.,
        PrintReader for strings.
        DataInputString for bytes.
     Read and write using .read and .write.
     Close using .close.
            Code Demo
   See ReadWriteFile.java
   Symmetric Key Encryption
• Symmetric key encryption uses the same key
  to encrypt and decrypt the message.

     encrypt (plain text, key) = cipher text
     decrypt(cipher text, key) = plain text

Symmetric key encryption is fast, but handling
  the key can be difficult.
 Popular Types of Symmetric
         Encryption
• Advanced Encryption Stardard (AES)
  – A good cipher, maybe the best.


• Data Encryption Standard (DES)/3DES
  – The old stardard, key now to short.
  – Still OK if you us it 3 times.
  – Used in e-passports.
 Popular Types of Symmetric
         Encryption
• BlowFish
  – Like AES,


• RC4: Rivest Cypter 4
  – Fast, used in SSL, WPA, problem is related
    keys are used in different sessions.
    Public Key Cryptography
   Public Key Cryptography uses 2 keys:
     –   A public key for encryption
     –   A private key for decryption.


   You can tell anyone you public and
    anyone can encrypt data just for you.

   Only you can read the message.
          Types of Public Key
             Cryptography
• Diffie-Hellman
      –   First public key system.
      –   Security based on the logs.
• RSA
      –   Most common public key system.
      –   Security based on factoring large primes
      –   If in doubt use RSA
• Elliptic Curve
      –   Based on curves in a finite field.
      Useful APIs for Crypto
javax.crypto.Cipher:
     –   the Cipher object does the encryption.
java.security.Key
     –   a cryptographic key
java.secuity.KeyFactory
     –   Turn bytes into Key Objects.


Also RSAPublicKey, X509EncodedKeySpec,...
(remember cmd-shirt-O in Eclipse).
     java.security.KeyGenerator
Create the object with:
kg = KeyGenerator.getInstance(<Crypto Type>);


Give the key length (if needed):
                        kg.initialize(1024);


Read out the key:
     Key key = kg.genKeyPair();
  java.security.KeyPairGenerator
Create the object with:
kg = KeyPairGenerator.getInstance(<Crypto Type>);


Key the key length:        kg.initialize(1024);


Read out the keys:
     KeyPair keypair = kg.genKeyPair();
     PrivateKey privKey = keypair.getPrivate();
     PublicKey publicKey = keypair.getPublic();
          Encryption In Java
Steps to encrypt data in Java (see example
  code):

• Import package
• Create a cipher object
• Initiate the cipher object with the scheme you
  want in encrypt or decrypt mode.
• Pass the object the data you want to encrypt.
• Read the cipher text out.
• Decrypt in the same way.
              Code Demo
   Encrypt file
                Summary
I've just shown you how to
• Read and write from files.
• Generate keys.
• How to encrypt and decrypt.

Still to come:
• Read and write keys to files
• Keystores
• Hashes
            Java keytool
   Most Java programs use existing keys
    rather than create keys themselves.

   The keytool command can be used to
    generate keys outside Java.
              Saving a Key
   We can read and write the bytes of a
    key to a file.

   This is a bad idea.

   We want to
      –   protect read access to private keys,
      –   and make sure the publics ones are
          real.
      The KeyStore Class
• A KeyStore holds password protected
  private keys and public keys as
  certicates.
• Make keystores using the keytool e.g.
keytool -genkey -keyalg RSA
        -keypass password -alias mykey
        -storepass storepass
        -keystore myKeyStore
                 Demo
   Making a KeyStore with the keytool
          KeyStore Methods
• getInstance(“JKS”):
     –   creates a keystore
• Load(file,password):
     –   loads key data from a file using
         password.
• getKey(alias,password)
     –   get the key “alias” with given password
• getCertificate(alias)
     –   gets a public key as a certificate
    File Encryption Program
• Combining these we can write a
  program to encrypt files.

• See demo.
                  Hashes
   A hash of any Object is a short string
    generated from that Object.
   The hash of an object is always the same.
   Any small change makes the hash total
    different.
   It is very hard to go from the hash to the
    object.
   It is very unlikely that any two different
    objects have the same hash.
    Types of Hash Algorithm
• SHA-1, SHA-2 current standard,
  however it is possible to file two
  messages that have the same hash.

• MD5 often used for error checking can
  also find two files with the same hash.
          Hashes in Java
   See Hash.java
         Uses of Hashing
• Download verification

• Message Verification

• Passwords (demo)
         Password Cracking
• If an attacker gets the password
  shadow file
     –   they can try to guess a password
     –   and check if the hash of their guess is
         in the list.
• Truly random passwords are safe.
• Dictionary words are not.
    Exercise 1: SHA1 password
              cracker.
   In 1 week I will give you a shadow file
    of SHA1 hashed passwords.
   You have to write a program that
      –   Guesses a password
      –   Hashes the Guess
      –   Checks to see if it is in the list.
   Hint: find a list of common passwords
    online, and use this to build more.
              Conclusion
   Encryption can be public key or
    symmetrical.

   Use a Cipher Object in Java to do
    de/encryption.

   Keep your keys in a password
    protected KeyStore.
              Next Time
   How to make connections across the
    Internet.

   TCP/IP protocol

   Sockets in Java.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:12
posted:10/18/2011
language:English
pages:31