The Java Crypto API

Document Sample
The Java Crypto API Powered By Docstoc
					The Java Crypto API

    ICW Lecture 3
     Tom Chothia
     Reminder of Last Time:
• Your programs defines “Classes”.

• Each class defines “Objects”.

• An Object is defined as having a number of
  “Fields” that store data...

• ...and a number of “Methods” that perform
                This Time:

• Read and write from files.
• Generate and handle keys.
• How to encrypt and decrypt
  –   public key encryption,
  –   and symmetric key encryption.
• Hashes.
• Keystores
    But this Lecture is Really
           About: APIs
• APIs are Application Programming

• They are libraries of useful programs
  that do most of the work for us.

• A lot of programming Java is using the
  right API.
    Reading and Writing to a File
     Make a object.
     Get the input and output streams.
     Put wrappers round the steams, e.g.,
        PrintReader for strings.
        DataInputString for bytes.
     Read and write using .read and .write.
     Close using .close.
            Code Demo
   See
   Symmetric Key Encryption
• Symmetric key encryption uses the same key
  to encrypt and decrypt the message.

     encrypt (plain text, key) = cipher text
     decrypt(cipher text, key) = plain text

Symmetric key encryption is fast, but handling
  the key can be difficult.
 Popular Types of Symmetric
• Advanced Encryption Stardard (AES)
  – A good cipher, maybe the best.

• Data Encryption Standard (DES)/3DES
  – The old stardard, key now to short.
  – Still OK if you us it 3 times.
  – Used in e-passports.
 Popular Types of Symmetric
• BlowFish
  – Like AES,

• RC4: Rivest Cypter 4
  – Fast, used in SSL, WPA, problem is related
    keys are used in different sessions.
    Public Key Cryptography
   Public Key Cryptography uses 2 keys:
     –   A public key for encryption
     –   A private key for decryption.

   You can tell anyone you public and
    anyone can encrypt data just for you.

   Only you can read the message.
          Types of Public Key
• Diffie-Hellman
      –   First public key system.
      –   Security based on the logs.
      –   Most common public key system.
      –   Security based on factoring large primes
      –   If in doubt use RSA
• Elliptic Curve
      –   Based on curves in a finite field.
      Useful APIs for Crypto
     –   the Cipher object does the encryption.
     –   a cryptographic key
     –   Turn bytes into Key Objects.

Also RSAPublicKey, X509EncodedKeySpec,...
(remember cmd-shirt-O in Eclipse).
Create the object with:
kg = KeyGenerator.getInstance(<Crypto Type>);

Give the key length (if needed):

Read out the key:
     Key key = kg.genKeyPair();
Create the object with:
kg = KeyPairGenerator.getInstance(<Crypto Type>);

Key the key length:        kg.initialize(1024);

Read out the keys:
     KeyPair keypair = kg.genKeyPair();
     PrivateKey privKey = keypair.getPrivate();
     PublicKey publicKey = keypair.getPublic();
          Encryption In Java
Steps to encrypt data in Java (see example

• Import package
• Create a cipher object
• Initiate the cipher object with the scheme you
  want in encrypt or decrypt mode.
• Pass the object the data you want to encrypt.
• Read the cipher text out.
• Decrypt in the same way.
              Code Demo
   Encrypt file
I've just shown you how to
• Read and write from files.
• Generate keys.
• How to encrypt and decrypt.

Still to come:
• Read and write keys to files
• Keystores
• Hashes
            Java keytool
   Most Java programs use existing keys
    rather than create keys themselves.

   The keytool command can be used to
    generate keys outside Java.
              Saving a Key
   We can read and write the bytes of a
    key to a file.

   This is a bad idea.

   We want to
      –   protect read access to private keys,
      –   and make sure the publics ones are
      The KeyStore Class
• A KeyStore holds password protected
  private keys and public keys as
• Make keystores using the keytool e.g.
keytool -genkey -keyalg RSA
        -keypass password -alias mykey
        -storepass storepass
        -keystore myKeyStore
   Making a KeyStore with the keytool
          KeyStore Methods
• getInstance(“JKS”):
     –   creates a keystore
• Load(file,password):
     –   loads key data from a file using
• getKey(alias,password)
     –   get the key “alias” with given password
• getCertificate(alias)
     –   gets a public key as a certificate
    File Encryption Program
• Combining these we can write a
  program to encrypt files.

• See demo.
   A hash of any Object is a short string
    generated from that Object.
   The hash of an object is always the same.
   Any small change makes the hash total
   It is very hard to go from the hash to the
   It is very unlikely that any two different
    objects have the same hash.
    Types of Hash Algorithm
• SHA-1, SHA-2 current standard,
  however it is possible to file two
  messages that have the same hash.

• MD5 often used for error checking can
  also find two files with the same hash.
          Hashes in Java
   See
         Uses of Hashing
• Download verification

• Message Verification

• Passwords (demo)
         Password Cracking
• If an attacker gets the password
  shadow file
     –   they can try to guess a password
     –   and check if the hash of their guess is
         in the list.
• Truly random passwords are safe.
• Dictionary words are not.
    Exercise 1: SHA1 password
   In 1 week I will give you a shadow file
    of SHA1 hashed passwords.
   You have to write a program that
      –   Guesses a password
      –   Hashes the Guess
      –   Checks to see if it is in the list.
   Hint: find a list of common passwords
    online, and use this to build more.
   Encryption can be public key or

   Use a Cipher Object in Java to do

   Keep your keys in a password
    protected KeyStore.
              Next Time
   How to make connections across the

   TCP/IP protocol

   Sockets in Java.

Shared By: