• When a secret needs to be kept, you have to find a way to protect it from:
    – Misuse of data
    – Unauthorized access
    – Data theft
    – Deleting of data
  • Protecting applications against attacks and maintaining privacy is a perplexing task for organizations due to decentralized operations, diverse Internet users and distributed systems
  • Data collected through attacks against applications can be used for creating unauthorized profiles, deleting authorized profiles, misuse and manipulation of sensitive data, jeopardizing trade secrets and business transactions
  • Due to threats to identity and privacy, IT developers are now focusing on providing security solutions that enhance, support, and manage associated risks with data storage, access, and usage
  • Cryptography uses ciphers to encrypt data, digital certificates to authenticate trusted sites, and digital signatures to ensure that data is not compromised or tampered

💖Java Security with Cryptography

  • Cryptography known as secret writing, can convert data into a scrambled code that is encrypted, decrypted and sent across a private or public network
  • Cryptography deals with security issues in accordance with:
    – Privacy
    – Integrity
    – Authentication
    – Non-repudiation
  • The Java platform, through APIs, addresses major security areas such as cryptography, authentication, public key infrastructure, secure communication and access control
  • With these APIs, developers can easily design and write application code by integrating both low-level and high-level security functions
  • Java platform offers cryptographic operations using APIs such as
    – JCA (Java Cryptography Architecture)
    – JCE (Java Cryptography Extension)

Java Security with Cryptography (Cont’d)

  • Design principles for JCA and JCE
  1. Algorithm Independence
  2. Algorithm Extensibility
  3. Implementation Independence
  4. Implementation Interoperability

Java Cryptography Architecture (JCA)

  • JCA provides an architectural framework for executing the main cryptographic services in the Java platform
  • Java cryptographic operations are realized through engines classes that abstract with a particular cryptographic concept
  • JCA classes are located in java.security package
  • JCA supports many of the standard algorithms such as RC4, RC2, PKCS#5, SHA, Triple DES, AES, DSA, RSA, etc.

Java Cryptography Architecture (JCA) (Cont’d)

Java Cryptography Architecture Engine Includes

  • Message Digests (Create hash value)
  • Key Pair Generator (creates a pair of keys)
  • Key Store (Manages and stores a key)
  • AlgorithmParametersGenerator (generating parameters)
  • CertPathBuilder (creates relationship chains between certs)
  • Digital Signatures (create signatures)
  • Key Factories (break down a key)
  • AlgorithmParameters (encoding and decoding)
  • CertificateFactory (generates public key certificates)
  • CertStore (manages and stores certs)

Java Cryptography Extension (JCE)

  • JCE includes classes for encryption and decryption, used for ciphering and deciphering functionality
  • JCE engines include
    – Ciphers (manage encryption/decryption)
    – KeyGenerator (creates secret keys used by ciphers)
    – SecretKeyfactory (operates on SecretKey objects)
    – Key agreement (key agreement protocol)
    – MAC (message authentication code functionality)
  • JCE engines are located in javax.crypto package
  • SunJCE provider supports algorithms such as DES, DESede, Triple-DES, Blowfish, RSA, PBEWithMD5AndDES, HmacMD5, HmacSHA1, etc.