[O] Securely manage keys that are used for code signing and sealing

[X] Don’t use pseudorandom number generators instead use cryptographically secured random numbers

[O] Securely manage objects that are transmitted across the network with signing and sealing

[X] Don’t store encryption keys, keystore name, the alias and password details in the source code

[O] Use existing crypto libraries rather than creating your own cryptographic protocols

[X] Don’t store encrypted keys and passwords that are dependent on garbage collector in memory; rather use configuration files with authorized entities

[O] Ensure that the key length used by algorithms is at least 128 bit (Eg, RSA key 512 bits)

[X] Don’t store encryption keys, keystore name, password, alias, etc., in unprotected external files

Module Summary

  • Cryptography deals with security issues in accordance with privacy, integrity, authentication and nonrepudiation
  • Java platform offers cryptographic operations using APIs such as Java Cryptography Architecture and Java Cryptography and decryption
  • JCA provides a specific framework for digital signatures with java.security.Signature class that provides functionality of signing and verifying digital signatures
  • Digital certificate includes User (entity) Information, User’s public key, Digital signature of the CA, Issue and expiry date
  • Java Archive (JAR) is a file format that contains multiple files .i.e., class files and subsidiary resources associated with applets and applications
  • Code signing is a security mechanism that performs digital signing of Java scripts and executables using cryptography algorithms to prevent malicious activities