Java™ Cryptography

Jonathan Knudsen

Publisher: O'Reilly, 1998, 344 pages

ISBN: 1-56592-402-9

Keywords: IT Security, Java

Last modified: Nov. 15, 2008, 11:01 a.m.

Cryptography, the science of secret writing, is the biggest, baddest security tool in the application programmer's arsenal.

Cryptography provides three services that are crucial in secure programming. These include a cryptographic cipher that protects the secrecy of your data; cryptographic certificates, which prove identity (authentication); and digital signatures, which ensure your data has not been damaged or tampered with. This book covers cryptographic programming in Java. Java 1.1 and Java 1.2 provide extensive support for cryptography with an elegant architecture, the Java Cryptography Architecture (JCA). Another set of classes, the Java Cryptography Extension (JCE), provides additional cryptographic functionality. This book covers the JCA and the JCE from top to bottom, describing the use of the cryptographic classes as well as their innards. The book is designed for moderately experienced Java programmers who want to learn how to build cryptography into their applications. No prior knowledge of cryptography is assumed. The book is peppered with useful examples, ranging from simple demonstrations in the first chapter to full-blown applications in later chapters. Topics include:

  • The Java Cryptography Architecture (JCA)
  • The Java Cryptography Extension (JCE)
  • Cryptographic providers
  • The Sun key management tools
  • Message digests, digital signatures, and certificates (X509v3)
  • Block and stream ciphers
  • Implementations of the ElGamal signature and cipher algorithms
  • A network talk application that encrypts all data sent over the network
  • An email application that encrypts its messages

Covers JDK 1.2 and JCE 1.2.

  1. Introduction
    • Secure Systems
    • Cryptography
    • Platform Security
    • Astute Inequalities
    • Hello, zoT1wy1njA0=!
  2. Concepts
    • Confidentiality
    • Integrity
    • Authentication
    • Random Numbers
    • Algorithms
  3. Architecture
    • Alphabet Soup
    • Concept Classes
    • API and SPI
    • Factory Methods
    • Standard Names
    • The Provider Architecture
    • Key Management
    • Summary
  4. Random Numbers
    • SecureRandom
    • Self-Seeding
    • Keyboard Timing
    • SeederDialog
  5. Key Management
    • Keys
    • Key Generators
    • Key Translators
    • Key Agreement
    • The Identity Key Management Paradigm
    • The KeyStore Key Management Paradigm
  6. Authentication
    • Message Digest
    • MACs
    • Signatures
    • Certificates
  7. Encryption
    • Streams and Blocks
    • Block Ciphers
    • Algorithms
    • javax.crypto.Cipher
    • Cipher's Close Relatives
    • Passphrase Encryption
    • Inside Cipher
    • Hybrid Systems
  8. Signed Applets
    • Renegade
    • HotJava
    • Navigator
    • Internet Explorer
    • Summary
  9. Writing a Provider
    • Getting Started
    • Adding the ElGamal Classes
    • ElGamal
    • Generating Keys
    • Signature
    • Cipher
  10. SafeTalk
    • Using SafeTalk
    • Under the Hood
  11. CipherMail
    • Using CipherMail
    • Under the Hood
  12. Outside the Box
    • Application Design
    • Decompilers and ByteCode Obfuscation
    • EndPoint Security
    • File Security
    • Network Security
    • Summary
  1. BigInteger
  2. Base64
  3. JAR
  4. Javakey
  5. Quick Reference

Reviews

Java Cryptography

Reviewed by Roland Buresund

Excrement * (1 out of 10)

Last modified: May 21, 2007, 3:09 a.m.

Worse example of security immaturity will be hard to find!

The author obviously doesn't know neither crypto nor secure programming, as he introduces some very bad practices!

He also more or less just gives the API some fairy-tale rationale and demonstrates a profound non-understanding of security issues and especially cryptology.

It's reading books like this that produces idiots to security programmers…

Avoid at all costs. If you need some information on Java's crypto API, you'll get more info out of the standard manual.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required