Java™ Cryptography

Cryptography, the science of secret writing, is the biggest, baddest security tool in the application programmer's arsenal.

Cryptography provides three services that are crucial in secure programming. These include a cryptographic cipher that protects the secrecy of your data; cryptographic certificates, which prove identity (authentication); and digital signatures, which ensure your data has not been damaged or tampered with. This book covers cryptographic programming in Java. Java 1.1 and Java 1.2 provide extensive support for cryptography with an elegant architecture, the Java Cryptography Architecture (JCA). Another set of classes, the Java Cryptography Extension (JCE), provides additional cryptographic functionality. This book covers the JCA and the JCE from top to bottom, describing the use of the cryptographic classes as well as their innards. The book is designed for moderately experienced Java programmers who want to learn how to build cryptography into their applications. No prior knowledge of cryptography is assumed. The book is peppered with useful examples, ranging from simple demonstrations in the first chapter to full-blown applications in later chapters. Topics include:

• The Java Cryptography Architecture (JCA)
• The Java Cryptography Extension (JCE)
• Cryptographic providers
• The Sun key management tools
• Message digests, digital signatures, and certificates (X509v3)
• Block and stream ciphers
• Implementations of the ElGamal signature and cipher algorithms
• A network talk application that encrypts all data sent over the network
• An email application that encrypts its messages

Covers JDK 1.2 and JCE 1.2.

1. Introduction
• Secure Systems
• Cryptography
• Platform Security
• Astute Inequalities
• Hello, zoT1wy1njA0=!
  
2. Concepts
• Confidentiality
• Integrity
• Authentication
• Random Numbers
• Algorithms
  
3. Architecture
• Alphabet Soup
• Concept Classes
• API and SPI
• Factory Methods
• Standard Names
• The Provider Architecture
  
• Key Management
• Summary
  
4. Random Numbers
• SecureRandom
• Self-Seeding
• Keyboard Timing
• SeederDialog
  
5. Key Management
• Keys
• Key Generators
• Key Translators
• Key Agreement
• The Identity Key Management Paradigm
• The KeyStore Key Management Paradigm
6. Authentication
• Message Digest
• MACs
• Signatures
• Certificates
  
7. Encryption
• Streams and Blocks
• Block Ciphers
• Algorithms
• javax.crypto.Cipher
• Cipher's Close Relatives
• Passphrase Encryption
• Inside Cipher
• Hybrid Systems
  
8. Signed Applets
• Renegade
• HotJava
• Navigator
• Internet Explorer
• Summary
  
9. Writing a Provider
• Getting Started
• Adding the ElGamal Classes
• ElGamal
• Generating Keys
• Signature
• Cipher
  
10. SafeTalk
• Using SafeTalk
• Under the Hood
  
11. CipherMail
• Using CipherMail
• Under the Hood
  
12. Outside the Box
• Application Design
• Decompilers and ByteCode Obfuscation
• EndPoint Security
• File Security
• Network Security
• Summary
  

1. BigInteger
2. Base64
3. JAR
4. Javakey
5. Quick Reference
   

Worse example of security immaturity will be hard to find!

The author obviously doesn't know neither crypto nor secure programming, as he introduces some very bad practices!

He also more or less just gives the API some fairy-tale rationale and demonstrates a profound non-understanding of security issues and especially cryptology.

It's reading books like this that produces idiots to security programmers…

Avoid at all costs. If you need some information on Java's crypto API, you'll get more info out of the standard manual.