|
Java for Symmetric Cryptography
Apply a Java-supported symmetric cryptography technique to employ an algorithm seeded with a single key for data encryption and decryption
by Kevin Jones
Posted March 31, 2004
Cryptography—literally, secret writing—is the practice of encrypting and decrypting data. To encrypt or decrypt data, you apply an algorithm, which will be a series of transformations to the input data (the plaintext) to produce the output data (the ciphertext). Simply applying the transforms is not good enough because an attacker could simply apply the complimentary set of transforms to the ciphertext to get back the plaintext. To provide a degree of randomness to the transformation, the algorithm is seeded with a key. The ciphertext can only be decrypted if the key is known.
There are two major techniques used for cryptography: symmetric and asymmetric. In asymmetric cryptography there are two keys; one key is used to encrypt the data and the other key is necessary to decrypt (either key can be used for encryption or decryption). With symmetric cryptography there is only one key and that key is used for both encryption and decryption. Here we will look at Java's support for symmetric cryptography.
The Java Cryptography Extensions (JCE) were originally introduced as an extension to JDK 1.2.2 but are now a formal part of JDK 1.4. This inclusion means that whereas originally a separate set of Java Archive (JAR) files had to be downloaded to use the JCE, now it is available to all as a standard part of the JDK installation. The reason that the JCE was not originally part of the JDK was at least partly because the U.S. government regards cryptography as munitions, so there were various export regulations in place. These restrictions have eased over the years.
As mentioned previously, an algorithm is needed to encrypt data, and this algorithm has to be seeded with a key. There are many algorithms that could be used to encrypt data and to perform the other tasks typically covered by cryptography. There are also different ways to implement these algorithms. To allow for different implementations of different algorithms, the JCE allows for the installation of multiple providers. This installation is very similar to other parts of Java such as JDBC. In JDBC to talk to a specific database you use a specific database driver. In JCE if you need to use a specific algorithm, if the providers that are installed in your Java Virtual Machine (JVM) don't provide the algorithms or the performance you require, you can install other providers.
Providers can be installed programmatically, but the simplest way to install a provider is to copy the provider's JAR file to the %JRE_HOME%/lib/ext and then to edit the %JRE_HOME%/lib/security/java.security file to reference the new provider. For example, if you want to install the Bouncy Castle provider, copy bcprov-jdk14-122.jar to %JRE_HOME%/lib/ext. (Bouncy Castle is a free open source provider; see Resources.) The java.security file contains a list of all the installed providers; therefore, you would edit that file to add the Bouncy Castle provider:
security.provider.1=
sun.security.provider.Sun
security.provider.2=
com.sun.net.ssl.internal.ssl.
Provider
security.provider.3=
com.sun.rsajca.Provider
security.provider.4=
com.sun.crypto.provider.SunJCE
security.provider.5=
sun.security.jgss.SunProvider
security.provider.6=
org.bouncycastle.jce.provider.
BouncyCastleProvider
Back to top
|