Cryptography &

The JCE

Presented by
Geoff Whittington,
Fireball Technology Group
 Cryptography

The science of securing information.

 Presentation Outline
 Motivation
 Language, Concepts
 Overview of Java Cryptography Extension
 Implementation comments
 A Few Interesting Books
 Useful Internet Resources
 Motivation for Cryptography
 Increased reliance on electronic systems
 Increased system infestation
 Increased monitoring
 Increased value of information
 Cryptography
 Definitions
 The Setup
 Symmetric Systems
 Hash Functions
 Message Authentication Codes (MAC)
 Asymmetric Systems
 Hybrid Systems
 Electronic Signatures
 Definitions
 Secret Key – shared piece of secret information
used to protect a larger set of data.
 Encrypt –scramble data with a secret key into a
hard-to-understand format.
 Decrypt – scramble encrypted data into readable
using a secret key.
 Cryptographic algorithm – Description of how
a secret key is utilized to scramble information.
 Definitions cont’d...
 Plaintext (aka Cleartext) – The information to
be secured.
 Ciphertext – The scrambled/unreadable
information after an encryption process is
performed.
 The Setup
1. Alice wants to securely send Bob a secret
2. Bob wants to be sure information came from
Alice
Info

Alice Bob

Eve
 Symmetric Cryptography

Secret Cipher Secret

text

Alice Bob

Eve
Security provider architecture
 Symmetric Algorithms
 Substitution and transposition using a secret key
to obscure the plaintext into ciphertext.
 Fast to implement in software and hardware
 Problem: Secret key used for encryption and
decryption must be known.

 Examples: RC5, DES, 3DES, Blowfish, AES

 Hash Functions
 One way operation on information that results
in smaller set of data, called a message digest.
 MD5 and SHA-1 are hash functions.
 Considered secure when it is computationally
infeasible to find two input data with the same
message digest.
 Secure hash functions are used in electronic
signatures.
 MACs
 Message Authentication Codes provide an
authentication scheme in symmetric-based
cryptographic protocols.

Document
MAC
Hash and encrypt
 MACs cont’d...
 Produces an encrypted message digest with a secret key.
 Alice sends Bob a document as well as a MAC. Bob
can authenticate who sent the document by performing
the same MAC on the document and comparing his
MAC to the one that Alice sent. If they match, he
knows that Alice sent the document.

 Problem: Secret key must be established and known

only to Alice and Bob.
Example: message digests
 use class to get instance
of algorithm
 Asymmetric Cryptography
 Utilizes two keys: One private to an individual, and
another public to the world.
 An individual shares his public key to a Trusted Third
Party (TTP)
 Alice can securely send Bob information by encrypting
it with Bob’s public key retrieved from the TTP. Only
Bob’s private key will decrypt the information.
 Useful for establishing secure channels in an insecure
environment: PGP & SSL.

 Examples: RSA, ElGamal, and ECC

Asymmetric Cryptography cont’d…
 Based on ‘hard’ math problems
 Sharing public keys require a public-key
infrastructure (PKI) – retrieving, adding and
revoking keys
 Trust is paramount
 Asymmetric keys must be much larger than
symmetric keys
 Hybrid Systems
 Asymmetric cryptosystems are used for
establishing secure channels
 With an established secure channel, Alice can
exchange a symmetric secret key with Bob and
engage in a secure conversation using a
symmetric cipher.
 Electronic Signatures
 Alice can sign a document by using her private
key. Bob can authenticate her signature by using
her public key.
 Alice signs a document by first hashing it using a
secure hash function (SHA-1).
 The Digital Signature Standard (DSS) is a
standard means of signing documents
 Java Cryptography Extension
 JCE bundled with the SDK in 2002.
 Subject to US export restrictions.
 Built on top of java.security and javax.crypto
 The JCE is a pluggable technology – allowing different
implementations from many providers.
 Useful classes are:
 SecretKeyFactory
 Cipher
 SealedObject
 KeyGenerator
 KeyAgreement
 Mac
 SecureRandom
 JCE Providers
 Open source providers are Cryptix and Bouncy
Castle.
 Plugging-in
 modifying java.security file.
 Use code to add a provider
Example:
import cryptix.jce.provider.CryptixCrypto;
Provider cryptix_provider = new CryptixCrypto();
int result=Security.addProvider(cryptix_provider);
 JCE - SecretKeyFactory
 Generates SecretKey instances for use with a symmetric
cipher.
 Useful when the secret key has already been established.
 Supported SecretKey instances are dependent on the
ones offered by the installed JCE providers.
 Example:
byte[] secretKey = “SecrtKey”.getBytes();
DESKeySpec desKeySpec = new DESKeySpec( secretKey );
SecretKeyFactory factory = SecretKeyFactory.getInstance(“DES”);
SecretKey sk = factory.generateSecret( desKeySpec );
 JCE – Cipher
 Cipher does the work of encryption and decryption
 A Cipher is instantiated using the Cipher.getInstance factory
method
 Associated with a transformation name in the format,
algorithm/mode/padding
 Can operate within four modes: encrypt, decrypt, key wrap, key
unwrap.
 Must be initialized using a specified mode, and secret key
information.
 Example:
Cipher c = Cipher.getInstance(“DES”);
c.init( Cipher.ENCRYPT_MODE, secretKey );
byte[] plaintext = “The time has come for action.”.getBytes();
byte[] ciphertext = c.doFinal ( plaintext );
 JCE - SealedObject
 Great for securely persisting objects which can
be serialized.
 Instantiated with a Cipher object and a
serializeable object.
 Any algorithm parameters used by the Cipher
object are stored in the SealedObject for easy
decryption.
 Unsealing requires either the same Cipher object
used for sealing or the associated secret key.
 JCE - KeyGenerator
 The KeyGenerator class solves the problem of Alice or Bob
having to come up with their own secret key. It will create one
for them.
 Symmetric algorithms have their own specific weak keys. Users
who use weak keys open their communication to known exploits.
For example, a weak key for DES is:
0000000 FFFFFFF
 Uses a random number generator, a key size, and a target
cryptographic algorithm (like ‘DES’) to generate an acceptable
key for the developer.
 Example:
KeyGenerator kg = KeyGenerator.getInstance(“DES”);
kg.init(56);
SecretKey sk = kg.generateKey();
 Java support for cryptography
 Keys
 Certificates
 Key management
 Message digests
 Secure message digests
 Digital signatures
 Encryption & decryption
 Keys & certificates: recap
 Two kinds of keys:
 secret (symmetric)
 public/private (asymmetric)

 Certificates can be used to authenticate public

keys:
 Public keys usually transmitted as part of a
certificate
 Issues
 Key management and storage
 Self-certification?
 Hierarchy of trust
 Generation and import/export of
keys
java.security.KeyPairGenerator
java.security.KeyFactory
javax.crypto.KeyGenerator
javax.crypto.SecretKeyFactory

Key key specification

generator Eg P=3, Q=4, …
factory

encoded
Key KeyPair key data
 The Key class hierarchies: a
partial view
java.security.Key java.security.interfaces.DSAKey

PublicKey PrivateKey java.crypto.SecretKey

DSAPublicKey DSAPrivateKey
RSAPublicKey RSAPrivateKey

RSAPrivateKeyCrt java.security.KeyPair
 Why so many?
 Certain algorithms require methods to access
key generation parameters for export
 DSAKey: methods getP(), getQ(), getG()

 Certain algorithms have specific roles

 DHKey: Diffie-Hellman key exchange
Example: generate/export key
pair

Source: Oaks (2001)

 Encryption Example
 Generate random SecretKey
KeyGenerator gen = KeyGenerator.getInstance(“DES”);

SecretKey key = gen.generateKey();

 Create and initialize a Cipher

Cipher cipher = Cipher.getInstance(“DES”, “SunJCE”);
cipher.init( Cipher.ENCRYPT_MODE, key);

 Perform encryption
byte[] plaintext = “the time has come”.getBytes();
byte[] ciphertext = c.doFinal( plaintext );
 JCE - KeyAgreement
 Lets Alice and Bob establish a secret key in an insecure
environment.
 Utilizes an asymmetric system. A developer must choose the key
agreement algorithm. (i.e. Diffie-Hellman)
 The ‘generateSecret’ method returns the established secret key
 The ‘doPhase’ method performs the exchange
 Example:
KeyAgreement ka = KeyAgreement.getInstance(“DH”);
ka..init( alicePrivateKey );
ka..doPhase( bobPublicKey, true );
byte[] secret = ka.generateSecret();
 JCE - SecureRandom
 Random numbers are important to security
 {JRE}\lib\security\java.security names the
default random number generator URL,
file:/dev/random
 Implementation
 Follow standards and recommend key sizes
blessed by the cryptographic community.
 Peer review a design and its implementation.
 Avoid writing protocols from scratch
 JCE offers no silver bullet.
 Implementation
 Java makes no guarantee when an object is
released from memory, even when calling
System.gc()
 Minimize copies of the sensitive information
 Wipe your StringBuffer instances
 The paranoid ought to consider JNI
 A Few Interesting Books
 General Cryptography
 Applied Cryptography 2nd Edition, Bruce Schneier.
 Mathematical
 Cryptography: Theory and Practice, Douglas
Stinson.
 Security in General
 Information Warfare and Security, Dorothy E.
Denning
 Useful Internet Resources
 JCE Providers
 Cryptix http://www.cryptix.org

 Bouncy Castle http://www.bouncycastle.org

 URLs
 Sun’s Online Developer Community
 http://java.sun.com/
 Sun Crypto Reference Guide
 http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.ht
ml
 Sun’s JCE Reference Guide
 http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGui
de.html
 Schneier.com – http://schneier.com

 Newgroups
 sci.crypt