The Java Crypto API

ICW Lecture 3

Tom Chothia

Reminder of Last Time:

• Your programs defines “Classes”.

• Each class defines “Objects”.

• An Object is defined as having a number of “Fields” that store data...

• ...and a number of “Methods” that perform computation.

This Time:

• Read and write from files.• Generate and handle keys.• How to encrypt and decrypt– public key encryption,

– and symmetric key encryption.

• Hashes.• Keystores

But this Lecture is Really About: APIs

• APIs are Application Programming Interfaces.

• They are libraries of useful programs that do most of the work for us.

• A lot of programming Java is using the right API.

Reading and Writing to a File

Make a java.io.File object. Get the input and output streams. Put wrappers round the steams, e.g.,

PrintReader for strings. DataInputString for bytes.

Read and write using .read and .write. Close using .close.

Code Demo

See ReadWriteFile.java

Symmetric Key Encryption

• Symmetric key encryption uses the same key to encrypt and decrypt the message.

encrypt (plain text, key) = cipher text

decrypt(cipher text, key) = plain text

Symmetric key encryption is fast, but handling the key can be difficult.

Popular Types of Symmetric Encryption

• Advanced Encryption Stardard (AES)– A good cipher, maybe the best.

• Data Encryption Standard (DES)/3DES– The old stardard, key now to short.– Still OK if you us it 3 times.– Used in e-passports.

Popular Types of Symmetric Encryption

• BlowFish– Like AES,

• RC4: Rivest Cypter 4– Fast, used in SSL, WPA, problem is related

keys are used in different sessions.

Public Key Cryptography

Public Key Cryptography uses 2 keys:– A public key for encryption– A private key for decryption.

You can tell anyone you public and anyone can encrypt data just for you.

Only you can read the message.

Types of Public Key Cryptography

• Diffie-Hellman– First public key system.

– Security based on the logs.

• RSA– Most common public key system.

– Security based on factoring large primes

– If in doubt use RSA

• Elliptic Curve– Based on curves in a finite field.

Useful APIs for Crypto

javax.crypto.Cipher:– the Cipher object does the encryption.

java.security.Key– a cryptographic key

java.secuity.KeyFactory– Turn bytes into Key Objects.

Also RSAPublicKey, X509EncodedKeySpec,...

(remember cmd-shirt-O in Eclipse).

java.security.KeyGenerator

Create the object with:

kg = KeyGenerator.getInstance(<Crypto Type>);

Give the key length (if needed):

kg.initialize(1024);

Read out the key:

Key key = kg.genKeyPair();

java.security.KeyPairGenerator

Create the object with:

kg = KeyPairGenerator.getInstance(<Crypto Type>);

Key the key length: kg.initialize(1024);

Read out the keys:

KeyPair keypair = kg.genKeyPair();

PrivateKey privKey = keypair.getPrivate();

PublicKey publicKey = keypair.getPublic();

Encryption In Java

Steps to encrypt data in Java (see example code):

• Import package• Create a cipher object• Initiate the cipher object with the scheme you

want in encrypt or decrypt mode.• Pass the object the data you want to encrypt.• Read the cipher text out. • Decrypt in the same way.

Code Demo

Encrypt file

Summary

I've just shown you how to • Read and write from files.• Generate keys.• How to encrypt and decrypt.

Still to come:• Read and write keys to files• Keystores• Hashes

Java keytool

Most Java programs use existing keys rather than create keys themselves.

The keytool command can be used to generate keys outside Java.

Saving a Key

We can read and write the bytes of a key to a file.

This is a bad idea.

We want to – protect read access to private keys,– and make sure the publics ones are

real.

The KeyStore Class

• A KeyStore holds password protected private keys and public keys as certicates.

• Make keystores using the keytool e.g.

keytool -genkey -keyalg RSA

-keypass password -alias mykey

-storepass storepass

-keystore myKeyStore

Demo

Making a KeyStore with the keytool

KeyStore Methods

• getInstance(“JKS”): – creates a keystore

• Load(file,password): – loads key data from a file using

password.

• getKey(alias,password) – get the key “alias” with given password

• getCertificate(alias) – gets a public key as a certificate

File Encryption Program

• Combining these we can write a program to encrypt files.

• See demo.

Hashes

A hash of any Object is a short string generated from that Object.

The hash of an object is always the same. Any small change makes the hash total

different. It is very hard to go from the hash to the

object. It is very unlikely that any two different

objects have the same hash.

Types of Hash Algorithm

• SHA-1, SHA-2 current standard, however it is possible to file two messages that have the same hash.

• MD5 often used for error checking can also find two files with the same hash.

Hashes in Java

See Hash.java

Uses of Hashing

• Download verification

• Message Verification

• Passwords (demo)

Password Cracking

• If an attacker gets the password shadow file

– they can try to guess a password– and check if the hash of their guess is

in the list.

• Truly random passwords are safe.

• Dictionary words are not.

Exercise 1: SHA1 password cracker.

In 1 week I will give you a shadow file of SHA1 hashed passwords.

You have to write a program that– Guesses a password– Hashes the Guess– Checks to see if it is in the list.

Hint: find a list of common passwords online, and use this to build more.

Conclusion

Encryption can be public key or symmetrical.

Use a Cipher Object in Java to do de/encryption.

Keep your keys in a password protected KeyStore.

Next Time

How to make connections across the Internet.

TCP/IP protocol

Sockets in Java.