View
213
Download
0
Embed Size (px)
Citation preview
The Java Crypto API
ICW Lecture 3
Tom Chothia
Reminder of Last Time:
• Your programs defines “Classes”.
• Each class defines “Objects”.
• An Object is defined as having a number of “Fields” that store data...
• ...and a number of “Methods” that perform computation.
This Time:
• Read and write from files.• Generate and handle keys.• How to encrypt and decrypt– public key encryption,
– and symmetric key encryption.
• Hashes.• Keystores
But this Lecture is Really About: APIs
• APIs are Application Programming Interfaces.
• They are libraries of useful programs that do most of the work for us.
• A lot of programming Java is using the right API.
Reading and Writing to a File
Make a java.io.File object. Get the input and output streams. Put wrappers round the steams, e.g.,
PrintReader for strings. DataInputString for bytes.
Read and write using .read and .write. Close using .close.
Code Demo
See ReadWriteFile.java
Symmetric Key Encryption
• Symmetric key encryption uses the same key to encrypt and decrypt the message.
encrypt (plain text, key) = cipher text
decrypt(cipher text, key) = plain text
Symmetric key encryption is fast, but handling the key can be difficult.
Popular Types of Symmetric Encryption
• Advanced Encryption Stardard (AES)– A good cipher, maybe the best.
• Data Encryption Standard (DES)/3DES– The old stardard, key now to short.– Still OK if you us it 3 times.– Used in e-passports.
Popular Types of Symmetric Encryption
• BlowFish– Like AES,
• RC4: Rivest Cypter 4– Fast, used in SSL, WPA, problem is related
keys are used in different sessions.
Public Key Cryptography
Public Key Cryptography uses 2 keys:– A public key for encryption– A private key for decryption.
You can tell anyone you public and anyone can encrypt data just for you.
Only you can read the message.
Types of Public Key Cryptography
• Diffie-Hellman– First public key system.
– Security based on the logs.
• RSA– Most common public key system.
– Security based on factoring large primes
– If in doubt use RSA
• Elliptic Curve– Based on curves in a finite field.
Useful APIs for Crypto
javax.crypto.Cipher:– the Cipher object does the encryption.
java.security.Key– a cryptographic key
java.secuity.KeyFactory– Turn bytes into Key Objects.
Also RSAPublicKey, X509EncodedKeySpec,...
(remember cmd-shirt-O in Eclipse).
java.security.KeyGenerator
Create the object with:
kg = KeyGenerator.getInstance(<Crypto Type>);
Give the key length (if needed):
kg.initialize(1024);
Read out the key:
Key key = kg.genKeyPair();
java.security.KeyPairGenerator
Create the object with:
kg = KeyPairGenerator.getInstance(<Crypto Type>);
Key the key length: kg.initialize(1024);
Read out the keys:
KeyPair keypair = kg.genKeyPair();
PrivateKey privKey = keypair.getPrivate();
PublicKey publicKey = keypair.getPublic();
Encryption In Java
Steps to encrypt data in Java (see example code):
• Import package• Create a cipher object• Initiate the cipher object with the scheme you
want in encrypt or decrypt mode.• Pass the object the data you want to encrypt.• Read the cipher text out. • Decrypt in the same way.
Code Demo
Encrypt file
Summary
I've just shown you how to • Read and write from files.• Generate keys.• How to encrypt and decrypt.
Still to come:• Read and write keys to files• Keystores• Hashes
Java keytool
Most Java programs use existing keys rather than create keys themselves.
The keytool command can be used to generate keys outside Java.
Saving a Key
We can read and write the bytes of a key to a file.
This is a bad idea.
We want to – protect read access to private keys,– and make sure the publics ones are
real.
The KeyStore Class
• A KeyStore holds password protected private keys and public keys as certicates.
• Make keystores using the keytool e.g.
keytool -genkey -keyalg RSA
-keypass password -alias mykey
-storepass storepass
-keystore myKeyStore
Demo
Making a KeyStore with the keytool
KeyStore Methods
• getInstance(“JKS”): – creates a keystore
• Load(file,password): – loads key data from a file using
password.
• getKey(alias,password) – get the key “alias” with given password
• getCertificate(alias) – gets a public key as a certificate
File Encryption Program
• Combining these we can write a program to encrypt files.
• See demo.
Hashes
A hash of any Object is a short string generated from that Object.
The hash of an object is always the same. Any small change makes the hash total
different. It is very hard to go from the hash to the
object. It is very unlikely that any two different
objects have the same hash.
Types of Hash Algorithm
• SHA-1, SHA-2 current standard, however it is possible to file two messages that have the same hash.
• MD5 often used for error checking can also find two files with the same hash.
Hashes in Java
See Hash.java
Uses of Hashing
• Download verification
• Message Verification
• Passwords (demo)
Password Cracking
• If an attacker gets the password shadow file
– they can try to guess a password– and check if the hash of their guess is
in the list.
• Truly random passwords are safe.
• Dictionary words are not.
Exercise 1: SHA1 password cracker.
In 1 week I will give you a shadow file of SHA1 hashed passwords.
You have to write a program that– Guesses a password– Hashes the Guess– Checks to see if it is in the list.
Hint: find a list of common passwords online, and use this to build more.
Conclusion
Encryption can be public key or symmetrical.
Use a Cipher Object in Java to do de/encryption.
Keep your keys in a password protected KeyStore.
Next Time
How to make connections across the Internet.
TCP/IP protocol
Sockets in Java.