The Java Crypto API

advertisement
The Java Crypto API
ICW Lecture 3
Tom Chothia
Reminder of Last Time:
• Your programs defines “Classes”.
• Each class defines “Objects”.
• An Object is defined as having a number of
“Fields” that store data...
• ...and a number of “Methods” that perform
computation.
This Time:
• Read and write from files.
• Generate and handle keys.
• How to encrypt and decrypt
–
public key encryption,
–
and symmetric key encryption.
• Hashes.
• Keystores
But this Lecture is Really
About: APIs
• APIs are Application Programming
Interfaces.
• They are libraries of useful programs
that do most of the work for us.
• A lot of programming Java is using the
right API.
Reading and Writing to a File





Make a java.io.File object.
Get the input and output streams.
Put wrappers round the steams, e.g.,

PrintReader for strings.

DataInputString for bytes.
Read and write using .read and .write.
Close using .close.
Code Demo

See ReadWriteFile.java
Symmetric Key Encryption
• Symmetric key encryption uses the same key
to encrypt and decrypt the message.
encrypt (plain text, key) = cipher text
decrypt(cipher text, key) = plain text
Symmetric key encryption is fast, but handling
the key can be difficult.
Popular Types of Symmetric
Encryption
• Advanced Encryption Stardard (AES)
– A good cipher, maybe the best.
• Data Encryption Standard (DES)/3DES
– The old stardard, key now to short.
– Still OK if you us it 3 times.
– Used in e-passports.
Popular Types of Symmetric
Encryption
• BlowFish
– Like AES,
• RC4: Rivest Cypter 4
– Fast, used in SSL, WPA, problem is related
keys are used in different sessions.
Public Key Cryptography

Public Key Cryptography uses 2 keys:
–
–


A public key for encryption
A private key for decryption.
You can tell anyone you public and
anyone can encrypt data just for you.
Only you can read the message.
Types of Public Key
Cryptography
• Diffie-Hellman
–
–
First public key system.
Security based on the logs.
• RSA
–
–
–
Most common public key system.
Security based on factoring large primes
If in doubt use RSA
• Elliptic Curve
–
Based on curves in a finite field.
Useful APIs for Crypto
javax.crypto.Cipher:
–
the Cipher object does the encryption.
java.security.Key
–
a cryptographic key
java.secuity.KeyFactory
–
Turn bytes into Key Objects.
Also RSAPublicKey, X509EncodedKeySpec,...
(remember cmd-shirt-O in Eclipse).
java.security.KeyGenerator
Create the object with:
kg = KeyGenerator.getInstance(<Crypto Type>);
Give the key length (if needed):
kg.initialize(1024);
Read out the key:
Key key = kg.genKeyPair();
java.security.KeyPairGenerator
Create the object with:
kg = KeyPairGenerator.getInstance(<Crypto Type>);
Key the key length:
kg.initialize(1024);
Read out the keys:
KeyPair keypair = kg.genKeyPair();
PrivateKey privKey = keypair.getPrivate();
PublicKey publicKey = keypair.getPublic();
Encryption In Java
Steps to encrypt data in Java (see example
code):
• Import package
• Create a cipher object
• Initiate the cipher object with the scheme you
want in encrypt or decrypt mode.
• Pass the object the data you want to encrypt.
• Read the cipher text out.
• Decrypt in the same way.
Code Demo

Encrypt file
Summary
I've just shown you how to
• Read and write from files.
• Generate keys.
• How to encrypt and decrypt.
Still to come:
• Read and write keys to files
• Keystores
• Hashes
Java keytool


Most Java programs use existing keys
rather than create keys themselves.
The keytool command can be used to
generate keys outside Java.
Saving a Key

We can read and write the bytes of a
key to a file.

This is a bad idea.

We want to
–
–
protect read access to private keys,
and make sure the publics ones are
real.
The KeyStore Class
• A KeyStore holds password protected
private keys and public keys as
certicates.
• Make keystores using the keytool e.g.
keytool -genkey -keyalg RSA
-keypass password -alias mykey
-storepass storepass
-keystore myKeyStore
Demo

Making a KeyStore with the keytool
KeyStore Methods
• getInstance(“JKS”):
–
creates a keystore
• Load(file,password):
–
loads key data from a file using
password.
• getKey(alias,password)
–
get the key “alias” with given password
• getCertificate(alias)
–
gets a public key as a certificate
File Encryption Program
• Combining these we can write a
program to encrypt files.
• See demo.
Hashes





A hash of any Object is a short string
generated from that Object.
The hash of an object is always the same.
Any small change makes the hash total
different.
It is very hard to go from the hash to the
object.
It is very unlikely that any two different
objects have the same hash.
Types of Hash Algorithm
• SHA-1, SHA-2 current standard,
however it is possible to file two
messages that have the same hash.
• MD5 often used for error checking can
also find two files with the same hash.
Hashes in Java

See Hash.java
Uses of Hashing
• Download verification
• Message Verification
• Passwords (demo)
Password Cracking
• If an attacker gets the password
shadow file
–
–
they can try to guess a password
and check if the hash of their guess is
in the list.
• Truly random passwords are safe.
• Dictionary words are not.
Exercise 1: SHA1 password
cracker.


In 1 week I will give you a shadow file
of SHA1 hashed passwords.
You have to write a program that
–
–
–

Guesses a password
Hashes the Guess
Checks to see if it is in the list.
Hint: find a list of common passwords
online, and use this to build more.
Conclusion



Encryption can be public key or
symmetrical.
Use a Cipher Object in Java to do
de/encryption.
Keep your keys in a password
protected KeyStore.
Next Time

How to make connections across the
Internet.

TCP/IP protocol

Sockets in Java.
Download