1 / 16

Java Cryptography

Java Cryptography.

kdenise
Download Presentation

Java Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Java Cryptography This is a presentation on how to implement a hybrid combination of RSA asymmetric encryption and AES symmetric encryption using the Java language, the Bouncy Castle Cryptographic libraries and the Logical Answers LaCrypto.jar. It is assumed the audience is familiar with Cryptography and aware of the difference between asymmetric and symmetric encryption. Also, the audience should be experienced in coding with Java. Logical Answers Cryptography

  2. Required Software Download the following software to implement the RSA/AES cryptographic functions. • Bouncy Castle Jars ver 1.49 – www.BouncyCastle.org - bcprov-jdk15on-149.jar - bcpkix-jdk15on-149.jar • Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 - http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html. Copy the contents of the zip file to the jre7\lib\security directory. (Make a backup before overwriting) - UnlimitedJCEPolicyJDK7.zip • LaCrypto.jar from Logical Answers Inc. • Java Development Kit version 7 - www.oracle.com Logical Answers Cryptography

  3. Implementation Agenda To implement RSA/AES cryptographic functions using Java, Bouncy Castle libraries and the LaCrypto.jar, we will present the following examples. • Generate a pair of RSA public/private encryption keys. • Save the public encryption key in an X509Certificate and the private decryption key and certificate in a password protected KeyStore. • Encrypt and digitally sign a text message. • Decrypt the text message and verify its signature. • Encrypt a file. • Encrypt a Java Object. • Securely delete a file. Logical Answers Cryptography

  4. Generate Asymmetric Keys • The KeyStoreClerk will generate a pair of RSA public/private encryption keys. It will store the public encryption key in a certificate and both keys in a password protected KeyStore file. • You can designate key size and storage locations. • Code Snippet org.bouncycastle.asn1.x500.X500Name tName = CertClerk.createSubjectX500Name( "John X. Doe", //-Common name "jxdoe@acme.com", //-e-mail "ACME Org", //-Organization "X Dept.", //-Organization Unit "Detroit", //-City "MI", //-State "US"); //-Country tRC = tKSClerk.createKeyStoreAndExportCert( CryptoDef.ksTypeJKS, //-KeyStore type CryptoDef.keySizeRSASMS, //-2048 "jxdoe", //-Alias used to name the keystore and cert file tName, //-Information for certificate new java.util.Date(), //-Starting date UtilDate.getDate(2020, 12, 31), //-End date "jxdoe@acme.com", //-E-mail contained within certificate "F:", //-Directory to save the KeyStore false, //-Is KeyStore Backup Required null, //-Where to save the backup if required "F:", //-Directory to save the Certificate “password".toCharArray()); //-Password for the keystore Logical Answers Cryptography

  5. Encrypt/Sign a Text Message A text message can be encrypted and digitally signed using the following steps. • Use the KeyStoreClerk to load the KeyStore so you have access to the RSA private decryption key for generating a digital signature on the encrypted data. • Load the certificate so you have access to the RSA public encryption key for securing the text. • Use the KeyStoreClerk to encrypt and digitally sign the text message. Logical Answers Cryptography

  6. Loading a KeyStore • Use the KeyStoreClerk to load the password protected keystore. • The KeyStoreClerk will have access to the private decryption key which can be used to create a digital signature during the encryption process. • Code Snippet Object tRC = tKSClerk.loadCurrKStore(tKSFileName, "abc123".toCharArray()); if (tRC instanceof ErrMessage) { System.out.println("\n-FAILED to load KeyStore: " + tRC); System.exit(-1); } Logical Answers Cryptography

  7. Loading a Certificate • The CertClerk class will load a certificate allowing access to the RSA public encryption key. • After the certificate is loaded, extract the public key. • The certificate can be distributed to others so that they can encrypt files and e-mail them to you as attachments since only the owner of the private key can decrypt them. • Code Snippet //-Load Certificate String tCertName ="F:\\" + tKSClerk.currKSAlias() + ".cer"; Object tRC = CertClerk.loadCert(tCertName); if (tRC instanceof ErrMessage) { System.out.println("Failed to load cert: " + tRC); System.exit(-1); } java.security.cert.X509Certificate tCert = (java.security.cert.X509Certificate)tRC; Logical Answers Cryptography

  8. Encrypt and Sign Text • The KeyStoreClerk class provides the Cryptographic encrypt/decrypt/sign functions for text, files and Java Objects. • To encrypt text, instantiate a KeyStoreClerk and call the method encryptAndSignText. • To add the digital signature, a private key is required so the KeyStore must be loaded first. • Code Snippet //-Encrypt text and add digital signature Object tRC = tKSClerk.encryptAndSignText( tCert, //-Holds public key to encrypt "sample.txt", //-Name of file to store the text "f:\\", //-Directory to store the encrypted file tKSClerk.currKSAlias(), //-Alias of Keystore "This is a test message"); //-Test to encrypt if (tRC instanceof ErrMessage) { System.out.println("FAILED to encrypt text: " + tRC); System.exit(-1); } Logical Answers Cryptography

  9. Verifying Digital Signature • The KeyStoreClerk can verify the digital signature stored in the header of a signed file. • The KeyStoreClerk will search for a matching certificate and use its public key to verify the signature. • Code Snippet //-Verify Signature Object tRC = tKSClerk.verifySignatureInFile( new java.io.File(tEncryptedFile), "F:\\", //-Local certificate directory null); //-No network dir of certs if (tRC instanceof ErrMessage) { System.out.println("FAILED to Verify Signature: " + tRC); System.exit(-1); } Map<String,Object> tMap = (Map<String,Object> )tRC; System.out.println("Verify Signature: " + tMap.get("VALID")); Logical Answers Cryptography

  10. Decrypting a File An encrypted file can be decrypted using the following steps. • Select a file to be decrypted, e.g. C:\sample.txt.jxdoe_1107.ASG. • Use the KeyStoreClerk to load the KeyStore so you have access to the RSA private decryption key. • Use KeyStoreClerk to decrypt the file and write out the results. • If the file has been digitally signed, the KeyStoreClerk can validate the signature. Logical Answers Cryptography

  11. Decrypt with KeyStoreClerk • The KeyStoreClerk can decrypt an encrypted file once the password protected KeyStore has been loaded. • After the file has been decrypted, it is written to the same file name excluding the alias and file extension. For example, sample.txt.jxdoe_377f.ASG gets decrypted into sample.txt. • Code Snippet //-Decrypt text tRC = tKSClerk.decryptFileAndSaveToDisk( new java.io.File(tEncryptedFile), //-File Name of encrypted data "F:\\"); //-Where to store the decrypted file if (tRC instanceof ErrMessage) { System.out.println("FAILED to decrypt text: " + tRC); System.exit(39); } String tDecryptedFileName = (String)tRC; System.out.println("Decrypted File: " + tDecryptedFileName); Logical Answers Cryptography

  12. Encrypt a File • To encrypt a file, instantiate a KeyStoreClerk, load the certificate whose public key you want to use and call the method encryptFile. • Code Snippet //-Encrypt file tRC = tKSClerk.encryptFile(new java.io.File("F:\\LAOWL.GIF"), tCert, //-Holds public key to encrypt "f:\\", //-Directory to store the encrypted file tKSClerk.currKSAlias()); //-Alias of Keystore if (tRC instanceof ErrMessage) { System.out.println("FAILED to encrypt file: " + tRC); System.exit(-1); } System.out.println(tRC); Logical Answers Cryptography

  13. Encrypt a Java Object • The SwapClerkSecure class provides the Cryptographic encrypt/decrypt functions for Java Objects. • To encrypt a Java object such as a HashMap, call the method dumpObjIntoEncryptedFile. • Only objects that implement serializable can be encrypted and written to a file. • Code Snippet //-Encrypt Java Object Map<String,Object> tHashMap = new HashMap<String,Object>(); tMap.put("test", new Double(3.14)); Object tRC = SwapClerkSecure.dumpObjIntoEncryptedFile( tHashMap, //-Serializable object ot encrypt "F:\\", //-Where to save the encrypted object "MyMap.swp", //-FileName of encrypted file tKSClerk.currKSCertificate(), //-Holds public key tKSClerk.currKSAlias(), //-Alias to append to encrypted file tKSClerk); if (tRC instanceof ErrMessage) { System.out.println("FAILED to encrypt Java object: " + tRC); } System.out.println("Encrypted Java Object: " + tRC); Logical Answers Cryptography

  14. Secure Deletion • The FileClerk can securely delete any type of file. The technique is to overwrite the contents of the file. • Solid State Drives (SSD) such as USB flash drives pose a security risk due to updates being written to new pages which making overwrites difficult. • Code Snippet //-Securely Delete file tRC = FileClerk.deleteFileSecure(tDecryptedFileName); System.out.println("Securely deleting file " + tDecryptedFileName + "\r\nResult: " + tRC + "\r\n"); Logical Answers Cryptography

  15. References • Source code for the presentation is in the file, LaCryptoJarSample.java on the Logical Answers Inc. website on the education page. • Hook, David. Beginning Cryptography with Java. Wrox Press. ISBN: 0-7645-9633-0. August 2005. 448 pages. • Horstman, Cay and Cornell, Gary. Core Java 2 Volume II-Advanced Features. Sun Microsystems Press. ISBN: 0-13-092738-4. 2002. 1024 pages. • Singh, Simon. The Code Book. Doubleday ISBN: 0-38-549531-5. September 14, 1999. 416 pages. Logical Answers Cryptography

  16. Contact Information Logical Answers Inc. 491 Leetonia Ave Troy, Michigan 48085-5518 (248) 528-4498 www.LogicalAnswers.com jhwong@logicalanswers.com We offer custom programming and technology consulting services. Our DocuArmor suite of cryptographic products are for sale offering encryption and secure socket communications. Logical Answers Cryptography

More Related