Šifrovanie v Jave

1. Šifrovanie v Jave

2. JCE Dôležité triedy a interface: • Cipher • MAC • SecureRandom • KeyGenerator • KeyPairGenerator • Signature • KeyStore

3. JCE JAVA API JS API JCA JCE

4. JCE Abstraction Layer Application code JCE/JCA API Service Provider Interface JCE/JCA SPI Classes In Provider Provider Internal Classes Provider functionality

5. Generovanie symetrického kľúča private static Key createKey() throws Exception { Key k = null; KeyGenerator kg = KeyGenerator.getInstance(“AES”); k = kg.generateKey(); return k; }

6. Generovanie asymetrického kľúča private static KeyPair createKeyPair() throws Exception { KeyPair k = null; KeyGenerator kg = KeyGenerator.getInstance(“RSA”); k = kg.generateKeyPair(); return k; }

7. Generovanie asymetrického kľúča private static PublicKeygetPubliceKey(KeyPair kp) throws Exception { return kp.getPublic(); } private static PrivateKeygetPrivateKey(KeyPair kp) throws Exception { return kp.getPrivate(); }

8. Šifrovanie • Vytvoríme alebo načítame inštanciu triedy Key • Vytvoríme inštanciu triedy Cipher v šifrovacom móde • Vykonáme šifrovanie

9. Šifrovanie private static byte[]encrypt(String plainText, PrivateKey pk) throws Exception { byte[] plainData = plainText.getBytes(“UTF-8”); Cipher c = Cipher.getInstance(“RSA”); c.init(Cipher.ENCRYPT_MODE, pk); byte[] cipherData = c.doFinal(plainData); return cipherData; }

10. Dešifrovanie • Načítame inštanciu triedy Key • Vytvoríme inštanciu triedy Cipher v dešifrovacom móde • Vykonáme dešifrovanie

11. Dešifrovanie private static byte[] decrypt(byte[] cipherData, PublicKey pk) throws Exception { Cipher c = Cipher.getInstance(“RSA”); c.init(Cipher.DECRYPT_MODE, pk); byte[] plainData = c.doFinal(plainData); return plainData; }

12. Import certifikátov private static Certificate getCertificate (File file) throws Exception { Certificate certificate = null; FileInputStream is = new FileInputStream(file); CertificateFactory cf = CertificateFactory.getInstance(“X.509”); certificate = cf.generateCertificate(is); return certificate; }

13. Hashovaciefunkcie public byte[] getHash(String input) throws Exception { MessageDigest messageDigest =MessageDigest.getInstance(“SHA”); messageDigest.reset(); messageDigest.update(input.getBytes(“UTF-8”)); return messageDigest.digest(); }

14. Digitálny podpis public static byte[] sign(String input, PrivateKey pk) throws Exception { Signature sign = Signature.getInstance(“DSA”); signature.initSign(pk); signature.update(input.getBytes(“UTF-8”)); return signature.sign(); }

15. Digitálny podpis public static boolean verify(byte[] input, PublicKey pk) throws Exception { Signature sign = Signature.getInstance(“DSA”); signature.initVerify(pk); return signature.verify(input); }

16. Java Keytool keytool -genkey –alias ALIAS -keystore main.keystore -keypass KEYPASS -storepass STOREPASS -keyalg RSA keytool -exportcert -alias ALIAS –file certificate.cer -keystore main.keystore -keypass KEYPASS -storepass STOREPASS

17. Keystore private static Key getKey() throws Exception{ Key k = null; KeyStore ks = KeyStore.getInstance(“jks”); ks.load(new FileInputStream(“main.keystore”), “STOREPASS”.toCharArray()); k = ks.getKey(“ALIAS”, “KEYPASS”.toCharArray()); return k; }

18. Keystore private static void saveKey() throws Exception{ Key k = null; KeyStore ks = KeyStore.getInstance(“jks”); KeyGenerator kg = KeyGenerator.getInstance(“AES”); k = kg.generateKey(); ks.setKeyEntry(“ALIAS”, k, “KEYPASS”.toCharArray(), null); ks.store(new FileOutputStream(“main.keystore”), “STOREPASS”.toCharArray()); }

19. Jarsigner Základný tvar príkazu: jarsignerjar-filealias jar-file – cesta a meno súboru, ktorý chceme podpisovať alias - alias identifikujúci súkromný kľúč, ktorý bude použitý na podpísanie .jar súboru jarsigner–keystoremain.keystore –storepassSTOREPASS –keypassKEYPASS file.jar ALIAS

20. TLS • vygenerovanie páru kľúčov • vytvorenie certifikátu • vytvorenie aplikácie typu klient-server komunikujúci cez SSLServerSocket a SSLSocket

21. TLS - Server • prístup k súkromnému kľúču(dekódovanie správ) • prístup k certifikátu(musí ho poslať klientovi) • vytvoriť SSL server socket

22. TLS - Server Normálne sockety: serverSocket = new ServerSocket(port); clientSocket = serverSocket.accept();

23. TLS - Server Štruktúra zdrojového kódu: importy public class SecureSocketServer { deklarácia premenných public static voi main(String[] args) { inicializáciaSSLServerSocket sslClientSocket = (SSLSocket) SSLServerSocket.accept(); asociácia I/O streamov so socketmi Input/Output (komunikácia) zatváranie socketov a streamov } }

24. TLS - Server import java.net.*; import java.io.*; import javax.net.ssl.*; import java.security.*; public class SecureSocketServer { static final String KEYSTORE = "myStore.ks"; static final String STOREPASSWD = "123456"; static final String ALIASPASSWD = "123456";

25. TLS - Server public static void main(String[] args) throws Exception { KeyStore ks = KeyStore.getInstance("JCEKS"); ks.load( new FileInputStream( KEYSTORE ), STOREPASSWD.toCharArray() ); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init( ks, ALIASPASSWD.toCharArray() ); SSLContext sslContext = SSLContext.getInstance( "TLS" );

26. TLS - Server sslContext.init( kmf.getKeyManagers(), null, null ); SSLServerSocketFactory sslServerFactory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerFactory.createServerSocket(4444); sslServerSocket.setEnabledCipherSuites( sslServerSocket.getSupportedCipherSuites());

27. TLS - Server SSLSocket sslClientSocket = (SSLSocket)sslServerSocket.accept();

28. TLS - Server PrintWriter out = new PrintWriter(sslClientSocket.getOutputStream(), true); BufferedReader in = new BufferedReader(new InputStreamReader( sslClientSocket.getInputStream())); String inputLine = in.readLine(); if (inputLine.equals("Hello")) out.println("Connection established"); else out.println("Connection refused");

29. TLS - Server out.close(); in.close(); sslClientSocket.close(); sslServerSocket.close(); } }

30. TLS - Klient SSLContext sslContext = SSLContext.getInstance( "TLS" ); KeyStore ts = KeyStore.getInstance("JCEKS"); ts.load(new FileInputStream(TRUSTSTORE), TRUSTSTOREPASSWD.toCharArray()); TrustManagerFactory tfm = TrustManagerFactory.getInstance("SunX509"); tfm.init(ts); sslContext.init(null, tfm.getTrustManagers(), null ); SSLSocketFactory sslFact = sslContext.getSocketFactory(); SSLSocket client = (SSLSocket)sslFact.createSocket("localhost",4444); client.setEnabledCipherSuites( client.getSupportedCipherSuites());