I have written this blog for the next blog, which is prepared for XML Encryption. This article mainly talks about encryption and digital signatures in passwords, and how it is used in Java. Partners who are interested in passwords, recommend watching Bruce Schneier: Applied Crypotography. There is a great improvement in security in JDK1.5 release, and also provides direct support for RSA algorithms. Now we will solve problems from instances (this article is only a simple introduction): First, password is common Concept: 1) Message Abstract: This is a technique that is combined with message authentication code to ensure message integrity. Mainly uses a one-way hash function algorithm, which can be used to inspect the integrity of the message, and is saved directly through the hash password, etc., the currently used algorithms are MD4, MD5, SHA-1, JDK1.5 provides above. Support, the message summary in Java is simple, java.security.MessageDigest provides an easy way: / ** * messagedigestexample.java * Copyright 2005-2-16 * / import java.security.MESSAGEDIGEST; / * * * Single message summary algorithm, does not use password. Can be used to hide the plain text message (such as: password) hidden save * / public class messagedigestexample {public static void main (String [] args) throws exception {if (args.length! = 1) {System.err.Println ("USAGE: Java MessageDigestexample); System.exit (1);} Byte [] plaintext = args [0] .getbytes (" UTF8 "); // Use GetInstance (" Algorithm ") to obtain a message summary, here use SHA-1 160-bit algorithm MessageDigest MessageDigest = MessageDigest.getInstance (" SHA-1 "); System.out.Println (" / N " MessageDigest.getProvider (). GetInfo )); // Start using Algorithm MessageDigest.Update (PLAINTEXT); System.Out.println ("/ NDigest:"); // Output Algorithm Complete System.out.println (New String (Messagest.digest (), " UTF8 "));}} can also be encrypted through the message authentication code, Javax.crypto.mac provides a solution, and interesters can refer to the relevant API documentation, this article is just a brief introduction to what is a summary algorithm. 2) Private Key Encryption: The message summary can only check the integrity of the message, but one-way, the text message cannot be encrypted, if you want to encrypt the text, you need to use other algorithms, to ensure confidentiality, we need to use Private key cryptography to exchange private messages. This is best understood, using a symmetric algorithm.
For example: A uses a key to encrypt a file, and the B is read, the key is needed, and the two sides share a private key (while in the web environment, the private key is easily listened when passed. : Use the private key encryption, first require a key to generate a key (Java.Security.Key), then pass to a javax.crypto.cipher, the tool reuse The corresponding algorithm is encrypted, the main symmetric algorithm is: DES (actual key only 56 bits), AES (support three key lengths: 128, 192, 256), usually 128 bits, other DeSede et al, JDK1.5 also provides support for symmetric algorithms, the following examples are encrypted using the AES algorithm: / ** * privateexmaple.java * Copyright 2005-2-16 * / Import javax.crypto.cipher; import javax. Crypto.KeyGenerator; import java.security.Key;
/ ** * Private encryption, guarantee message confidentiality * / public class privateexample {public static void main (String [] args) throws exception {if (args.length! = 1) {system.err.println ("usage: Java privateexample
However, the speed is very slow (100 to 1000 times more encryption than the private key), and the main algorithm of the public key has RSA, including Blowfish, Diffie-Helman, etc., JDK1.5 provides support for RSA, is a way of improvement: / ** * PublicExample.java * Copyright 2005-2-16 * / import java.security.Key; import javax.crypto.Cipher; import java.security.KeyPairGenerator; import java.security.KeyPair; / ** * a simple Public Class encryption example, Cipher class uses KeypairGenerator generated public 鈅 and private * / public class public "{iver (string [] args) throws exception {if (args.length! = 1) {system.err. Println ("Usage: Java PublicExample
The above A is sent to B, b, and B use the private key to decrypt the data, the problem is, since it is used to use the public key encryption, how do you verify that the message sent? The above mentioned, the private key is unique, then A can use A his own private key to encrypt, then use B to decrypt the public key of A, it is possible; the principle of digital signatures is based on this, and usually In order to demonstrate the authenticity of the transmitted data, the short message content is obtained by utilizing a message summary, and then the encrypted scheduling data and the message are transmitted together. Java provides a good support for digital signatures, and the Java.Security.Signature class provides message signature: / ** * DigitalSignature2example.java * Copyright 2005-2-16 * / Import java.security.signature; import java.security. Keypairgenerator; import java.security.keypair; import java.security.signatureException;
/ ** * Digital Signature, use the RSA private key to sign the message summary, then use public Class DigitalSignature2example {public static void main (string [] args) throws exception {if (args.length! = 1 ) {System.err.Println ("USAGE: Java DigitalSignature2example
5) Digital certificate. There is also a problem, that is, the public key problem, A is encrypted with the private key, then B is accepted by the message, decrypt the public key provided by A; then there is a nasty C, he intercepts the message, then use his own Private key encryption, simultaneously send his public key to B, and tell B, that is a public key, result .... At this time, it is necessary to talk to a middle institution (believe in authority, I am correct) There is a Certificate Authority (ie CA), a famous CA organization has VeriSign, and the current digital authentication industry is: ccitt X.509: Digital certificate: It encapsulates an identity identifier along with the public key, and Digital signature is performed by a third party called an authentication center or CA. Keyport: Java platform provides you with a keystore, a repository for a key and certificate. Alternatively, the keystore is a file default name to .KeyStore (there is an option to make it an encrypted file). The key and certificate can have a name (called alia), each alias, is protected by unique password. The key library itself is also protected by password; you can choose to match each alias password with the main keystore password. Use tool Keytool, let's do a self-certified matter (I believe my certification): 1. Creating a keystool keytool -genkey -v -alias feiuserkey -keyalg RSA default in its own home directory (Windows system is C : / Documents and settings /
Second, JAR's signature: We have learned how to create your own certificate, now you can start understanding how to sign the JAR file, the JAR file is equivalent to the zip file in Java, allowing multiple Java class files to one. Jar In the extension file, you can then digitally sign this JAR file to confirm its source and authenticity. The receiver of the JAR file can determine whether the code is trusted according to the signature of the sender, and be confident that the content is not tampered with before receiving. At the same time, in the deployment, access to machine resources can be assigned based on the signature of the access control statement in the policy file. In this way, some applets are safely inspected. Use the Jarsigner tool to sign the JAR file: Now we have a Test.jar file (you can use the JAR command line tool to generate): Jarsigner Test.jar FeiUserKey (here we create the certificate), the details can be entered Jarsigner View Help to verify its authenticity: jarsigner -verify test.jar (note that the JAR is modified, but no test is reduced, if new content is added, but also prompts, but will not be prompted.) Using Applet:
