Chapter 3. Cryptography with Java

Cryptography, or the art, science and mathematics of keeping messages secure, is at the heart of modern computer security. Primitive cryptographic operations such as one-way hash functions, also known as message digests, and encryption, either with symmetric or asymmetric algorithms, form the basis for higher level mechanisms such as MAC (Message Authentication Code), digital signature and certificates. At yet another level, these are merely building blocks for security infrastructure consisting of PKI, secure communication protocols such as SSL and SSH, and products incorporating these technologies.

The study of principles and algorithms behind these cryptographic operations and security protocols is fascinating but of little practical relevance to a Java programmer. A typical Java programmer programs at a much higher level, dealing mostly with the APIs, configuration options, proper handling of cryptographic entities such as certificates and keystores, and interfacing with other security products to satisfy the application's security needs. At times, there may be decisions to be made with respect to the most appropriate mechanism, algorithms, parameters and other relevant aspects for solving the problem at hand. At other times, the challenge may be to design the application so that it can be deployed under different situations to satisfy different security and performance needs. At yet other times, the primary objective may be simply to achieve the best possible performance, scalability and availability of the application without compromising the level of security by selecting the right security products. Our discussion of cryptography with Java in this and subsequent chapters is structured around this notion of usefulness and practicality to a typical Java programmer.

Two Java APIs, JCA (Java Cryptography Architecture) and JCE (Java Cryptography Extension) both part of J2SE SDK v1.4, define the general architecture and specific services for cryptographic operations. Among these, JCA was introduced first and specifies the architectural framework for cryptographic support in Java. It also includes Java classes for digital signature, message digest and other associated services. JCE classes follow the same general structure as JCA classes, and include classes for encryption and decryption, MAC computation and a few others. We discuss the JCA architectural framework and explore various cryptographic services available with JCA and JCE in this chapter. Toward this, we develop simple programs making use of these APIs and look at their source code.

Though we talk about some of the JCA and JCE APIs and present code fragments, the discussion of Java interfaces, classes and methods is anything but exhaustive. Our intent is to get a better view of the overall picture and understand their inter-relations. If you do need the complete information on any specific topic, refer to the J2SE SDK Javadocs and the respective specification documents. Keep in mind that the purpose of this chapter is to make you, a Java and J2EE programmer, feel at home with cryptographic capabilities of Java and not to make you an expert on developing security software.