This homework/lab will help you explore the security and cryptographical concepts we are learning in class so you can better understand them. Let us begin by recapping the main concepts in security and cryptography. We will also introduce some terminology and concepts that we have not previously covered.
A lot of the classes for performing security and cryptographical functions is in the java.security package. Look up the Java documentation on this package by typing the phrase
java 8 java.security package
or by pointing your browser to
http://docs.oracle.com/javase/8/docs/api/java/security/package-summary.html
Lab Learning Exercise Make a note of the following interfaces and classes in the java.security package. Research these terms as they apply to java cryptographical architecture and to security in general. Write a short paragraph that explains each of these classes and submit as part of this homework. You should include a few of the methods of these classes and interfaces in your discussion. Use your judgement as to the methods or fields you consider the most important for discussion. Keep your notes for future reference. This exercise will not be graded.
Homework Problem 1. Write a Java program that lists all the java security providers available on your system. You can think of a security provider as a collections of services, where each service has a type and an algorithm. To do this, you will need to research the java.security.Provider and java.security.Security classes.
Your program should start by listing the name of every provider available, followed by information on the provider. You can use the getName() and getInfo() methods of the Provider class to achieve this.
Your program should also list for each provider, the type and algorithm for every service that that particular provider provides. Here is an example of what your output should look like.
Information on Available Providers: SUN SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration) SunRsaSign Sun RSA signature provider SunEC Sun Elliptic Curve provider (EC, ECDSA, ECDH) SunJSSE Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1) SunJCE SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC) SunJGSS Sun (Kerberos v5, SPNEGO) SunSASL Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM) XMLDSig XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory) SunPCSC Sun PC/SC provider SunMSCAPI Sun's Microsoft Crypto API provider Here are all providers with types of service and algorithm provided: SUN Service Type: SecureRandom Algorithm: SHA1PRNG Service Type: Signature Algorithm: SHA1withDSA Service Type: Signature Algorithm: NONEwithDSA Service Type: KeyPairGenerator Algorithm: DSA Service Type: MessageDigest Algorithm: MD2 Service Type: MessageDigest Algorithm: MD5 Service Type: MessageDigest Algorithm: SHA Service Type: MessageDigest Algorithm: SHA-256 Service Type: MessageDigest Algorithm: SHA-384 Service Type: MessageDigest Algorithm: SHA-512 Service Type: AlgorithmParameterGenerator Algorithm: DSA Service Type: AlgorithmParameters Algorithm: DSA Service Type: KeyFactory Algorithm: DSA Service Type: CertificateFactory Algorithm: X.509 Service Type: KeyStore Algorithm: JKS Service Type: KeyStore Algorithm: CaseExactJKS Service Type: Policy Algorithm: JavaPolicy Service Type: Configuration Algorithm: JavaLoginConfig Service Type: CertPathBuilder Algorithm: PKIX Service Type: CertPathValidator Algorithm: PKIX Service Type: CertStore Algorithm: LDAP Service Type: CertStore Algorithm: Collection Service Type: CertStore Algorithm: com.sun.security.IndexedCollection SunRsaSign Service Type: KeyFactory Algorithm: RSA Service Type: KeyPairGenerator Algorithm: RSA Service Type: Signature Algorithm: MD2withRSA Service Type: Signature Algorithm: MD5withRSA Service Type: Signature Algorithm: SHA1withRSA Service Type: Signature Algorithm: SHA256withRSA Service Type: Signature Algorithm: SHA384withRSA Service Type: Signature Algorithm: SHA512withRSA SunEC Service Type: KeyFactory Algorithm: EC Service Type: AlgorithmParameters Algorithm: EC Service Type: Signature Algorithm: NONEwithECDSA Service Type: Signature Algorithm: SHA1withECDSA Service Type: Signature Algorithm: SHA256withECDSA Service Type: Signature Algorithm: SHA384withECDSA Service Type: Signature Algorithm: SHA512withECDSA Service Type: KeyPairGenerator Algorithm: EC Service Type: KeyAgreement Algorithm: ECDH SunJSSE Service Type: KeyFactory Algorithm: RSA Service Type: KeyPairGenerator Algorithm: RSA Service Type: Signature Algorithm: MD2withRSA Service Type: Signature Algorithm: MD5withRSA Service Type: Signature Algorithm: SHA1withRSA Service Type: Signature Algorithm: MD5andSHA1withRSA Service Type: KeyManagerFactory Algorithm: SunX509 Service Type: KeyManagerFactory Algorithm: NewSunX509 Service Type: TrustManagerFactory Algorithm: SunX509 Service Type: TrustManagerFactory Algorithm: PKIX Service Type: SSLContext Algorithm: TLSv1 Service Type: SSLContext Algorithm: TLSv1.1 Service Type: SSLContext Algorithm: TLSv1.2 Service Type: SSLContext Algorithm: Default Service Type: KeyStore Algorithm: PKCS12 SunJCE Service Type: Cipher Algorithm: RSA Service Type: Cipher Algorithm: DES Service Type: Cipher Algorithm: DESede Service Type: Cipher Algorithm: DESedeWrap Service Type: Cipher Algorithm: PBEWithMD5AndDES Service Type: Cipher Algorithm: PBEWithMD5AndTripleDES Service Type: Cipher Algorithm: PBEWithSHA1AndRC2_40 Service Type: Cipher Algorithm: PBEWithSHA1AndDESede Service Type: Cipher Algorithm: Blowfish Service Type: Cipher Algorithm: AES Service Type: Cipher Algorithm: AESWrap Service Type: Cipher Algorithm: RC2 Service Type: Cipher Algorithm: ARCFOUR Service Type: KeyGenerator Algorithm: DES Service Type: KeyGenerator Algorithm: DESede Service Type: KeyGenerator Algorithm: Blowfish Service Type: KeyGenerator Algorithm: AES Service Type: KeyGenerator Algorithm: RC2 Service Type: KeyGenerator Algorithm: ARCFOUR Service Type: KeyGenerator Algorithm: HmacMD5 Service Type: KeyGenerator Algorithm: HmacSHA1 Service Type: KeyGenerator Algorithm: HmacSHA256 Service Type: KeyGenerator Algorithm: HmacSHA384 Service Type: KeyGenerator Algorithm: HmacSHA512 Service Type: KeyPairGenerator Algorithm: DiffieHellman Service Type: AlgorithmParameterGenerator Algorithm: DiffieHellman Service Type: KeyAgreement Algorithm: DiffieHellman Service Type: AlgorithmParameters Algorithm: DiffieHellman Service Type: AlgorithmParameters Algorithm: DES Service Type: AlgorithmParameters Algorithm: DESede Service Type: AlgorithmParameters Algorithm: PBE Service Type: AlgorithmParameters Algorithm: PBEWithMD5AndDES Service Type: AlgorithmParameters Algorithm: PBEWithMD5AndTripleDES Service Type: AlgorithmParameters Algorithm: PBEWithSHA1AndDESede Service Type: AlgorithmParameters Algorithm: PBEWithSHA1AndRC2_40 Service Type: AlgorithmParameters Algorithm: Blowfish Service Type: AlgorithmParameters Algorithm: AES Service Type: AlgorithmParameters Algorithm: RC2 Service Type: AlgorithmParameters Algorithm: OAEP Service Type: KeyFactory Algorithm: DiffieHellman Service Type: SecretKeyFactory Algorithm: DES Service Type: SecretKeyFactory Algorithm: DESede Service Type: SecretKeyFactory Algorithm: PBEWithMD5AndDES Service Type: SecretKeyFactory Algorithm: PBEWithMD5AndTripleDES Service Type: SecretKeyFactory Algorithm: PBEWithSHA1AndDESede Service Type: SecretKeyFactory Algorithm: PBEWithSHA1AndRC2_40 Service Type: SecretKeyFactory Algorithm: PBKDF2WithHmacSHA1 Service Type: Mac Algorithm: HmacMD5 Service Type: Mac Algorithm: HmacSHA1 Service Type: Mac Algorithm: HmacSHA256 Service Type: Mac Algorithm: HmacSHA384 Service Type: Mac Algorithm: HmacSHA512 Service Type: Mac Algorithm: HmacPBESHA1 Service Type: Mac Algorithm: SslMacMD5 Service Type: Mac Algorithm: SslMacSHA1 Service Type: KeyStore Algorithm: JCEKS Service Type: KeyGenerator Algorithm: SunTlsPrf Service Type: KeyGenerator Algorithm: SunTls12Prf Service Type: KeyGenerator Algorithm: SunTlsMasterSecret Service Type: KeyGenerator Algorithm: SunTlsKeyMaterial Service Type: KeyGenerator Algorithm: SunTlsRsaPremasterSecret SunJGSS Service Type: GssApiMechanism Algorithm: 1.2.840.113554.1.2.2 Service Type: GssApiMechanism Algorithm: 1.3.6.1.5.5.2 SunSASL Service Type: SaslClientFactory Algorithm: DIGEST-MD5 Service Type: SaslClientFactory Algorithm: NTLM Service Type: SaslClientFactory Algorithm: GSSAPI Service Type: SaslClientFactory Algorithm: EXTERNAL Service Type: SaslClientFactory Algorithm: PLAIN Service Type: SaslClientFactory Algorithm: CRAM-MD5 Service Type: SaslServerFactory Algorithm: CRAM-MD5 Service Type: SaslServerFactory Algorithm: GSSAPI Service Type: SaslServerFactory Algorithm: DIGEST-MD5 Service Type: SaslServerFactory Algorithm: NTLM XMLDSig Service Type: TransformService Algorithm: http://www.w3.org/2002/06/xmldsig-filter2 Service Type: TransformService Algorithm: http://www.w3.org/2000/09/xmldsig#enveloped-signature Service Type: TransformService Algorithm: http://www.w3.org/2001/10/xml-exc-c14n#WithComments Service Type: TransformService Algorithm: http://www.w3.org/2001/10/xml-exc-c14n# Service Type: TransformService Algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments Service Type: XMLSignatureFactory Algorithm: DOM Service Type: TransformService Algorithm: http://www.w3.org/2006/12/xml-c14n11 Service Type: TransformService Algorithm: http://www.w3.org/2000/09/xmldsig#base64 Service Type: TransformService Algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315 Service Type: TransformService Algorithm: http://www.w3.org/TR/1999/REC-xpath-19991116 Service Type: TransformService Algorithm: http://www.w3.org/TR/1999/REC-xslt-19991116 Service Type: TransformService Algorithm: http://www.w3.org/2006/12/xml-c14n11#WithComments Service Type: KeyInfoFactory Algorithm: DOM SunPCSC Service Type: TerminalFactory Algorithm: PC/SC SunMSCAPI Service Type: SecureRandom Algorithm: Windows-PRNG Service Type: KeyStore Algorithm: Windows-MY Service Type: KeyStore Algorithm: Windows-ROOT Service Type: Signature Algorithm: NONEwithRSA Service Type: Signature Algorithm: SHA1withRSA Service Type: Signature Algorithm: SHA256withRSA Service Type: Signature Algorithm: SHA384withRSA Service Type: Signature Algorithm: SHA512withRSA Service Type: Signature Algorithm: MD5withRSA Service Type: Signature Algorithm: MD2withRSA Service Type: KeyPairGenerator Algorithm: RSA Service Type: Cipher Algorithm: RSA Service Type: Cipher Algorithm: RSA/ECB/PKCS1Padding
This package contains classes that support the creation of MACs and ciphers, as well as facilities for working with cryptographic keys.
Spend some time studying the documentation for the following classes and/or interfaces
Let us take a look at how to use the Cipher class to encrypt and decrypt. You use the getInstance() method of this class to obtain a Cipher object. A cipher object has an internal buffer that it uses to hold data that has been passed to it to be encrypted. Because data is encrypted in blocks of fixed size, the buffer will hold data until there is enough to form a block, at which time additional encryption will take place. An update() method is used to add data to the cipher so the data can be encrypted. A doFinal() method optionally adds data to the cipher for the last time, and causes all outstanding data to be encrypted. See the Java documentation of these methods.
I found the following clarification of the distinction between update and doFinal() online, you may find it useful.
The following example uses an encryption algorithm called Blowfish in Electronic Code Book mode to encrypt an string entered by the user. Recall that block ciphers may need to pad the data at the end if the amount of data is not a multiple of the blocks size: this example uses a standard way of padding called PKCS5Padding. Note also that the string must be converted to an array of byte before being encrypted. The program prints out the plain text array of bytes, and then encrypts the array to get a cipher text array of bytes. The cipher text bytes are printed out, and then decrypted to recover the plain text array of bytes. The plain text array is converted to string, and the string is printed.
package securityprog2; import javax.crypto.*; import javax.swing.*; public class Main { public static void main(String[] args) throws Exception { String input = JOptionPane.showInputDialog("Enter a string to encrypt:"); KeyGenerator keyGenerator = KeyGenerator.getInstance("Blowfish"); // keyGenerator.init(128); SecretKey key = keyGenerator.generateKey(); System.out.println("Done generating the key"); // Attempt to encrypt some text Cipher cipher = Cipher.getInstance("Blowfish/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] plainText = input.getBytes("UTF-8"); // Print out the bytes of the plainText System.out.println("\nPlaintext: "); for (int i = 0; i < plainText.length; i++) { System.out.print(plainText[i] + " "); } //Perform the actual encryption byte[] cipherText = cipher.doFinal(plainText); // Print out the bytes of the plainText System.out.println("\nCiphertext: "); for (int i = 0; i < cipherText.length; i++) { System.out.print(cipherText[i] + " "); } System.out.println("\nOK"); //Reinitilialize the cipher to decrypt mode cipher.init(Cipher.DECRYPT_MODE, key); //Perform the decryption byte[] decryptedText = cipher.doFinal(cipherText); // Print out the decrypted text System.out.println("\nDecrypted text: "); for (int i = 0; < decryptedText.length; i++) { System.out.print(decryptedText[i] + " "); } System.out.println("\nOK"); System.out.println("Decrypted string is :"); System.out.println(new String(decryptedText, "UTF-8")); } }
Use Cut and Paste to get this program into Netbeans (or whatever your favorite IDE is) and run it. Consult the list of Security Providers you printed out previously, and modify this program to use a different (symmetric) encryption algorithm. For example, you might use AES (Advanced Encryption Standard), DES, or RC2. Submit the zipped up Netbeans folder, or the source file.