Tips & Tricks
Ajs 4 c
Like this presentation? Why not share!
Social SEO and Cross Channel Marketing
by Billy Cripe, CIP
Wrox Professional Microsoft Share...
4 must-do steps for successful soci...
by Deeply Digital
by Wenda Lyons
by Paul Gillin
Scg skyfollow social media sensing ...
by Chris Rigatuso @c...
Email sent successfully!
Show related SlideShares at end
Ajs 4 c
, Software Developer, Web Developer
Jun 04, 2012
Comment goes here.
12 hours ago
Are you sure you want to
Your message goes here
Be the first to comment
Be the first to like this
Number of Embeds
No notes for slide
Ajs 4 c
1. CollaborateKnowledge Byte • In this lesson you will learn about: • Security Tools • keytool • jarsigner • policytool ©NIIT Collaborate Lesson 2B / Slide 1 of 23
CollaborateSecurity Tools • The Java 2 SDK provides various security tools to prevent malicious applets from performing hazardous operations, such as reading files from or writing files to a local computer. • The Java 2 SDK provides three different tools for ensuring security while running applets in a network: • keytool • jarsigner • policytool ©NIIT Collaborate Lesson 2B / Slide 2 of 23
CollaborateSecurity Tools (Contd.) • The keytool Security Tool • The keytool security tool is used to manage a keystore of private keys and the associated certificates that are used for authenticating the corresponding public keys. • An end user can administer their own public/private key pairs and certificates associated with them for self-authentication. • Public key is mainly used for enciphering the message and is distributed to a user requesting for it. • The private key is used for deciphering the message encrypted using public key but is kept secure. • A keystore is implemented as a file that stores the keys and their corresponding certificates. • A keystore guards the private keys by using a password. • A certificate represents a digitally signed statement that indicates the specified value of a public key. ©NIIT Collaborate Lesson 2B / Slide 3 of 23
CollaborateSecurity Tools (Contd.) • The keytool Security Tool (contd.) • The various roles of a keytool are: • Generates public/private key pairs. • Issues certificate requests in order to send them to a Certification Authority. • Imports certificate response retrieved from the Certification Authority. • Designates public keys that belong to other trusted parties. • A keystore file contains two different types of entries: • Key entry: Stores sensitive data about the private keys in an encrypted format in order to prevent the unauthorized access from malicious end users. • Trusted certificate entry: Holds a public key certificate, also called trusted certificate that belongs to another end user. ©NIIT Collaborate Lesson 2B / Slide 4 of 23
CollaborateSecurity Tools (Contd.) • The keytool Security Tool (contd.) • An entry in a keystore is accessed using unique aliases. • You can use the genkey command to generate a public/private key pair. • You need to use the import command to add a certificate in the list of trusted certificates. • You can use the following command to generate a new public/private key pair with a self-signed certificate that uses don as an alias: keytool –genkey –alias don –keypass donpassword • You can also change the private key password associated with the specified alias by using the following command: keytool –keypasswd –alias don –keypass donpassword –new newpassword • You create a keystore by using the –keystore option in the keytool command or by using the –genkey and -import commands. ©NIIT Collaborate Lesson 2B / Slide 5 of 23
CollaborateSecurity Tools (Contd.) • The keytool Security Tool (contd.) • The following table lists the options used with the keytool command: Option Description -genkey Generates a public/private key pair. -import Reads the specified certificate and stores it in the keystore. -export Exports the required certificate associated with the specified alias. -list Displays the content of the whole keystore. ©NIIT Collaborate Lesson 2B / Slide 6 of 23
CollaborateSecurity Tools (Contd.) • The keytool Security Tool (contd.) Option Description -storepasswd Modifies the required password that guards the integrity of the keystore. -keypasswd Modifies the required password that protects a key associated with the specified alias -delete Deletes the content of the specified keystore ©NIIT Collaborate Lesson 2B / Slide 7 of 23
CollaborateSecurity Tools (Contd.) • The jarsigner Security Tool • The jarsigner tool is used to generate and verify digital signatures for Java ARchive (JAR) files by using certificates from a keystore. • A digital signature of a message is a set of numeric values that are dependent on the value of a private key known only to the generator of the signature. • The jarsigner tool generates digital signatures for JAR files by using the private key and certificate information from a keystore, which is managed by the keytool. • The jarsigner verifies the digital signature of a signed JAR file by using the certificate. The following syntax shows how to sign a JAR file: jarsigner <filename.jar> <username> • You can use the following command to sign a JAR file: jarsigner myFile.jar mary ©NIIT Collaborate Lesson 2B / Slide 8 of 23
CollaborateSecurity Tools (Contd.) • The jarsigner Security Tool (contd.) • The following table lists the options used with the jarsigner tool Option Description -storepass Indicates the required password for accessing the keystore. -keypass Indicates the required password for protecting the private key of an alias entry of a keystore. ©NIIT Collaborate Lesson 2B / Slide 9 of 23
CollaborateSecurity Tools (Contd.) • The jarsigner Security Tool (contd.) Option Description -signedjar Indicates the required name for signing the JAR file. -verify Verifies the JAR file. -verbose Provides additional information required for signing and verifying the JAR file. -certs Provides certificate information about the signer of the jar file. The –certs option is used in conjunction with –verify and -verbose options for signing and verifying the JAR file. ©NIIT Collaborate Lesson 2B / Slide 10 of 23
CollaborateSecurity Tools (Contd.) • The jarsigner Security Tool (contd.) • You can use the required keystore by specifying the URL of the keystore with the –keystore option in the jarsigner command. • The jarsigner tool signs a JAR file using the Digital Signature Algorithm (DSA) with the SHA-1 digest algorithm, if the public and private keys are DSA keys. • The output produced on signing the JAR file using the jarsigner tool is exactly same as the input JAR file. • However, the output contains two additional files, signature file and signature block file in the META-INF directory. • A signature file contains an .SF extension and a signature block contains a .DSA extension. • The .SF file contains the information, such as filename, name of digest algorithm used, and the digest value. • The .DSA file contains the signatures in encoded form and certificate from the keystore to authenticate the public key. ©NIIT Collaborate Lesson 2B / Slide 11 of 23
CollaborateSecurity Tools (Contd.) • The jarsigner Security Tool (contd.) • The verification of a JAR file includes the following steps: 1. Verify the signature of the .SF file by ensuring that the signature stored in a .DSA file is generated by using the private key. This private key needs to correspond with the public key of the certificate that appears in the .DSA file. 2. Verify the entries for digest mentioned in the .SF file with the corresponding entry in the manifest file. The verification process matches the hash entry made in the header of .SF file with the manifest file. 3. Read all the files, which contain an entry in the .SF file of the JAR file. While reading the files, the file digest needs to be computed and compare the results with the manifest file. The verification fails, if the digests do not match. ©NIIT Collaborate Lesson 2B / Slide 12 of 23
CollaborateSecurity Tools (Contd.) • The policytool Security Tool • The Java runtime environment provides various policies that specify the different permissions required for accessing code by different users. • The information regarding the policy implementation is available in the static policy configuration files. • A user policy file is stored in the home directory of user by the name .java.policy. • You can create a policy file by typing the required commands in a text editor or by using the GUI-based policytool utility. • You can also edit and remove the settings applied in a policy file, such as policy entry, Principals, and permissions. ©NIIT Collaborate Lesson 2B / Slide 13 of 23
CollaborateFrom the Expert’s Desk In this section, you will learn: • Best Practice on: • Advantages of Using MDB over JMS in J2EE Applications • Tips and Tricks on: • Working with Java Security Infrastructure • FAQs on Cryptography ©NIIT Collaborate Lesson 2B / Slide 14 of 23
CollaborateBest PracticesAdvantages of Using MDB over JMS in J2EE Applications • JMS API introduces a middle layer in between the JMS producer and JMS consumer that helps in asynchronous messaging. • The middle layer in the JMS API enables you to send the messages to multiple JMS consumer. • Using the JMS API, a number of JMS consumers can receive messages from a single JMS producer. ©NIIT Collaborate Lesson 2B / Slide 15 of 23
CollaborateBest Practices (Contd.)Advantages of Using MDB over JMS in J2EE Applications (Contd.) • A single JMS consumer can also receive messages from multiple JMS producers. • MDB enables you to consume and process messages concurrently. • You use MDB to manage resources, transactions, and security in a multithreaded environment. ©NIIT Collaborate Lesson 2B / Slide 16 of 23
CollaborateTipsWorking With Java Security Infrastructure • The various tips for implementing security in Java applications are: • Execute the Java programs within the security manager. AppletViewer and Java-enabled browsers contain a default security manager attached to them. You can install a security manager by including the flag, Djava.security.manager at the command prompt while starting the Java. • Use a digital certificate to sign a .jar file, to setup a SSL server, or to perform encryption of messages to be transmitted. • Use the Java plug-in tool to support the Java 2 security model environment for the browsers that do not support this model. ©NIIT Collaborate Lesson 2B / Slide 17 of 23
CollaborateTips (Contd.)Working With Java Security Infrastructure (Contd.) • Install the security extensions for providing Java security infrastructure, such as JCE, JSSE, and JAAS. Java Cryptography Extension (JCE) is used in applications that require strong encryption. Java Secure Sockets Extension (JSSE) is used to provide a Java interface to SSL. Java Authentication and Authorization Service (JAAS) is used to authenticate and authorize end users. • Verify SSL server names while installing the JSSE security extension. • Customize the implementations according to an enterprise by defining the implementation of various Java classes. • Use the correct parameters while encrypting data using algorithms in JCE API, such as DES and Blowfish. ©NIIT Collaborate Lesson 2B / Slide 18 of 23
CollaborateFAQs • How is cryptography applied? Cryptography is applied using keys. Cryptography is categorized into symmetric cryptography and asymmetric cryptography. The technique that uses the same key for both encryption and decryption of data is called symmetric cryptography. Asymmetric cryptography is a technique that uses public/private key pairs for encryption and decryption of data. ©NIIT Collaborate Lesson 2B / Slide 19 of 23
CollaborateFAQs (Contd.) • What is the importance of cryptography? Cryptography is used in a variety of applications. The various applications of Cryptography are: • Used for storing passwords, as the passwords need to be stored in an encrypted form. • Guards the data stored in a computer against malicious attacks by encrypting the complete files. • Used in electronic commerce (e-commerce) for encrypting data to be transmitted over the whole network. • Controls access to satellite and cable TV by encrypting the signals to be transmitted to multiple receivers. • Used in telephones by encrypting voice at sender end and decrypting the voice back at receiver end. ©NIIT Collaborate Lesson 2B / Slide 20 of 23
CollaborateFAQs (Contd.) • How many standard time zones exist? There are 25 standard time zones. An extra time zone for UTC+12 hours and UTC-12 hours also exist. • What is the use of locale? A Locale object provides information about the specified cultural and geographical region. ©NIIT Collaborate Lesson 2B / Slide 21 of 23
CollaborateChallenge • You can have any number of Principals associated with a Subject. (True/False) • The ________ method of JMS must be called to receive messages synchronously. • JMS supports _________ and ________ messaging models. • Which of the following represents a set of numeric values that are dependent on the value of a private key and is known only to the generator of the signature? a) Public key b) Digital signature c) Digital certificate d) Algorithm 5. An untrusted applet enables you to perform operations, such as reading and writing data to a local computer. (True/False) ©NIIT Collaborate Lesson 2B / Slide 22 of 23
CollaborateSolutions to Challenge • True • receive() • Point-to-Point, Publish/Subscribe • b) Digital signature • False ©NIIT Collaborate Lesson 2B / Slide 23 of 23
Email sent successfully..