Java Asymmetric


Published on

Published in: Technology, Education
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Java Asymmetric

  1. 1. GS: Chapter 5 Asymmetric Encryption in Java
  2. 2. Topics <ul><li>Ciphers, modes and padding </li></ul><ul><li>Asymmetric encryption in Java </li></ul><ul><li>Session key encryption </li></ul><ul><li>File encryption/decryption using RSA </li></ul><ul><li>Key agreement </li></ul>
  3. 3. Ciphers, Modes and Padding <ul><li>The ECB (Electronic Code Book) mode encrypts the plaintext a block at a time. </li></ul><ul><li>Asymmetric ciphers are almost always used in ECB mode. </li></ul><ul><ul><li>Why? </li></ul></ul><ul><li>The block size is usually almost equal to the size of the key. </li></ul><ul><ul><li>Example: 1024-bit RSA ~= data block of 117 bytes </li></ul></ul>
  4. 4. Ciphers, Modes and Padding <ul><li>When the size of the data is less than the size of the block, padding is needed. </li></ul><ul><li>RSA uses two forms of padding: </li></ul><ul><ul><li>PKCS#1 – the standard form of padding in RSA; insecure when used for encrypting plaintext with obvious patterns in it (like English text) </li></ul></ul><ul><ul><li>OAEP (Optimal Asymmetric Encryption Padding) – an improvement on PKCS#1. </li></ul></ul>
  5. 5. Asymmetric encryption in Java <ul><li>The steps of using asymmetric encryption in Java is similar to using symmetric encryption: </li></ul><ul><ul><li>Create a key; </li></ul></ul><ul><ul><li>Create and initialize a cipher using the key; </li></ul></ul><ul><ul><li>Use the cipher to encrypt or decrypt, by specifying appropriate mode. </li></ul></ul><ul><li>The main difference is that an asymmetric cipher requires a key pair: a public and a private key. </li></ul>
  6. 6. Major Java Classes for Key Pairs <ul><ul><li> KeyPair </li></ul></ul><ul><ul><ul><li>public final class KeyPair </li></ul></ul></ul><ul><ul><li>extends Object </li></ul></ul><ul><ul><li>implements Serializable </li></ul></ul><ul><ul><li> PublicKey </li></ul></ul><ul><ul><ul><li>public interface PublicKey extends Key </li></ul></ul></ul><ul><li>This interface contains no methods or constants. It merely serves to group (and provide type safety for) all public key interfaces. </li></ul><ul><li>Note : The specialized public key interfaces extend this interface. See, for example, the DSAPublicKey interface in . </li></ul>
  7. 7. <ul><ul><li> PrivateKey </li></ul></ul><ul><ul><ul><li>Similar to the PublicKey interface, except that it is for the private key </li></ul></ul></ul><ul><ul><li> KeyPairGenerator </li></ul></ul><ul><ul><li>public abstract class KeyPairGenerator extends KeyPairGeneratorSpi </li></ul></ul><ul><ul><li>The KeyPairGenerator class is used to generate pairs of public and private keys. </li></ul></ul><ul><ul><li>Key pair generators are constructed using the getInstance factory methods. </li></ul></ul>Major Java Classes for Key Pairs
  8. 8. Session key encryption <ul><li>Oddly enough, the greatest value in using asymmetric encryption is in encrypting symmetric keys. </li></ul><ul><ul><li>Why? (discussed earlier in Chapter 2) </li></ul></ul><ul><li>Exercise: Explain how session key encryption works. </li></ul><ul><li>SimpleRSAExample .java (or find it at ) </li></ul>
  9. 9. File encrypt/decrypt using RSA <ul><li>Steps: </li></ul><ul><ul><li>Use an AES session key to encrypt the file. (Note: Each file is encrypted by a different session key.) </li></ul></ul><ul><ul><li>Use RSA to encrypt the session key. </li></ul></ul><ul><ul><li>Store the encrypted session key inside the file. </li></ul></ul><ul><li>Source code: FileEncryptorRSA .java </li></ul>
  10. 10. File encrypt/decrypt using RSA <ul><li>FileEncryptor is started with one of three options: </li></ul><ul><ul><li>-c: create key pair and write it to 2 files </li></ul></ul><ul><ul><li>-e: encrypt a file, given as an argument </li></ul></ul><ul><ul><li>-d: decrypt a file, given as an argument </li></ul></ul>
  11. 11. File encrypt/decrypt using RSA <ul><li>Format of the encrypted file </li></ul>
  12. 12. File encrypt/decrypt using RSA <ul><li>The decryption steps </li></ul>
  13. 13. Key agreement <ul><li>javax.crypto Class KeyAgreement </li></ul><ul><li>This class provides the functionality of a key agreement (or key exchange) protocol. </li></ul><ul><li>For each of the correspondents in the key exchange, doPhase needs to be called. For example, if this key exchange is with one other party, doPhase needs to be called once, with the lastPhase flag set to true . </li></ul>
  14. 14. Key agreement <ul><li>Key doPhase ( Key  key, boolean lastPhase) Executes the next phase of this key agreement with the given key that was received from one of the other parties involved in this key agreement. </li></ul>
  15. 15. Key agreement <ul><li>If this key exchange is with two other parties, doPhase needs to be called twice, the first time setting the lastPhase flag to false , and the second time setting it to true . There may be any number of parties involved in a key exchange. </li></ul><ul><li>With the doPhase method, Diffie-Hellman allows any number of public keys to be added to perform a key agreement. </li></ul>
  16. 16. Key agreement <ul><li>Once all the keys have been passed in with doPhase( ) , a call to generateSecret( ) will perform the actual key agreement and return a byte array that is the shared secret. </li></ul><ul><li>  byte[] generateSecret () Generates the shared secret and returns it in a new buffer. </li></ul><ul><li>  int generateSecret (byte[] sharedSecret, int offset) Generates the shared secret, and places it into the buffer sharedSecret , beginning at offset inclusive. </li></ul><ul><li>  SecretKey generateSecret ( String  algorithm) Creates the shared secret and returns it as a SecretKey object of the specified algorithm. </li></ul>
  17. 18. Key agreement for a Chat Application <ul><li>The sample application </li></ul><ul><li>KeyAgreementClient .java </li></ul><ul><li>KeyAgreementServer .java </li></ul>
  18. 19. Next <ul><li>Message digest, Digital signatures & Certificates (GS: 6) </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.