SlideShare a Scribd company logo

Ajs 4 c

Niit Care
Niit Care
Technology
1 of 23
Collaborate Knowledge Byte • In this lesson you will learn about: • Security Tools • keytool • jarsigner • policytool ©NIIT Collaborate Lesson 2B / Slide 1 of 23
Collaborate Security Tools • The Java 2 SDK provides various security tools to prevent malicious applets from performing hazardous operations, such as reading files from or writing files to a local computer. • The Java 2 SDK provides three different tools for ensuring security while running applets in a network: • keytool • jarsigner • policytool ©NIIT Collaborate Lesson 2B / Slide 2 of 23
Collaborate Security Tools (Contd.) • The keytool Security Tool • The keytool security tool is used to manage a keystore of private keys and the associated certificates that are used for authenticating the corresponding public keys. • An end user can administer their own public/private key pairs and certificates associated with them for self-authentication. • Public key is mainly used for enciphering the message and is distributed to a user requesting for it. • The private key is used for deciphering the message encrypted using public key but is kept secure. • A keystore is implemented as a file that stores the keys and their corresponding certificates. • A keystore guards the private keys by using a password. • A certificate represents a digitally signed statement that indicates the specified value of a public key. ©NIIT Collaborate Lesson 2B / Slide 3 of 23
Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) • The various roles of a keytool are: • Generates public/private key pairs. • Issues certificate requests in order to send them to a Certification Authority. • Imports certificate response retrieved from the Certification Authority. • Designates public keys that belong to other trusted parties. • A keystore file contains two different types of entries: • Key entry: Stores sensitive data about the private keys in an encrypted format in order to prevent the unauthorized access from malicious end users. • Trusted certificate entry: Holds a public key certificate, also called trusted certificate that belongs to another end user. ©NIIT Collaborate Lesson 2B / Slide 4 of 23
Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) • An entry in a keystore is accessed using unique aliases. • You can use the genkey command to generate a public/private key pair. • You need to use the import command to add a certificate in the list of trusted certificates. • You can use the following command to generate a new public/private key pair with a self-signed certificate that uses don as an alias: keytool –genkey –alias don –keypass donpassword • You can also change the private key password associated with the specified alias by using the following command: keytool –keypasswd –alias don –keypass donpassword –new newpassword • You create a keystore by using the –keystore option in the keytool command or by using the –genkey and -import commands. ©NIIT Collaborate Lesson 2B / Slide 5 of 23
Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) • The following table lists the options used with the keytool command: Option Description -genkey Generates a public/private key pair. -import Reads the specified certificate and stores it in the keystore. -export Exports the required certificate associated with the specified alias. -list Displays the content of the whole keystore. ©NIIT Collaborate Lesson 2B / Slide 6 of 23
Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) Option Description -storepasswd Modifies the required password that guards the integrity of the keystore. -keypasswd Modifies the required password that protects a key associated with the specified alias -delete Deletes the content of the specified keystore ©NIIT Collaborate Lesson 2B / Slide 7 of 23
Collaborate Security Tools (Contd.) • The jarsigner Security Tool • The jarsigner tool is used to generate and verify digital signatures for Java ARchive (JAR) files by using certificates from a keystore. • A digital signature of a message is a set of numeric values that are dependent on the value of a private key known only to the generator of the signature. • The jarsigner tool generates digital signatures for JAR files by using the private key and certificate information from a keystore, which is managed by the keytool. • The jarsigner verifies the digital signature of a signed JAR file by using the certificate. The following syntax shows how to sign a JAR file: jarsigner <filename.jar> <username> • You can use the following command to sign a JAR file: jarsigner myFile.jar mary ©NIIT Collaborate Lesson 2B / Slide 8 of 23
Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) • The following table lists the options used with the jarsigner tool Option Description -storepass Indicates the required password for accessing the keystore. -keypass Indicates the required password for protecting the private key of an alias entry of a keystore. ©NIIT Collaborate Lesson 2B / Slide 9 of 23
Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) Option Description -signedjar Indicates the required name for signing the JAR file. -verify Verifies the JAR file. -verbose Provides additional information required for signing and verifying the JAR file. -certs Provides certificate information about the signer of the jar file. The –certs option is used in conjunction with –verify and -verbose options for signing and verifying the JAR file. ©NIIT Collaborate Lesson 2B / Slide 10 of 23
Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) • You can use the required keystore by specifying the URL of the keystore with the –keystore option in the jarsigner command. • The jarsigner tool signs a JAR file using the Digital Signature Algorithm (DSA) with the SHA-1 digest algorithm, if the public and private keys are DSA keys. • The output produced on signing the JAR file using the jarsigner tool is exactly same as the input JAR file. • However, the output contains two additional files, signature file and signature block file in the META-INF directory. • A signature file contains an .SF extension and a signature block contains a .DSA extension. • The .SF file contains the information, such as filename, name of digest algorithm used, and the digest value. • The .DSA file contains the signatures in encoded form and certificate from the keystore to authenticate the public key. ©NIIT Collaborate Lesson 2B / Slide 11 of 23
Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) • The verification of a JAR file includes the following steps: 1. Verify the signature of the .SF file by ensuring that the signature stored in a .DSA file is generated by using the private key. This private key needs to correspond with the public key of the certificate that appears in the .DSA file. 2. Verify the entries for digest mentioned in the .SF file with the corresponding entry in the manifest file. The verification process matches the hash entry made in the header of .SF file with the manifest file. 3. Read all the files, which contain an entry in the .SF file of the JAR file. While reading the files, the file digest needs to be computed and compare the results with the manifest file. The verification fails, if the digests do not match. ©NIIT Collaborate Lesson 2B / Slide 12 of 23
Collaborate Security Tools (Contd.) • The policytool Security Tool • The Java runtime environment provides various policies that specify the different permissions required for accessing code by different users. • The information regarding the policy implementation is available in the static policy configuration files. • A user policy file is stored in the home directory of user by the name .java.policy. • You can create a policy file by typing the required commands in a text editor or by using the GUI-based policytool utility. • You can also edit and remove the settings applied in a policy file, such as policy entry, Principals, and permissions. ©NIIT Collaborate Lesson 2B / Slide 13 of 23
Collaborate From the Expert’s Desk In this section, you will learn: • Best Practice on: • Advantages of Using MDB over JMS in J2EE Applications • Tips and Tricks on: • Working with Java Security Infrastructure • FAQs on Cryptography ©NIIT Collaborate Lesson 2B / Slide 14 of 23
Collaborate Best Practices Advantages of Using MDB over JMS in J2EE Applications • JMS API introduces a middle layer in between the JMS producer and JMS consumer that helps in asynchronous messaging. • The middle layer in the JMS API enables you to send the messages to multiple JMS consumer. • Using the JMS API, a number of JMS consumers can receive messages from a single JMS producer. ©NIIT Collaborate Lesson 2B / Slide 15 of 23
Collaborate Best Practices (Contd.) Advantages of Using MDB over JMS in J2EE Applications (Contd.) • A single JMS consumer can also receive messages from multiple JMS producers. • MDB enables you to consume and process messages concurrently. • You use MDB to manage resources, transactions, and security in a multithreaded environment. ©NIIT Collaborate Lesson 2B / Slide 16 of 23
Collaborate Tips Working With Java Security Infrastructure • The various tips for implementing security in Java applications are: • Execute the Java programs within the security manager. AppletViewer and Java-enabled browsers contain a default security manager attached to them. You can install a security manager by including the flag, Djava.security.manager at the command prompt while starting the Java. • Use a digital certificate to sign a .jar file, to setup a SSL server, or to perform encryption of messages to be transmitted. • Use the Java plug-in tool to support the Java 2 security model environment for the browsers that do not support this model. ©NIIT Collaborate Lesson 2B / Slide 17 of 23
Collaborate Tips (Contd.) Working With Java Security Infrastructure (Contd.) • Install the security extensions for providing Java security infrastructure, such as JCE, JSSE, and JAAS. Java Cryptography Extension (JCE) is used in applications that require strong encryption. Java Secure Sockets Extension (JSSE) is used to provide a Java interface to SSL. Java Authentication and Authorization Service (JAAS) is used to authenticate and authorize end users. • Verify SSL server names while installing the JSSE security extension. • Customize the implementations according to an enterprise by defining the implementation of various Java classes. • Use the correct parameters while encrypting data using algorithms in JCE API, such as DES and Blowfish. ©NIIT Collaborate Lesson 2B / Slide 18 of 23
Collaborate FAQs • How is cryptography applied? Cryptography is applied using keys. Cryptography is categorized into symmetric cryptography and asymmetric cryptography. The technique that uses the same key for both encryption and decryption of data is called symmetric cryptography. Asymmetric cryptography is a technique that uses public/private key pairs for encryption and decryption of data. ©NIIT Collaborate Lesson 2B / Slide 19 of 23
Collaborate FAQs (Contd.) • What is the importance of cryptography? Cryptography is used in a variety of applications. The various applications of Cryptography are: • Used for storing passwords, as the passwords need to be stored in an encrypted form. • Guards the data stored in a computer against malicious attacks by encrypting the complete files. • Used in electronic commerce (e-commerce) for encrypting data to be transmitted over the whole network. • Controls access to satellite and cable TV by encrypting the signals to be transmitted to multiple receivers. • Used in telephones by encrypting voice at sender end and decrypting the voice back at receiver end. ©NIIT Collaborate Lesson 2B / Slide 20 of 23
Collaborate FAQs (Contd.) • How many standard time zones exist? There are 25 standard time zones. An extra time zone for UTC+12 hours and UTC-12 hours also exist. • What is the use of locale? A Locale object provides information about the specified cultural and geographical region. ©NIIT Collaborate Lesson 2B / Slide 21 of 23
Collaborate Challenge • You can have any number of Principals associated with a Subject. (True/False) • The ________ method of JMS must be called to receive messages synchronously. • JMS supports _________ and ________ messaging models. • Which of the following represents a set of numeric values that are dependent on the value of a private key and is known only to the generator of the signature? a) Public key b) Digital signature c) Digital certificate d) Algorithm 5. An untrusted applet enables you to perform operations, such as reading and writing data to a local computer. (True/False) ©NIIT Collaborate Lesson 2B / Slide 22 of 23
Collaborate Solutions to Challenge • True • receive() • Point-to-Point, Publish/Subscribe • b) Digital signature • False ©NIIT Collaborate Lesson 2B / Slide 23 of 23

Recommended

Vb net xp_04
Vb net xp_04Vb net xp_04
Vb net xp_04Niit Care
 
Database programming in vb net
Database programming in vb netDatabase programming in vb net
Database programming in vb netZishan yousaf
 
Ajs 3 a
Ajs 3 aAjs 3 a
Ajs 3 aNiit Care
 
VISUAL BASIC .net data accesss vii
VISUAL BASIC .net data accesss viiVISUAL BASIC .net data accesss vii
VISUAL BASIC .net data accesss viiargusacademy
 
State of the Word 2011
State of the Word 2011State of the Word 2011
State of the Word 2011photomatt
 
The Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.comThe Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.comKayra Obrain
 
Oh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdfOh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdfLibbySchulze
 
Java Cert Pki
Java Cert PkiJava Cert Pki
Java Cert Pkiphanleson
 

Recommended

Vb net xp_04
Vb net xp_04Vb net xp_04
Vb net xp_04Niit Care
 
Database programming in vb net
Database programming in vb netDatabase programming in vb net
Database programming in vb netZishan yousaf
 
Ajs 3 a
Ajs 3 aAjs 3 a
Ajs 3 aNiit Care
 
VISUAL BASIC .net data accesss vii
VISUAL BASIC .net data accesss viiVISUAL BASIC .net data accesss vii
VISUAL BASIC .net data accesss viiargusacademy
 
State of the Word 2011
State of the Word 2011State of the Word 2011
State of the Word 2011photomatt
 
The Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.comThe Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.comKayra Obrain
 
Oh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdfOh The Places You'll Sign.pdf
Oh The Places You'll Sign.pdfLibbySchulze
 
Java Cert Pki
Java Cert PkiJava Cert Pki
Java Cert Pkiphanleson
 
Ppt
PptPpt
PptNidhi Bansal
 
Code Signing with CPK
Code Signing with CPKCode Signing with CPK
Code Signing with CPKZhi Guan
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5Don Kim
 
D-Cipher
D-CipherD-Cipher
D-CipherVenkat Sandeep Manthi
 
Duck Hunter - The return of autorun
Duck Hunter - The return of autorunDuck Hunter - The return of autorun
Duck Hunter - The return of autorunNimrod Levy
 
Nimrod duck hunter copy
Nimrod duck hunter copyNimrod duck hunter copy
Nimrod duck hunter copyNimrod Levy
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexera
 
Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Anshul Patel
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
 
OSCh19
OSCh19OSCh19
OSCh19Joe Christensen
 
OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19Supriya Shrivastava
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OSC.U
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
D0312427
D0312427D0312427
D0312427iosrjournals
 
Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptxSameer Sapra
 
Dekartlogon en
Dekartlogon enDekartlogon en
Dekartlogon enCompaniaDekartSRL
 
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on KubernetesKCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetessparkfabrik
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware KashifKhan417
 
[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protectionHieu Le Dinh
 
Ajs 1 b
Ajs 1 bAjs 1 b
Ajs 1 bNiit Care
 
Ajs 4 b
Ajs 4 bAjs 4 b
Ajs 4 bNiit Care
 

More Related Content

Similar to Ajs 4 c

Code Signing with CPK
Code Signing with CPKCode Signing with CPK
Code Signing with CPKZhi Guan
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5Don Kim
 
Duck Hunter - The return of autorun
Duck Hunter - The return of autorunDuck Hunter - The return of autorun
Duck Hunter - The return of autorunNimrod Levy
 
Nimrod duck hunter copy
Nimrod duck hunter copyNimrod duck hunter copy
Nimrod duck hunter copyNimrod Levy
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexera
 
Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Anshul Patel
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OSC.U
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptxSameer Sapra
 
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on KubernetesKCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetessparkfabrik
 
[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protectionHieu Le Dinh
 

Similar to Ajs 4 c (20)

Ppt
PptPpt
Ppt
 
Code Signing with CPK
Code Signing with CPKCode Signing with CPK
Code Signing with CPK
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
 
Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5
 
D-Cipher
D-CipherD-Cipher
D-Cipher
 
Duck Hunter - The return of autorun
Duck Hunter - The return of autorunDuck Hunter - The return of autorun
Duck Hunter - The return of autorun
 
Nimrod duck hunter copy
Nimrod duck hunter copyNimrod duck hunter copy
Nimrod duck hunter copy
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing Security
 
Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
 
OSCh19
OSCh19OSCh19
OSCh19
 
OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
 
D0312427
D0312427D0312427
D0312427
 
Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptx
 
Dekartlogon en
Dekartlogon enDekartlogon en
Dekartlogon en
 
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on KubernetesKCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
 
[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection
 

More from Niit Care

More from Niit Care (20)

Ajs 1 b
Ajs 1 bAjs 1 b
Ajs 1 b
 
Ajs 4 b
Ajs 4 bAjs 4 b
Ajs 4 b
 
Ajs 4 a
Ajs 4 aAjs 4 a
Ajs 4 a
 
Ajs 3 b
Ajs 3 bAjs 3 b
Ajs 3 b
 
Ajs 3 c
Ajs 3 cAjs 3 c
Ajs 3 c
 
Ajs 2 b
Ajs 2 bAjs 2 b
Ajs 2 b
 
Ajs 2 a
Ajs 2 aAjs 2 a
Ajs 2 a
 
Ajs 2 c
Ajs 2 cAjs 2 c
Ajs 2 c
 
Ajs 1 a
Ajs 1 aAjs 1 a
Ajs 1 a
 
Ajs 1 c
Ajs 1 cAjs 1 c
Ajs 1 c
 
Dacj 4 2-c
Dacj 4 2-cDacj 4 2-c
Dacj 4 2-c
 
Dacj 4 2-b
Dacj 4 2-bDacj 4 2-b
Dacj 4 2-b
 
Dacj 4 2-a
Dacj 4 2-aDacj 4 2-a
Dacj 4 2-a
 
Dacj 4 1-c
Dacj 4 1-cDacj 4 1-c
Dacj 4 1-c
 
Dacj 4 1-b
Dacj 4 1-bDacj 4 1-b
Dacj 4 1-b
 
Dacj 4 1-a
Dacj 4 1-aDacj 4 1-a
Dacj 4 1-a
 
Dacj 1-2 b
Dacj 1-2 bDacj 1-2 b
Dacj 1-2 b
 
Dacj 1-3 c
Dacj 1-3 cDacj 1-3 c
Dacj 1-3 c
 
Dacj 1-3 b
Dacj 1-3 bDacj 1-3 b
Dacj 1-3 b
 
Dacj 1-3 a
Dacj 1-3 aDacj 1-3 a
Dacj 1-3 a
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

Ajs 4 c

  • 1. Collaborate Knowledge Byte • In this lesson you will learn about: • Security Tools • keytool • jarsigner • policytool ©NIIT Collaborate Lesson 2B / Slide 1 of 23
  • 2. Collaborate Security Tools • The Java 2 SDK provides various security tools to prevent malicious applets from performing hazardous operations, such as reading files from or writing files to a local computer. • The Java 2 SDK provides three different tools for ensuring security while running applets in a network: • keytool • jarsigner • policytool ©NIIT Collaborate Lesson 2B / Slide 2 of 23
  • 3. Collaborate Security Tools (Contd.) • The keytool Security Tool • The keytool security tool is used to manage a keystore of private keys and the associated certificates that are used for authenticating the corresponding public keys. • An end user can administer their own public/private key pairs and certificates associated with them for self-authentication. • Public key is mainly used for enciphering the message and is distributed to a user requesting for it. • The private key is used for deciphering the message encrypted using public key but is kept secure. • A keystore is implemented as a file that stores the keys and their corresponding certificates. • A keystore guards the private keys by using a password. • A certificate represents a digitally signed statement that indicates the specified value of a public key. ©NIIT Collaborate Lesson 2B / Slide 3 of 23
  • 4. Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) • The various roles of a keytool are: • Generates public/private key pairs. • Issues certificate requests in order to send them to a Certification Authority. • Imports certificate response retrieved from the Certification Authority. • Designates public keys that belong to other trusted parties. • A keystore file contains two different types of entries: • Key entry: Stores sensitive data about the private keys in an encrypted format in order to prevent the unauthorized access from malicious end users. • Trusted certificate entry: Holds a public key certificate, also called trusted certificate that belongs to another end user. ©NIIT Collaborate Lesson 2B / Slide 4 of 23
  • 5. Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) • An entry in a keystore is accessed using unique aliases. • You can use the genkey command to generate a public/private key pair. • You need to use the import command to add a certificate in the list of trusted certificates. • You can use the following command to generate a new public/private key pair with a self-signed certificate that uses don as an alias: keytool –genkey –alias don –keypass donpassword • You can also change the private key password associated with the specified alias by using the following command: keytool –keypasswd –alias don –keypass donpassword –new newpassword • You create a keystore by using the –keystore option in the keytool command or by using the –genkey and -import commands. ©NIIT Collaborate Lesson 2B / Slide 5 of 23
  • 6. Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) • The following table lists the options used with the keytool command: Option Description -genkey Generates a public/private key pair. -import Reads the specified certificate and stores it in the keystore. -export Exports the required certificate associated with the specified alias. -list Displays the content of the whole keystore. ©NIIT Collaborate Lesson 2B / Slide 6 of 23
  • 7. Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) Option Description -storepasswd Modifies the required password that guards the integrity of the keystore. -keypasswd Modifies the required password that protects a key associated with the specified alias -delete Deletes the content of the specified keystore ©NIIT Collaborate Lesson 2B / Slide 7 of 23
  • 8. Collaborate Security Tools (Contd.) • The jarsigner Security Tool • The jarsigner tool is used to generate and verify digital signatures for Java ARchive (JAR) files by using certificates from a keystore. • A digital signature of a message is a set of numeric values that are dependent on the value of a private key known only to the generator of the signature. • The jarsigner tool generates digital signatures for JAR files by using the private key and certificate information from a keystore, which is managed by the keytool. • The jarsigner verifies the digital signature of a signed JAR file by using the certificate. The following syntax shows how to sign a JAR file: jarsigner <filename.jar> <username> • You can use the following command to sign a JAR file: jarsigner myFile.jar mary ©NIIT Collaborate Lesson 2B / Slide 8 of 23
  • 9. Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) • The following table lists the options used with the jarsigner tool Option Description -storepass Indicates the required password for accessing the keystore. -keypass Indicates the required password for protecting the private key of an alias entry of a keystore. ©NIIT Collaborate Lesson 2B / Slide 9 of 23
  • 10. Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) Option Description -signedjar Indicates the required name for signing the JAR file. -verify Verifies the JAR file. -verbose Provides additional information required for signing and verifying the JAR file. -certs Provides certificate information about the signer of the jar file. The –certs option is used in conjunction with –verify and -verbose options for signing and verifying the JAR file. ©NIIT Collaborate Lesson 2B / Slide 10 of 23
  • 11. Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) • You can use the required keystore by specifying the URL of the keystore with the –keystore option in the jarsigner command. • The jarsigner tool signs a JAR file using the Digital Signature Algorithm (DSA) with the SHA-1 digest algorithm, if the public and private keys are DSA keys. • The output produced on signing the JAR file using the jarsigner tool is exactly same as the input JAR file. • However, the output contains two additional files, signature file and signature block file in the META-INF directory. • A signature file contains an .SF extension and a signature block contains a .DSA extension. • The .SF file contains the information, such as filename, name of digest algorithm used, and the digest value. • The .DSA file contains the signatures in encoded form and certificate from the keystore to authenticate the public key. ©NIIT Collaborate Lesson 2B / Slide 11 of 23
  • 12. Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) • The verification of a JAR file includes the following steps: 1. Verify the signature of the .SF file by ensuring that the signature stored in a .DSA file is generated by using the private key. This private key needs to correspond with the public key of the certificate that appears in the .DSA file. 2. Verify the entries for digest mentioned in the .SF file with the corresponding entry in the manifest file. The verification process matches the hash entry made in the header of .SF file with the manifest file. 3. Read all the files, which contain an entry in the .SF file of the JAR file. While reading the files, the file digest needs to be computed and compare the results with the manifest file. The verification fails, if the digests do not match. ©NIIT Collaborate Lesson 2B / Slide 12 of 23
  • 13. Collaborate Security Tools (Contd.) • The policytool Security Tool • The Java runtime environment provides various policies that specify the different permissions required for accessing code by different users. • The information regarding the policy implementation is available in the static policy configuration files. • A user policy file is stored in the home directory of user by the name .java.policy. • You can create a policy file by typing the required commands in a text editor or by using the GUI-based policytool utility. • You can also edit and remove the settings applied in a policy file, such as policy entry, Principals, and permissions. ©NIIT Collaborate Lesson 2B / Slide 13 of 23
  • 14. Collaborate From the Expert’s Desk In this section, you will learn: • Best Practice on: • Advantages of Using MDB over JMS in J2EE Applications • Tips and Tricks on: • Working with Java Security Infrastructure • FAQs on Cryptography ©NIIT Collaborate Lesson 2B / Slide 14 of 23
  • 15. Collaborate Best Practices Advantages of Using MDB over JMS in J2EE Applications • JMS API introduces a middle layer in between the JMS producer and JMS consumer that helps in asynchronous messaging. • The middle layer in the JMS API enables you to send the messages to multiple JMS consumer. • Using the JMS API, a number of JMS consumers can receive messages from a single JMS producer. ©NIIT Collaborate Lesson 2B / Slide 15 of 23
  • 16. Collaborate Best Practices (Contd.) Advantages of Using MDB over JMS in J2EE Applications (Contd.) • A single JMS consumer can also receive messages from multiple JMS producers. • MDB enables you to consume and process messages concurrently. • You use MDB to manage resources, transactions, and security in a multithreaded environment. ©NIIT Collaborate Lesson 2B / Slide 16 of 23
  • 17. Collaborate Tips Working With Java Security Infrastructure • The various tips for implementing security in Java applications are: • Execute the Java programs within the security manager. AppletViewer and Java-enabled browsers contain a default security manager attached to them. You can install a security manager by including the flag, Djava.security.manager at the command prompt while starting the Java. • Use a digital certificate to sign a .jar file, to setup a SSL server, or to perform encryption of messages to be transmitted. • Use the Java plug-in tool to support the Java 2 security model environment for the browsers that do not support this model. ©NIIT Collaborate Lesson 2B / Slide 17 of 23
  • 18. Collaborate Tips (Contd.) Working With Java Security Infrastructure (Contd.) • Install the security extensions for providing Java security infrastructure, such as JCE, JSSE, and JAAS. Java Cryptography Extension (JCE) is used in applications that require strong encryption. Java Secure Sockets Extension (JSSE) is used to provide a Java interface to SSL. Java Authentication and Authorization Service (JAAS) is used to authenticate and authorize end users. • Verify SSL server names while installing the JSSE security extension. • Customize the implementations according to an enterprise by defining the implementation of various Java classes. • Use the correct parameters while encrypting data using algorithms in JCE API, such as DES and Blowfish. ©NIIT Collaborate Lesson 2B / Slide 18 of 23
  • 19. Collaborate FAQs • How is cryptography applied? Cryptography is applied using keys. Cryptography is categorized into symmetric cryptography and asymmetric cryptography. The technique that uses the same key for both encryption and decryption of data is called symmetric cryptography. Asymmetric cryptography is a technique that uses public/private key pairs for encryption and decryption of data. ©NIIT Collaborate Lesson 2B / Slide 19 of 23
  • 20. Collaborate FAQs (Contd.) • What is the importance of cryptography? Cryptography is used in a variety of applications. The various applications of Cryptography are: • Used for storing passwords, as the passwords need to be stored in an encrypted form. • Guards the data stored in a computer against malicious attacks by encrypting the complete files. • Used in electronic commerce (e-commerce) for encrypting data to be transmitted over the whole network. • Controls access to satellite and cable TV by encrypting the signals to be transmitted to multiple receivers. • Used in telephones by encrypting voice at sender end and decrypting the voice back at receiver end. ©NIIT Collaborate Lesson 2B / Slide 20 of 23
  • 21. Collaborate FAQs (Contd.) • How many standard time zones exist? There are 25 standard time zones. An extra time zone for UTC+12 hours and UTC-12 hours also exist. • What is the use of locale? A Locale object provides information about the specified cultural and geographical region. ©NIIT Collaborate Lesson 2B / Slide 21 of 23
  • 22. Collaborate Challenge • You can have any number of Principals associated with a Subject. (True/False) • The ________ method of JMS must be called to receive messages synchronously. • JMS supports _________ and ________ messaging models. • Which of the following represents a set of numeric values that are dependent on the value of a private key and is known only to the generator of the signature? a) Public key b) Digital signature c) Digital certificate d) Algorithm 5. An untrusted applet enables you to perform operations, such as reading and writing data to a local computer. (True/False) ©NIIT Collaborate Lesson 2B / Slide 22 of 23
  • 23. Collaborate Solutions to Challenge • True • receive() • Point-to-Point, Publish/Subscribe • b) Digital signature • False ©NIIT Collaborate Lesson 2B / Slide 23 of 23