SlideShare a Scribd company logo
1 of 23
Collaborate


Knowledge Byte
    •    In this lesson you will learn about:
           • Security Tools
                 • keytool
                 • jarsigner
                 • policytool




 ©NIIT                            Collaborate   Lesson 2B / Slide 1 of 23
Collaborate


Security Tools
    •    The Java 2 SDK provides various security tools to prevent malicious applets
         from performing hazardous operations, such as reading files from or writing
         files to a local computer.
    •    The Java 2 SDK provides three different tools for ensuring security while
         running applets in a network:
                 • keytool
                 • jarsigner
                 • policytool




 ©NIIT                          Collaborate                   Lesson 2B / Slide 2 of 23
Collaborate


Security Tools (Contd.)
    •    The keytool Security Tool
           • The keytool security tool is used to manage a keystore of private keys and
             the associated certificates that are used for authenticating the
             corresponding public keys.
           • An end user can administer their own public/private key pairs and
             certificates associated with them for self-authentication.
           • Public key is mainly used for enciphering the message and is distributed to
             a user requesting for it.
           • The private key is used for deciphering the message encrypted using
             public key but is kept secure.
           • A keystore is implemented as a file that stores the keys and their
             corresponding certificates.
           • A keystore guards the private keys by using a password.
           • A certificate represents a digitally signed statement that indicates the
             specified value of a public key.


 ©NIIT                          Collaborate                   Lesson 2B / Slide 3 of 23
Collaborate


Security Tools (Contd.)
    •    The keytool Security Tool (contd.)
           • The various roles of a keytool are:
               • Generates public/private key pairs.
               • Issues certificate requests in order to send them to a Certification
                  Authority.
               • Imports certificate response retrieved from the Certification
                  Authority.
               • Designates public keys that belong to other trusted parties.
           • A keystore file contains two different types of entries:
               • Key entry: Stores sensitive data about the private keys in an
                  encrypted format in order to prevent the unauthorized access from
                  malicious end users.
               • Trusted certificate entry: Holds a public key certificate, also called
                  trusted certificate that belongs to another end user.



 ©NIIT                           Collaborate                   Lesson 2B / Slide 4 of 23
Collaborate


Security Tools (Contd.)
    •    The keytool Security Tool (contd.)
           • An entry in a keystore is accessed using unique aliases.
           • You can use the genkey command to generate a public/private key pair.
           • You need to use the import command to add a certificate in the list of
             trusted certificates.
           • You can use the following command to generate a new public/private key
             pair with a self-signed certificate that uses don as an alias:
              keytool –genkey –alias don –keypass donpassword
           • You can also change the private key password associated with the
             specified alias by using the following command:
              keytool –keypasswd –alias don –keypass donpassword –new
             newpassword
           • You create a keystore by using the –keystore option in the keytool
             command or by using the –genkey and -import commands.



 ©NIIT                         Collaborate                  Lesson 2B / Slide 5 of 23
Collaborate


Security Tools (Contd.)
    •    The keytool Security Tool (contd.)
           • The following table lists the options used with the keytool command:
                           Option                                     Description



                 -genkey                          Generates a public/private key pair.




                 -import                          Reads the specified certificate and stores it in the
                                                  keystore.




                 -export                          Exports the required certificate associated with the
                                                  specified alias.




                 -list                            Displays the content of the whole keystore.




 ©NIIT                              Collaborate                               Lesson 2B / Slide 6 of 23
Collaborate


Security Tools (Contd.)
    •    The keytool Security Tool (contd.)



                          Option                             Description



           -storepasswd                   Modifies the required password that guards the
                                          integrity of the keystore.




           -keypasswd                     Modifies the required password that protects a key
                                          associated with the specified alias




           -delete                        Deletes the content of the specified keystore




 ©NIIT                             Collaborate                                Lesson 2B / Slide 7 of 23
Collaborate


Security Tools (Contd.)
    •    The jarsigner Security Tool
           • The jarsigner tool is used to generate and verify digital signatures for Java
             ARchive (JAR) files by using certificates from a keystore.
           • A digital signature of a message is a set of numeric values that are
             dependent on the value of a private key known only to the generator of
             the signature.
           • The jarsigner tool generates digital signatures for JAR files by using the
             private key and certificate information from a keystore, which is managed
             by the keytool.
           • The jarsigner verifies the digital signature of a signed JAR file by using the
             certificate. The following syntax shows how to sign a JAR file:
              jarsigner <filename.jar> <username>
           • You can use the following command to sign a JAR file:
              jarsigner myFile.jar mary



 ©NIIT                           Collaborate                    Lesson 2B / Slide 8 of 23
Collaborate


Security Tools (Contd.)
    •    The jarsigner Security Tool (contd.)
           • The following table lists the options used with the jarsigner tool
                                  Option                             Description



                     -storepass                   Indicates the required password for accessing the
                                                  keystore.




                     -keypass                     Indicates the required password for protecting the
                                                  private key of an alias entry of a keystore.




 ©NIIT                              Collaborate                        Lesson 2B / Slide 9 of 23
Collaborate


Security Tools (Contd.)
    •    The jarsigner Security Tool (contd.)
                             Option                                      Description



                -signedjar                          Indicates the required name for signing the JAR file.




                -verify                             Verifies the JAR file.




                -verbose                            Provides additional information required for signing
                                                    and verifying the JAR file.




                -certs                              Provides certificate information about the signer of
                                                    the jar file. The –certs option is used in conjunction
                                                    with –verify and -verbose options for signing and
                                                    verifying the JAR file.




 ©NIIT                                Collaborate                                Lesson 2B / Slide 10 of 23
Collaborate


Security Tools (Contd.)
    •    The jarsigner Security Tool (contd.)
         • You can use the required keystore by specifying the URL of the keystore
              with the –keystore option in the jarsigner command.
         • The jarsigner tool signs a JAR file using the Digital Signature Algorithm
              (DSA) with the SHA-1 digest algorithm, if the public and private keys
              are DSA keys.
         • The output produced on signing the JAR file using the jarsigner tool is
              exactly same as the input JAR file.
         • However, the output contains two additional files, signature file and
              signature block file in the META-INF directory.
         • A signature file contains an .SF extension and a signature block
              contains a .DSA extension.
         • The .SF file contains the information, such as filename, name of digest
              algorithm used, and the digest value.
         • The .DSA file contains the signatures in encoded form and certificate
              from the keystore to authenticate the public key.


 ©NIIT                        Collaborate                 Lesson 2B / Slide 11 of 23
Collaborate


Security Tools (Contd.)
    •    The jarsigner Security Tool (contd.)
         • The verification of a JAR file includes the following steps:
              1.   Verify the signature of the .SF file by ensuring that the signature
                   stored in a .DSA file is generated by using the private key. This
                   private key needs to correspond with the public key of the
                   certificate that appears in the .DSA file.
              2.   Verify the entries for digest mentioned in the .SF file with the
                   corresponding entry in the manifest file. The verification process
                   matches the hash entry made in the header of .SF file with the
                   manifest file.
              3.   Read all the files, which contain an entry in the .SF file of the JAR
                   file. While reading the files, the file digest needs to be computed
                   and compare the results with the manifest file. The verification
                   fails, if the digests do not match.




 ©NIIT                          Collaborate                   Lesson 2B / Slide 12 of 23
Collaborate


Security Tools (Contd.)
    •    The policytool Security Tool
         • The Java runtime environment provides various policies that specify the
              different permissions required for accessing code by different users.
         • The information regarding the policy implementation is available in the
              static policy configuration files.
         • A user policy file is stored in the home directory of user by the name
              .java.policy.
         • You can create a policy file by typing the required commands in a text
              editor or by using the GUI-based policytool utility.
         • You can also edit and remove the settings applied in a policy file, such
              as policy entry, Principals, and permissions.




 ©NIIT                        Collaborate                Lesson 2B / Slide 13 of 23
Collaborate


From the Expert’s Desk

    In this section, you will learn:


         •    Best Practice on:
              • Advantages of Using MDB over JMS in J2EE Applications
         •    Tips and Tricks on:
              • Working with Java Security Infrastructure
         •    FAQs on Cryptography




 ©NIIT                           Collaborate           Lesson 2B / Slide 14 of 23
Collaborate



Best Practices
Advantages of Using MDB over JMS in J2EE
    Applications
         •   JMS API introduces a middle layer in between the JMS producer
             and JMS consumer that helps in asynchronous messaging.
         •   The middle layer in the JMS API enables you to send the messages
             to multiple JMS consumer.
         •   Using the JMS API, a number of JMS consumers can receive
             messages from a single JMS producer.




 ©NIIT                  Collaborate                Lesson 2B / Slide 15 of 23
Collaborate



Best Practices (Contd.)
Advantages of Using MDB over JMS in J2EE
  Applications (Contd.)
    •    A single JMS consumer can also receive messages from multiple JMS
         producers.
    •    MDB enables you to consume and process messages concurrently.
    •    You use MDB to manage resources, transactions, and security in a
         multithreaded environment.




 ©NIIT                       Collaborate                 Lesson 2B / Slide 16 of 23
Collaborate


Tips
Working With Java Security Infrastructure
    •    The various tips for implementing security in Java applications are:
         •    Execute the Java programs within the security manager. AppletViewer
              and Java-enabled browsers contain a default security manager attached
              to them. You can install a security manager by including the flag,
              Djava.security.manager at the command prompt while starting the
              Java.
         •    Use a digital certificate to sign a .jar file, to setup a SSL server, or to
              perform encryption of messages to be transmitted.
         •    Use the Java plug-in tool to support the Java 2 security model
              environment for the browsers that do not support this model.




 ©NIIT                         Collaborate                   Lesson 2B / Slide 17 of 23
Collaborate


Tips (Contd.)
Working With Java Security Infrastructure (Contd.)
    •    Install the security extensions for providing Java security infrastructure, such
         as JCE, JSSE, and JAAS. Java Cryptography Extension (JCE) is used in
         applications that require strong encryption. Java Secure Sockets Extension
         (JSSE) is used to provide a Java interface to SSL. Java Authentication and
         Authorization Service (JAAS) is used to authenticate and authorize end
         users.
    •     Verify SSL server names while installing the JSSE security extension.
    •    Customize the implementations according to an enterprise by defining the
         implementation of various Java classes.
    •    Use the correct parameters while encrypting data using algorithms in JCE
         API, such as DES and Blowfish.




 ©NIIT                         Collaborate                   Lesson 2B / Slide 18 of 23
Collaborate


FAQs

    •    How is cryptography applied?
         Cryptography is applied using keys. Cryptography is categorized into
         symmetric cryptography and asymmetric cryptography. The technique that
         uses the same key for both encryption and decryption of data is called
         symmetric cryptography. Asymmetric cryptography is a technique that uses
         public/private key pairs for encryption and decryption of data.




 ©NIIT                         Collaborate                 Lesson 2B / Slide 19 of 23
Collaborate


FAQs (Contd.)
    •    What is the importance of cryptography?
         Cryptography is used in a variety of applications. The various applications of
         Cryptography are:
          • Used for storing passwords, as the passwords need to be stored in an
               encrypted form.
          • Guards the data stored in a computer against malicious attacks by
               encrypting the complete files.
          • Used in electronic commerce (e-commerce) for encrypting data to be
               transmitted over the whole network.
          • Controls access to satellite and cable TV by encrypting the signals to
               be transmitted to multiple receivers.
          • Used in telephones by encrypting voice at sender end and decrypting
               the voice back at receiver end.




 ©NIIT                        Collaborate                   Lesson 2B / Slide 20 of 23
Collaborate


FAQs (Contd.)
    •    How many standard time zones exist?
         There are 25 standard time zones. An extra time zone for UTC+12 hours
         and UTC-12 hours also exist.
    •    What is the use of locale?
         A Locale object provides information about the specified cultural and
         geographical region.




 ©NIIT                       Collaborate                Lesson 2B / Slide 21 of 23
Collaborate


Challenge
    •    You can have any number of Principals associated with a Subject.
         (True/False)
    •     The ________ method of JMS must be called to receive messages
         synchronously.
    •     JMS supports _________ and ________ messaging models.
    •    Which of the following represents a set of numeric values that are dependent
         on the value of a private key and is known only to the generator of the
         signature?
         a)    Public key
         b) Digital signature
         c)    Digital certificate
         d) Algorithm
    5.   An untrusted applet enables you to perform operations, such as reading and
         writing data to a local computer. (True/False)



 ©NIIT                        Collaborate                  Lesson 2B / Slide 22 of 23
Collaborate


Solutions to Challenge

    •    True
    •    receive()
    •    Point-to-Point, Publish/Subscribe
    •    b) Digital signature
    •    False




 ©NIIT                         Collaborate   Lesson 2B / Slide 23 of 23

More Related Content

Similar to Ajs 4 c

Code Signing with CPK
Code Signing with CPKCode Signing with CPK
Code Signing with CPKZhi Guan
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5Don Kim
 
Duck Hunter - The return of autorun
Duck Hunter - The return of autorunDuck Hunter - The return of autorun
Duck Hunter - The return of autorunNimrod Levy
 
Nimrod duck hunter copy
Nimrod duck hunter   copyNimrod duck hunter   copy
Nimrod duck hunter copyNimrod Levy
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexera
 
Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Anshul Patel
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OSC.U
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy BeyondTrust
 
Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptxSameer Sapra
 
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on KubernetesKCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetessparkfabrik
 
[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protectionHieu Le Dinh
 

Similar to Ajs 4 c (20)

Ppt
PptPpt
Ppt
 
Code Signing with CPK
Code Signing with CPKCode Signing with CPK
Code Signing with CPK
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
 
Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5Design and Analyze Secure Networked Systems - 5
Design and Analyze Secure Networked Systems - 5
 
D-Cipher
D-CipherD-Cipher
D-Cipher
 
Duck Hunter - The return of autorun
Duck Hunter - The return of autorunDuck Hunter - The return of autorun
Duck Hunter - The return of autorun
 
Nimrod duck hunter copy
Nimrod duck hunter   copyNimrod duck hunter   copy
Nimrod duck hunter copy
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing Security
 
Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0Introduction to docker_notary_v1.0.0
Introduction to docker_notary_v1.0.0
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
 
OSCh19
OSCh19OSCh19
OSCh19
 
OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
 
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
 
D0312427
D0312427D0312427
D0312427
 
Reverse Engineering.pptx
Reverse Engineering.pptxReverse Engineering.pptx
Reverse Engineering.pptx
 
Dekartlogon en
Dekartlogon enDekartlogon en
Dekartlogon en
 
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on KubernetesKCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
KCD Italy 2023 - Secure Software Supply chain for OCI Artifact on Kubernetes
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
 
[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection[Codientu.org] design of a microcontroller based circuit for software protection
[Codientu.org] design of a microcontroller based circuit for software protection
 

More from Niit Care (20)

Ajs 1 b
Ajs 1 bAjs 1 b
Ajs 1 b
 
Ajs 4 b
Ajs 4 bAjs 4 b
Ajs 4 b
 
Ajs 4 a
Ajs 4 aAjs 4 a
Ajs 4 a
 
Ajs 3 b
Ajs 3 bAjs 3 b
Ajs 3 b
 
Ajs 3 c
Ajs 3 cAjs 3 c
Ajs 3 c
 
Ajs 2 b
Ajs 2 bAjs 2 b
Ajs 2 b
 
Ajs 2 a
Ajs 2 aAjs 2 a
Ajs 2 a
 
Ajs 2 c
Ajs 2 cAjs 2 c
Ajs 2 c
 
Ajs 1 a
Ajs 1 aAjs 1 a
Ajs 1 a
 
Ajs 1 c
Ajs 1 cAjs 1 c
Ajs 1 c
 
Dacj 4 2-c
Dacj 4 2-cDacj 4 2-c
Dacj 4 2-c
 
Dacj 4 2-b
Dacj 4 2-bDacj 4 2-b
Dacj 4 2-b
 
Dacj 4 2-a
Dacj 4 2-aDacj 4 2-a
Dacj 4 2-a
 
Dacj 4 1-c
Dacj 4 1-cDacj 4 1-c
Dacj 4 1-c
 
Dacj 4 1-b
Dacj 4 1-bDacj 4 1-b
Dacj 4 1-b
 
Dacj 4 1-a
Dacj 4 1-aDacj 4 1-a
Dacj 4 1-a
 
Dacj 1-2 b
Dacj 1-2 bDacj 1-2 b
Dacj 1-2 b
 
Dacj 1-3 c
Dacj 1-3 cDacj 1-3 c
Dacj 1-3 c
 
Dacj 1-3 b
Dacj 1-3 bDacj 1-3 b
Dacj 1-3 b
 
Dacj 1-3 a
Dacj 1-3 aDacj 1-3 a
Dacj 1-3 a
 

Recently uploaded

1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Hiroshi SHIBATA
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?Paolo Missier
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 

Recently uploaded (20)

1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 

Ajs 4 c

  • 1. Collaborate Knowledge Byte • In this lesson you will learn about: • Security Tools • keytool • jarsigner • policytool ©NIIT Collaborate Lesson 2B / Slide 1 of 23
  • 2. Collaborate Security Tools • The Java 2 SDK provides various security tools to prevent malicious applets from performing hazardous operations, such as reading files from or writing files to a local computer. • The Java 2 SDK provides three different tools for ensuring security while running applets in a network: • keytool • jarsigner • policytool ©NIIT Collaborate Lesson 2B / Slide 2 of 23
  • 3. Collaborate Security Tools (Contd.) • The keytool Security Tool • The keytool security tool is used to manage a keystore of private keys and the associated certificates that are used for authenticating the corresponding public keys. • An end user can administer their own public/private key pairs and certificates associated with them for self-authentication. • Public key is mainly used for enciphering the message and is distributed to a user requesting for it. • The private key is used for deciphering the message encrypted using public key but is kept secure. • A keystore is implemented as a file that stores the keys and their corresponding certificates. • A keystore guards the private keys by using a password. • A certificate represents a digitally signed statement that indicates the specified value of a public key. ©NIIT Collaborate Lesson 2B / Slide 3 of 23
  • 4. Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) • The various roles of a keytool are: • Generates public/private key pairs. • Issues certificate requests in order to send them to a Certification Authority. • Imports certificate response retrieved from the Certification Authority. • Designates public keys that belong to other trusted parties. • A keystore file contains two different types of entries: • Key entry: Stores sensitive data about the private keys in an encrypted format in order to prevent the unauthorized access from malicious end users. • Trusted certificate entry: Holds a public key certificate, also called trusted certificate that belongs to another end user. ©NIIT Collaborate Lesson 2B / Slide 4 of 23
  • 5. Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) • An entry in a keystore is accessed using unique aliases. • You can use the genkey command to generate a public/private key pair. • You need to use the import command to add a certificate in the list of trusted certificates. • You can use the following command to generate a new public/private key pair with a self-signed certificate that uses don as an alias: keytool –genkey –alias don –keypass donpassword • You can also change the private key password associated with the specified alias by using the following command: keytool –keypasswd –alias don –keypass donpassword –new newpassword • You create a keystore by using the –keystore option in the keytool command or by using the –genkey and -import commands. ©NIIT Collaborate Lesson 2B / Slide 5 of 23
  • 6. Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) • The following table lists the options used with the keytool command: Option Description -genkey Generates a public/private key pair. -import Reads the specified certificate and stores it in the keystore. -export Exports the required certificate associated with the specified alias. -list Displays the content of the whole keystore. ©NIIT Collaborate Lesson 2B / Slide 6 of 23
  • 7. Collaborate Security Tools (Contd.) • The keytool Security Tool (contd.) Option Description -storepasswd Modifies the required password that guards the integrity of the keystore. -keypasswd Modifies the required password that protects a key associated with the specified alias -delete Deletes the content of the specified keystore ©NIIT Collaborate Lesson 2B / Slide 7 of 23
  • 8. Collaborate Security Tools (Contd.) • The jarsigner Security Tool • The jarsigner tool is used to generate and verify digital signatures for Java ARchive (JAR) files by using certificates from a keystore. • A digital signature of a message is a set of numeric values that are dependent on the value of a private key known only to the generator of the signature. • The jarsigner tool generates digital signatures for JAR files by using the private key and certificate information from a keystore, which is managed by the keytool. • The jarsigner verifies the digital signature of a signed JAR file by using the certificate. The following syntax shows how to sign a JAR file: jarsigner <filename.jar> <username> • You can use the following command to sign a JAR file: jarsigner myFile.jar mary ©NIIT Collaborate Lesson 2B / Slide 8 of 23
  • 9. Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) • The following table lists the options used with the jarsigner tool Option Description -storepass Indicates the required password for accessing the keystore. -keypass Indicates the required password for protecting the private key of an alias entry of a keystore. ©NIIT Collaborate Lesson 2B / Slide 9 of 23
  • 10. Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) Option Description -signedjar Indicates the required name for signing the JAR file. -verify Verifies the JAR file. -verbose Provides additional information required for signing and verifying the JAR file. -certs Provides certificate information about the signer of the jar file. The –certs option is used in conjunction with –verify and -verbose options for signing and verifying the JAR file. ©NIIT Collaborate Lesson 2B / Slide 10 of 23
  • 11. Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) • You can use the required keystore by specifying the URL of the keystore with the –keystore option in the jarsigner command. • The jarsigner tool signs a JAR file using the Digital Signature Algorithm (DSA) with the SHA-1 digest algorithm, if the public and private keys are DSA keys. • The output produced on signing the JAR file using the jarsigner tool is exactly same as the input JAR file. • However, the output contains two additional files, signature file and signature block file in the META-INF directory. • A signature file contains an .SF extension and a signature block contains a .DSA extension. • The .SF file contains the information, such as filename, name of digest algorithm used, and the digest value. • The .DSA file contains the signatures in encoded form and certificate from the keystore to authenticate the public key. ©NIIT Collaborate Lesson 2B / Slide 11 of 23
  • 12. Collaborate Security Tools (Contd.) • The jarsigner Security Tool (contd.) • The verification of a JAR file includes the following steps: 1. Verify the signature of the .SF file by ensuring that the signature stored in a .DSA file is generated by using the private key. This private key needs to correspond with the public key of the certificate that appears in the .DSA file. 2. Verify the entries for digest mentioned in the .SF file with the corresponding entry in the manifest file. The verification process matches the hash entry made in the header of .SF file with the manifest file. 3. Read all the files, which contain an entry in the .SF file of the JAR file. While reading the files, the file digest needs to be computed and compare the results with the manifest file. The verification fails, if the digests do not match. ©NIIT Collaborate Lesson 2B / Slide 12 of 23
  • 13. Collaborate Security Tools (Contd.) • The policytool Security Tool • The Java runtime environment provides various policies that specify the different permissions required for accessing code by different users. • The information regarding the policy implementation is available in the static policy configuration files. • A user policy file is stored in the home directory of user by the name .java.policy. • You can create a policy file by typing the required commands in a text editor or by using the GUI-based policytool utility. • You can also edit and remove the settings applied in a policy file, such as policy entry, Principals, and permissions. ©NIIT Collaborate Lesson 2B / Slide 13 of 23
  • 14. Collaborate From the Expert’s Desk In this section, you will learn: • Best Practice on: • Advantages of Using MDB over JMS in J2EE Applications • Tips and Tricks on: • Working with Java Security Infrastructure • FAQs on Cryptography ©NIIT Collaborate Lesson 2B / Slide 14 of 23
  • 15. Collaborate Best Practices Advantages of Using MDB over JMS in J2EE Applications • JMS API introduces a middle layer in between the JMS producer and JMS consumer that helps in asynchronous messaging. • The middle layer in the JMS API enables you to send the messages to multiple JMS consumer. • Using the JMS API, a number of JMS consumers can receive messages from a single JMS producer. ©NIIT Collaborate Lesson 2B / Slide 15 of 23
  • 16. Collaborate Best Practices (Contd.) Advantages of Using MDB over JMS in J2EE Applications (Contd.) • A single JMS consumer can also receive messages from multiple JMS producers. • MDB enables you to consume and process messages concurrently. • You use MDB to manage resources, transactions, and security in a multithreaded environment. ©NIIT Collaborate Lesson 2B / Slide 16 of 23
  • 17. Collaborate Tips Working With Java Security Infrastructure • The various tips for implementing security in Java applications are: • Execute the Java programs within the security manager. AppletViewer and Java-enabled browsers contain a default security manager attached to them. You can install a security manager by including the flag, Djava.security.manager at the command prompt while starting the Java. • Use a digital certificate to sign a .jar file, to setup a SSL server, or to perform encryption of messages to be transmitted. • Use the Java plug-in tool to support the Java 2 security model environment for the browsers that do not support this model. ©NIIT Collaborate Lesson 2B / Slide 17 of 23
  • 18. Collaborate Tips (Contd.) Working With Java Security Infrastructure (Contd.) • Install the security extensions for providing Java security infrastructure, such as JCE, JSSE, and JAAS. Java Cryptography Extension (JCE) is used in applications that require strong encryption. Java Secure Sockets Extension (JSSE) is used to provide a Java interface to SSL. Java Authentication and Authorization Service (JAAS) is used to authenticate and authorize end users. • Verify SSL server names while installing the JSSE security extension. • Customize the implementations according to an enterprise by defining the implementation of various Java classes. • Use the correct parameters while encrypting data using algorithms in JCE API, such as DES and Blowfish. ©NIIT Collaborate Lesson 2B / Slide 18 of 23
  • 19. Collaborate FAQs • How is cryptography applied? Cryptography is applied using keys. Cryptography is categorized into symmetric cryptography and asymmetric cryptography. The technique that uses the same key for both encryption and decryption of data is called symmetric cryptography. Asymmetric cryptography is a technique that uses public/private key pairs for encryption and decryption of data. ©NIIT Collaborate Lesson 2B / Slide 19 of 23
  • 20. Collaborate FAQs (Contd.) • What is the importance of cryptography? Cryptography is used in a variety of applications. The various applications of Cryptography are: • Used for storing passwords, as the passwords need to be stored in an encrypted form. • Guards the data stored in a computer against malicious attacks by encrypting the complete files. • Used in electronic commerce (e-commerce) for encrypting data to be transmitted over the whole network. • Controls access to satellite and cable TV by encrypting the signals to be transmitted to multiple receivers. • Used in telephones by encrypting voice at sender end and decrypting the voice back at receiver end. ©NIIT Collaborate Lesson 2B / Slide 20 of 23
  • 21. Collaborate FAQs (Contd.) • How many standard time zones exist? There are 25 standard time zones. An extra time zone for UTC+12 hours and UTC-12 hours also exist. • What is the use of locale? A Locale object provides information about the specified cultural and geographical region. ©NIIT Collaborate Lesson 2B / Slide 21 of 23
  • 22. Collaborate Challenge • You can have any number of Principals associated with a Subject. (True/False) • The ________ method of JMS must be called to receive messages synchronously. • JMS supports _________ and ________ messaging models. • Which of the following represents a set of numeric values that are dependent on the value of a private key and is known only to the generator of the signature? a) Public key b) Digital signature c) Digital certificate d) Algorithm 5. An untrusted applet enables you to perform operations, such as reading and writing data to a local computer. (True/False) ©NIIT Collaborate Lesson 2B / Slide 22 of 23
  • 23. Collaborate Solutions to Challenge • True • receive() • Point-to-Point, Publish/Subscribe • b) Digital signature • False ©NIIT Collaborate Lesson 2B / Slide 23 of 23