Java password Extension (the Java Cryptography Extension), is an important part of JDK1.4, basically, he is composed of some packages, these packages formed a framework and implemented a number of encryption, key generation algorithms and protocols, message authentication code and other algorithms, this article will want you to introduce the installation and use of JCE.
It is important to note that although JCE is part of the core package of JDK1.4, we will first show you how to install the configuration jce (static installation) with the JDK1.2 and a higher version. Later, you will be introduced to how to use JCE without installation (dynamic installation). Finally, you will demonstrate how to generate a key and password, and if basic encryption, decryption. What is the provider?
The provider is the implementation of a particular cryptographic algorithm, and some providers (the encryption technology provided) are free, some are not free, IBM, bouncy Castle, and RSA are some (cryptographic) providers. Later in this article, we will look at the RSA algorithm from bouncy Castle. Sun also shows you how to implement your own provider (you need to meet some of the JDK's conventions). Static installation
Before installing and using JCE, you need to get from Sun Web site (here is an example of a dark sun provider). Get his installation package, JCE has sun his own security provider-sunjce, for the sake of sunjce static installation to the default provider list, you need to modify the security properties file: <java-home>\jre\lib\security\java.security (WIN32)
<java-home>/jre/lib/security/java.security (UNIX) If you install the JDK in C:\jdk1.3, you need to edit the following files:
C:\jdk1.3\jre\lib\security\java.security In order to install SUNJCE, you need to include the following in the file:
Security.provider.n=com.sun.crypto.provider.sunjce Replace n with the priority of the provider you are adding (note: The sequence number must be incremented and cannot be skipped, but can be adjusted before and after the order). Listing A is used to view information about the providers you have installed, and the results are listed in Listing B, showing the provider's capabilities, such as available cryptographic algorithms. Listing A:providerinformation.java
Import Java.security.Provider;
Import java.security.Security;
Import Java.util.Set;
Import Java.util.Iterator;
public class Providerinformation {
public static void Main (string[] args) {
provider[] providers = Security.getproviders ();
for (int i = 0; i < providers.length; i++) {
Provider Provider = providers[i];
System.out.println ("Provider name:" + provider.getname ());
SYSTEM.OUT.PRINTLN ("Provider information:" + provider.getinfo ());
System.out.println ("Provider version:" + provider.getversion ());
Set entries = Provider.entryset ();
Iterator Iterator = Entries.iterator ();
while (Iterator.hasnext ()) {
System.out.println ("Property entry:" + Iterator.next ());
}
}
}
} |
Listing B:providerinformation.java Output
Provider Name:sun
Provider Information:sun (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; certificates; JKS KeyStore)
Provider version:1.2
Property Entry:alg.alias.keyfactory.1.2.840.10040.4.1=dsa
Property Entry:alg.alias.signature.1.2.840.10040.4.3=sha1withdsa
Property Entry:alg.alias.keypairgenerator.oid.1.2.840.10040.4.1=dsa
Property Entry:Signature.SHA1withDSA keysize=1024
Property Entry:Signature.SHA1withDSA Implementedin=software |
Dynamic installation: Listing C shows how to dynamically load a security provider at run time, note that when you use Security.addprovider (...) When the provider is loaded, it is useful for the entire JVM environment;
Listing C:dynamicprovider.java
Import java.security.Security;
public class Dynamicprovider {
public static void Main (string[] args) {
This are all there are to it!
Security.addprovider (New Com.sun.crypto.provider.SunJCE ());
}
} |
As mentioned earlier, when you install a provider, you use N to indicate the priority of this provider, but when an instance of an algorithm is invoked, the JVM will follow the provided priority to find the available implementation in the installed provider and use the available algorithm that he finds first. You can also add additional parameters to the survey to indicate which algorithm to look for in that provider. Implementation Details:
The JCE API contains a large number of classes and interfaces for implementing security features, first of all, we do a des symmetric encryption example. Generate key:
Listing D shows if the key generator is initialized to generate the key; Listing D:deskeygenerator.java
Import Javax.crypto.KeyGenerator;
Import Java.security.Key;
Import java.security.NoSuchAlgorithmException;
Import java.security.Security;
public class Deskeygenerator {
public static void Main (string[] args) {
Security.addprovider (New Com.sun.crypto.provider.SunJCE ());
try {
keygenerator kg = keygenerator.getinstance ("DES");
Key key = Kg.generatekey ();
SYSTEM.OUT.PRINTLN ("Key format:" + Key.getformat ());
System.out.println ("Key algorithm:" + key.getalgorithm ());
}
catch (NoSuchAlgorithmException e) {
E.printstacktrace ();
}
}
} |
#p # In order to generate the key, we first initialize the key generator, which can be achieved by invoking the static method GetInstance of the Keygenerator class. The Vanilla des algorithm we used does not have a pattern and a fill model. You can also pass in the Des/ecb/pkcs5padding ("") to indicate the mode (ECB) and fill mode (pkcs5padding), or you can pass in another parameter to indicate which provider is used, but this is optional getinstance;
keygenerator kg = keygenerator.getinstance ("DES"); |
Once we have a specific key generation object, we can use it to get the key:
Key key = Kg.generatekey (); |
Generate Password: The process of generating a password is similar to generating a key and requires calling the GetInstance method of the cipher class, which is consistent with the parameters used to generate the key;
Cipher Cipher = cipher.getinstance ("DES"); |
Listing E illustrates if the operation:
Listing E:desciphergenerator.java
Import Javax.crypto.Cipher;
Import javax.crypto.NoSuchPaddingException;
Import java.security.Security;
Import java.security.NoSuchAlgorithmException;
public class Desciphergenerator {
public static void Main (string[] args) {
Security.addprovider (New Com.sun.crypto.provider.SunJCE ());
try {
Cipher Cipher = cipher.getinstance ("DES");
System.out.println ("Cipher provider:" + Cipher.getprovider ());
System.out.println ("Cipher algorithm:" + cipher.getalgorithm ());
}
catch (NoSuchAlgorithmException e) {
E.printstacktrace ();
}
catch (Nosuchpaddingexception e) {
E.printstacktrace ();
}
}
} |
Encryption and decryption data
Encryption is the byte, so the confidential line is relatively high, when you have prepared the key and password, you are ready to encrypt the preparation, to note that the same algorithm to use the same key and password, for example, you can not use the Dessede key, with des password, The cipher object encrypts and decrypts the data in the same way, and all you have to do is start at first, and let him know what you're going to do:
Cipher.init (Cipher.encrypt_mode, key); |
This initializes the cipher class to prepare the encrypted data. The simplest encryption method calls the Dofinal method on the incoming byte array in a timely manner:
byte[] data = "Hello world!". GetBytes ();
Byte[] result = cipher.dofinal (data); |
Listing F is the detailed code Listing F:descryptotest.java
Import Javax.crypto.Cipher;
Import Javax.crypto.KeyGenerator;
Import javax.crypto.NoSuchPaddingException;
Import javax.crypto.IllegalBlockSizeException;
Import javax.crypto.BadPaddingException;
Import Java.security.Key;
Import java.security.Security;
Import java.security.NoSuchAlgorithmException;
Import java.security.InvalidKeyException;
public class Descryptotest {
public static void Main (string[] args) {
Security.addprovider (New Com.sun.crypto.provider.SunJCE ());
try {
keygenerator kg = keygenerator.getinstance ("DES");
Key key = Kg.generatekey ();
Cipher Cipher = cipher.getinstance ("DES");
byte[] data = "Hello world!". GetBytes ();
System.out.println ("Original data:" + new String (data));
Cipher.init (Cipher.encrypt_mode, key);
Byte[] result = cipher.dofinal (data);
System.out.println ("Encrypted data:" + new String (result));
Cipher.init (Cipher.decrypt_mode, key);
byte[] Original = cipher.dofinal (result);
SYSTEM.OUT.PRINTLN ("Decrypted data:" + new String (original));
}
catch (NoSuchAlgorithmException e) {
E.printstacktrace ();
}
catch (Nosuchpaddingexception e) {
E.printstacktrace ();
}
catch (InvalidKeyException e) {
E.printstacktrace ();
}
catch (IllegalStateException e) {
E.printstacktrace ();
}
catch (Illegalblocksizeexception e) {
E.printstacktrace ();
}
catch (Badpaddingexception e) {
E.printstacktrace ();
}
}
} |
Summary: JCE is a powerful API that provides numerous encryption methods and other security-related properties, we have found how to install the JCE dynamically and statically, and with Des to encrypt and decrypt a simple piece of information, in the second part of this series, we will use this knowledge in real applications, will tell you if you write a wrapper class (Wrapper) that is used with the socket to encrypt important information about your online transactions. (Editor Fire Phoenix [email protected] TEL: (010) 68476636-8007) |
