Guo Jia
Email: [Email protected]
Blog: http://blog.csdn.net/allenwells
Github:https://github.com/allenwell
A JCA cryptographic service
By defining the types and capabilities of cryptographic services, JCA can provide support for a variety of cryptographic algorithms, including support for message digests and digital signatures.
The entire JCA structure looks like this:
1.1 JCA Cryptographic Service Provider
The cryptographic service provider is a set of API packages that implement cryptographic services, as part of the J2SE composite package, which contains a default provider implementation named Sun that provides the following features:
- Implementation of digital Signature Algorithm (DSA) and message digest algorithms (MD5 and SHA1)
- DSA Key Pair Generator
- DSA algorithm parameter generator and manager
- DSA key Factory, which provides conversions between public and private keys
- The certificate Path builder and authenticator
- Certificate factory and certificate revocation List
- The implementation of JKS key store
1.2 JCA cryptographic Service engine
The engine is an abstract representation of cryptographic services, where cryptographic services do not contain specific algorithm implementations, and cryptographic services are usually associated with specific algorithms. It mainly includes the following features:
- Provides cryptographic operations: digital signature, Message digest
- Generate or provide encrypted data: a hungry key or parameter, as required by an encryption operation
- Build and manage Data objects: such as certificates, certificate databases, key databases
1.3 JCA Cryptographic Service algorithm
The algorithm is the concrete implementation of the engine
Two JCP programming Model 2.1 Message Digest
To calculate a message digest using MD5
try { MessageDigest md5 = MessageDigest.getInstance("MD5"); byte12345 }; md5.update(testdata); byte[] myhash = md5.digest(); } catch (NoSuchAlgorithmException e) { }
To calculate a message digest using SHA-1
try { MessageDigest sha = MessageDigest.getInstance("SHA-1"); byte12345 }; sha.update(testdata); byte[] myhash = sha.digest(); } catch (NoSuchAlgorithmException e) { }
2.2 Generation of key pairs
The key is represented by an interface Java.security.Key, which provides 3 methods:
- getalgorithm () returns the key algorithm;
- getencoded () returns the key that is returned in the original encoded format as a byte array;
- GetFormat () returns the encoded format of the key.
DSA algorithm and DH algorithm generate public private key pair
Try{//10,241 bit Digital Signature algorithm (DSA) key pairsKeypairgenerator KeyGen = keypairgenerator.getinstance ("DSA"); Keygen.initialize (1024x768); KeyPair KeyPair = Keygen.genkeypair (); Privatekey Privatekey = Keypair.getprivate (); PublicKey PublicKey = Keypair.getpublic ();//576-bit Diffiehellman key pairKeyGen = Keypairgenerator.getinstance ("DH"); Keygen.initialize (576); KeyPair = Keygen.genkeypair (); Privatekey = Keypair.getprivate (); PublicKey = Keypair.getpublic (); }Catch(Java.security.NoSuchAlgorithmException e) { }
2.3 Generation of digital signatures
Digital signature technology is generated using public key cryptography, the sender uses the private key to sign the message, and the receiver decrypts the message with the public key, so that the receiver can verify the source or signer of the message, thus ensuring the integrity and authenticity of the message.
Private key Signature
try { byte12345 }; Signature dsig = Signature.getInstance(privateKey .getAlgorithm()); dsig.initSign(privateKey); dsig.update(testdata); byte[] signedData = dsig.sign(); } catch (SignatureException e) { } catch (InvalidKeyException e) { } catch (NoSuchAlgorithmException e) { }
Public key validation
try { Signature publicDsig = Signature.getInstance(publicKey.getAlgorithm()); publicDsig.initVerify(publicKey); publicDsig.update(signedData); boolean result = publicDsig.verify(signatureToVerify); } catch(SignatureException e) { } catch (InvalidKeyException e) { } catch (NoSuchAlgorithmException e) { }
"Java Security Technology Exploration Path series: Java Extensible Security Architecture" bis: JCA (i): Java Cryptographic Service