Understand the basics of Java password Extension

Source: Internet
Author: User
The Java Cryptography Extension is an important part of jdk1.4. Basically, it consists of some packages which form a framework and implement encryption, key Generation Algorithms, protocols, message authentication codes, and other algorithms. This article will introduce you to the installation and use of JCE.
It is worth noting that although JCE is part of the core package of jdk1.4, we will first use jdk1.2 and a later version to show you if you install and configure JCE (static installation ). Later, we will show you how to use JCE (dynamic installation) without installation ). Finally, we will demonstrate how to generate the key and password, and how to perform basic encryption and decryption.
What is the provider?
Providers are the implementers of specific encryption algorithms. Some providers (provided encryption technologies) are free of charge, and some are not free. IBM, bouncy castle, and RSA are both some (encryption) providers. later in this article, we will examine the RSA algorithm from Bouncy castle. Sun also explained to you that if you implement your own provider (you need to comply with some JDK conventions ).
Static Installation
Before installing and using JCE, you need to go to the Sun Web site (here is the secret sun provider as an example ). obtain the installation package. The JCE has sun's own security provider-sunjce. To install sunjce statically to the default provider list, you need to modify the Security Attribute file:
• <Java-Home>/JRE/lib/security/Java. Security (win32)
• <Java-Home>/JRE/lib/security/Java. Security (UNIX)
If you install JDK in C:/jdk1.3, edit the following file:
C:/jdk1.3/JRE/lib/security/Java. Security
To install sunjce, add the following to the above file:
Security. provider. n = com. Sun. crypto. provider. sunjce
Replace N with the priority of the provider you added (note: the sequence number must be incremented and cannot be skipped, but the order can be adjusted ).
Listing a is used to view the information of the provider you have installed. The results are listed in listing B to show the capabilities of the provider, such as the available encryption algorithms.
Listing a: providerinformation. Java
Import java. Security. provider;
Import java. security. Security;
Import java. util. Set;
Import java. util. iterator;
Public class providerinformation {
Public static void main (string [] ARGs ){
Provider [] providers = Security. getproviders ();
For (INT I = 0; I <providers. length; I ++ ){
Provider provider = providers [I];
System. Out. println ("provider name:" + provider. getname ());
System. Out. println ("provider Information:" + provider. getinfo ());
System. Out. println ("provider version:" + provider. getversion ());
Set entries = provider. entryset ();
Iterator = entries. iterator ();
While (iterator. hasnext ()){
System. Out. println ("Property entry:" + iterator. Next ());
}
}
}
}
Listing B: providerinformation. Java output
Provider name: Sun
Provider Information: Sun (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; securerandom; X.509 certificates; jks keystore)
Provider version: 1.2
Property entry: alg. Alias. keyfactory.1.2.840.10040.4.1 = DSA
Property entry: alg. Alias. signature.1.2.840.10040.4.3 = sha1withdsa
Property entry: alg. Alias. keypairgenerator. oid.1.2.840.10040.4.1 = DSA
Property entry: Signature. sha1withdsa keysize = 1024
Property entry: Signature. sha1withdsa implementedin = Software
Dynamic installation:Listing c illustrates how to dynamically load the security provider at runtime. Note that when you use security. addprovider (...) When loading the provider, it is useful to the entire JVM environment;
Listing c: dynamicprovider. Java
Import java. security. Security;
Public class dynamicprovider {
Public static void main (string [] ARGs ){
// This is all there is to it!
Security. addprovider (new COM. Sun. crypto. provider. sunjce ());
}
}
As mentioned above, when you install a provider, you use N to specify the priority of this provider, but when an algorithm instance is called, JVM searches for available implementations in the installed providers based on the provided priority and uses the available algorithms first. You can also add additional parameters during the survey to specify the algorithm to be used in that provider.

Implementation Details:
JCE APIs contain a large number of classes and interfaces to implement security features. First, we will provide an example of DES symmetric encryption.

Generate key:
Listing D shows how to generate a key using the initial key generator;
Listing D: deskeygenerator. Java
 

 

Import javax. crypto. keygenerator;
Import java. Security. Key;
Import java. Security. nosuchalgorithmexception;
Import java. security. Security;
Public class deskeygenerator {
Public static void main (string [] ARGs ){
Security. addprovider (new COM. Sun. crypto. provider. sunjce ());
Try {
Keygenerator kg = keygenerator. getinstance ("des ");
Key key = kg. generatekey ();
System. Out. println ("Key format:" + key. getformat ());
System. Out. println ("Key algorithm:" + key. getalgorithm ());
}
Catch (nosuchalgorithmexception e ){
E. printstacktrace ();
}
}
}
To generate a key, we first need to initialize the key generator. This step can be achieved by calling the static method getinstance of the keygenerator class. The vanilla DES algorithm we use has no mode or fill model. You can also pass des/ECB/pkcs5padding in getinstance ("") to specify the mode (ECB) and filling mode (pkcs5padding ); you can also input another parameter to specify the provider used, but this is optional;
Keygenerator kg = keygenerator. getinstance ("des ");

Once we have a specific key generation object, we can use it to get the key:
Key key = kg. generatekey ();
Generate password:
The process of generating a password is similar to that of generating a key. You need to call the getinstance method of the cipher class. The parameters must be consistent with those used when generating the key;
Cipher cipher = cipher. getinstance ("des ");

Listing e indicates the operation:
Listing E: desciphergenerator. Java
Import javax. crypto. cipher;
Import javax. crypto. nosuchpaddingexception;
Import java. security. Security;
Import java. Security. nosuchalgorithmexception;
Public class desciphergenerator {
Public static void main (string [] ARGs ){
Security. addprovider (new COM. Sun. crypto. provider. sunjce ());
Try {
Cipher cipher = cipher. getinstance ("des ");
System. Out. println ("cipher provider:" + cipher. getprovider ());
System. Out. println ("Cipher Algorithm:" + cipher. getalgorithm ());
}
Catch (nosuchalgorithmexception e ){
E. printstacktrace ();
}
Catch (nosuchpaddingexception e ){
E. printstacktrace ();
}
}
}

Encrypt and decrypt data
Encryption is in bytes, so the security line is relatively high. When you have prepared the key and password, you are ready for encryption. Note that, the same algorithm uses the same key and password. For example, you cannot use the dessede key, use the des password, and use the same method to encrypt and decrypt the data as the password object, all you need to first get started and let him know what you want to do:
Cipher. INIT (Cipher. encrypt_mode, key );
This will initialize the cipher class to prepare for Data Encryption. The simplest encryption method promptly calls the dofinal Method to the incoming byte array:
Byte [] DATA = "Hello World !". Getbytes ();
Byte [] result = cipher. dofinal (data );
Listing F is the detailed code.
Listing F: descryptotest. Java
Import javax. crypto. cipher;
Import javax. crypto. keygenerator;
Import javax. crypto. nosuchpaddingexception;
Import javax. crypto. illegalblocksizeexception;
Import javax. crypto. badpaddingexception;
Import java. Security. Key;
Import java. security. Security;
Import java. Security. nosuchalgorithmexception;
Import java. Security. invalidkeyexception;
Public class descryptotest {
Public static void main (string [] ARGs ){
Security. addprovider (new COM. Sun. crypto. provider. sunjce ());
Try {
Keygenerator kg = keygenerator. getinstance ("des ");
Key key = kg. generatekey ();
Cipher cipher = cipher. getinstance ("des ");
 
Byte [] DATA = "Hello world! ". Getbytes ();
System. Out. println ("original data:" + new string (data ));
 
Cipher. INIT (Cipher. encrypt_mode, key );
Byte [] result = cipher. dofinal (data );
System. Out. println ("encrypted data:" + new string (result ));
 
Cipher. INIT (Cipher. decrypt_mode, key );
Byte [] original = cipher. dofinal (result );
System. Out. println ("decrypted data:" + new string (original ));
}
Catch (nosuchalgorithmexception e ){
E. printstacktrace ();
}
Catch (nosuchpaddingexception e ){
E. printstacktrace ();
}
Catch (invalidkeyexception e ){
E. printstacktrace ();
}
Catch (illegalstateexception e ){
E. printstacktrace ();
}
Catch (illegalblocksizeexception e ){
E. printstacktrace ();
}
Catch (badpaddingexception e ){
E. printstacktrace ();
}
}
}
Summary:JCE is a powerful API that provides many encryption methods and other security-related attributes. We have found how to install JCE dynamically and statically, use des to encrypt and decrypt a simple piece of information. In the second part of this series, we will apply the knowledge of this article to practical applications, this article will tell you how to write a wrapper used with socket to encrypt important information about your online transactions.
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.