Introduction

Just to recap from other chapters, key material is any material used to generate or retrieve a public key. Before understanding SSL, JSSE, or any other protocol that uses key material, the first step in Java is to understand how Java generates and manages key material. Some keys are generated and then are used in JSSE. Other keys, such as Password Based Encryption (PBE), are generated from a password and salted with a pass phrase.

The concept of a salt is to combine multiple inputs to generate a more complex key. For example, you salt a password by combining both the password and pass phrase, possibly in an XOR, to generate a more complex value to use as a key. A simple XOR algorithm (simple because it is easy to decrypt) is combining the bits to produce a different output.

The more complex the algorithm is for generating a key, the harder it becomes to decipher the key. Once a key algorithm and key material is deciphered for an organization, keys from the organization can be replicated. The key material is the material outside of the key algorithm itself that is used to generate the key. In the example of a password and pass phrase, the key material was the password and pass phrase. Other examples of key material may be a username that is used to look up a certificate in a keystore to pass certificates to JAAS and JSSE.

Keys are needed for any type of encryption. They are combined with a cryptographic algorithm to encrypt and decrypt messages. Cryptographic algorithms work such that if hackers do not possess the key, they cannot decrypt or re-encrypt a secret message. Java supports two types of keys: asymmetric and symmetric keys. Asymmetric keys are a combination of public and private keys where one cannot work without the other. Sometimes these keys are called a key pair because a public key and private key can only work together.

The public key is useless without the private key, and the private key is useless without the public key. The public key works only with its particular private key, and the private key works only with its particular public key. The private key is used to encrypt the message and is kept private from users decrypting the message. The public key is used to decrypt the message and is given to all users who want to read the encrypted message. The keys are kept apart from each other because the messages cannot be compromised unless both keys are captured.

Each key is a product of the other, meaning that the private key is a logarithmic value of the public key and the public key is the inverse of the logarithmic method of the private key. Symmetric keys are normally called secret keys.

A secret key is one that is shared among everyone in a group for both encrypting and decrypting the same data message. Before a key can be used in an algorithm, it must first be generated. Java provides a framework for supporting many encryption and key generating algorithms.