Chapter 4: Key Management Algorithms

Introduction

In the previous chapter, a key scenario was mentioned. Two users have a copy of the same floppy. On the floppy is a file with secret keys that are assigned a number. For each session of secret communications, the two individuals agree on which key to use. So, there is an agreement of keys with information that someone sniffing the network cannot understand, unless I/O (input/output) sniffers have access to the file on the floppy.

However, there are many limitations with this method. If the file on the floppy were compromised, the individuals would need a new file to communicate. The two people could have a collection of floppies and hope that only one gets compromised so that they can continue to communicate. At some point, they might also run out of keys, in which case they would need a new set of files. Figure 4-1 demonstrates a basic key exchange for secret keys. Key exchanges are also needed for public keys so that messages can be decrypted. The purpose of the secret key and public key exchange is that users may decrypt messages that are encrypted by one of the owners of the secret key or the owner of a private key.

Figure 4-1: Secret key exchange by number

There are import control restrictions, and the JSDK has two versions, limited and unlimited, depending which restrictions apply to your application. Here is the description from SUN:

"Due to import control restrictions of some countries, the JCE jurisdiction policy files shipped with the Java 2 SDK, v 1.4 allow "strong" but limited cryptography to be used. An "unlimited strength" version of these files indicating no restrictions on cryptographic strengths is available for those living in eligible countries (which is most countries ). You can download this version and replace the strong cryptography versions supplied with the Java 2 SDK, v 1.4 with the unlimited ones."