The secret key is a single key that is used for both encryption and decryption. The Java APIs in the Java Development Kit are very similar, so an understanding of the key pair API in this chapter is necessary. There are many similarities to generating the key pairs. Some of the differences are dependent on the secret key algorithms and the fact that there is only one key being generated instead of two keys in a key pair. The javax.crypto.KeyGenerator class is used instead of java.security.KeyPairGenerator class to generate the secret key. Notice that the KeyGenerator comes from a different package, javax.crypto . The KeyGenerator comes from a different package because it uses a different service provider, the SunJCE service provider. The SunJCE service provider was originally a separate distribution in earlier Java Development Kits as the Java Cryptography Extensions (JCE) distribution. The KeyGenerator is an engine class just like the KeyPairGenerator and looks up the service provider and resolves the service provider from the java.security entry shown in Listing 7-10. Listing 7-10: The SunJCE entry security.provider.4=com.sun.crypto.provider.SunJCE The service provider lookup follows the com.sun.crypto.provider.SunJCE class, which supports a java.security.Provider class and loads up the secret key algorithms. The example displayed in this section is the Data Encryption Standard (DES) secret key algorithm. The KeyGenerator service provider lookup resolves to the DES algorithm in the SunJCE provider. The SunJCE must have executed the put method defined in Listing 7-11 in order for the lookup to succeed. Listing 7-11: The SunJCE put entry for DES put("KeyGenerator.DES", "com.sun.crypto.provider.DESKeyGenerator"); After the KeyGenerator is overwritten with the DESKeyGenerator during the DES algorithm lookup, the key generator is initialized with a SecureRandom generated random number just as in the KeyPairGenerator . After the random number is initialized into the key generator, the javax.crypto.SecretKey object is generated from the key generator. The example shown in Listing 7-12 demonstrates generating a DES secret key, using the KeySpec to save it to the secretKeys file, and then reading it again into a KeySpec . The same key is re-created just from the saved KeySpec information. The DES secret key uses raw bytes as the key material, which is why the KeySpec's key material is returned as a byte array. The output of the DES key demonstration showing that the keys are in fact equal is shown in Listing 7-13. Listing 7-12: The RichDESKey class: A demonstration of the DES secret key package com.richware.chap07; /* * Different imports than RichDSAKey */ import javax.crypto.*; import javax.crypto.spec.*; import java.security.*; import java.io.*; /** * Class RichDESKey * Description: A custom demonstration of * creating, writing, reading and * re-creating a DES public key. * * Copyright: Copyright (c) 2002 Wiley Publishing, Inc. * @author Rich Helton <rhelton@richware.com> * @version 1.0 01-FEB-2002 * DISCLAIMER: Please refer to the disclaimer at the beginning of this book. */ public class RichDESKey { /** * Method main * Description: The main driver to run the methods. * @param args (no arguments presently). * */ public static void main(String args[]) { try { /* * Generate the Secret key */ KeyGenerator keyGen = KeyGenerator.getInstance("DES"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); random.setSeed(101L); keyGen.init(56, random); SecretKey sKey = keyGen.generateKey(); /* * Initialize the KeyFactory for DSA */ SecretKeyFactory kfactory = SecretKeyFactory.getInstance("DES"); /* * Create the DSA public key spec */ DESKeySpec kspec = (DESKeySpec) kfactory.getKeySpec(sKey, DESKeySpec.class); /* * Create the output stream */ System.out.println("********Saving Secret Key*******"); System.out.println(sKey); FileOutputStream fos = new FileOutputStream("secretKeys"); ObjectOutputStream oos = new ObjectOutputStream(fos); /* * Write the Key */ oos.writeObject(kspec.getKey()); /* * Create the input stream */ FileInputStream fin = new FileInputStream("secretKeys"); ObjectInputStream ois = new ObjectInputStream(fin); /* * Read the key variables */ byte[] kMaterial = (byte[]) ois.readObject(); /* * Create the public key again */ DESKeySpec keyspec = new DESKeySpec(kMaterial); SecretKey newKey = kfactory.generateSecret(keyspec); System.out.println("********SecretKey rebuilt*******"); System.out.println(newKey); System.out.println("Do the keys equal :" + newKey.equals(sKey)); /* * Catches */ } catch (Exception e) { e.printStackTrace(); } } } Listing 7-13: Demonstration of the DES secret key: An output of Listing 7-12 >java com.richware.chap07.RichDESKey ********Saving Secret Key******* com.sun.crypto.provider.DESKey@fffe792d ********SecretKey rebuilt******* com.sun.crypto.provider.DESKey@fffe792d Do the keys equal :true One of the changes in Listing 7-12 is that the key factory for handling secret key specifications is the javax.crypto.SecretKeyFactory class. The secret key is developed in a manner similar to development of the key pairs. The difference is that there is a different Java API for handling secret keys, a different provider, different algorithms, and the secret key is a single key instead of a key pair. The similarities are that the classes are engine classes, there is service provider lookup to a provider of the algorithm using many of the same classes, and the KeySpec is used in a similar manner. The sequence diagram for generating the DES secret key is shown in Figure 7-5, which shows that the flow is similar. Figure 7-5: The UML of generating a DES secret key
Java Security Solutions ISBN: 0764549286
EAN: 2147483647 Year: 2001
Pages: 222 Authors: Rich Helton, Johennie Helton
flylib.com © 2008-2017. If you may any questions please contact us: flylib@qtcs.net |