Generating the Secret Key with Java

Previous page
Table of content
Next page
  

The secret key is a single key that is used for both encryption and decryption. The Java APIs in the Java Development Kit are very similar, so an understanding of the key pair API in this chapter is necessary. There are many similarities to generating the key pairs. Some of the differences are dependent on the secret key algorithms and the fact that there is only one key being generated instead of two keys in a key pair.

The javax.crypto.KeyGenerator class is used instead of java.security.KeyPairGenerator class to generate the secret key. Notice that the KeyGenerator comes from a different package, javax.crypto . The KeyGenerator comes from a different package because it uses a different service provider, the SunJCE service provider. The SunJCE service provider was originally a separate distribution in earlier Java Development Kits as the Java Cryptography Extensions (JCE) distribution. The KeyGenerator is an engine class just like the KeyPairGenerator and looks up the service provider and resolves the service provider from the java.security entry shown in Listing 7-10.

Listing 7-10: The SunJCE entry
start example 
 security.provider.4=com.sun.crypto.provider.SunJCE
end example
 

The service provider lookup follows the com.sun.crypto.provider.SunJCE class, which supports a java.security.Provider class and loads up the secret key algorithms. The example displayed in this section is the Data Encryption Standard (DES) secret key algorithm. The KeyGenerator service provider lookup resolves to the DES algorithm in the SunJCE provider. The SunJCE must have executed the put method defined in Listing 7-11 in order for the lookup to succeed.

Listing 7-11: The SunJCE put entry for DES
start example 
 put("KeyGenerator.DES", "com.sun.crypto.provider.DESKeyGenerator");
end example
 

After the KeyGenerator is overwritten with the DESKeyGenerator during the DES algorithm lookup, the key generator is initialized with a SecureRandom generated random number just as in the KeyPairGenerator . After the random number is initialized into the key generator, the javax.crypto.SecretKey object is generated from the key generator. The example shown in Listing 7-12 demonstrates generating a DES secret key, using the KeySpec to save it to the secretKeys file, and then reading it again into a KeySpec . The same key is re-created just from the saved KeySpec information. The DES secret key uses raw bytes as the key material, which is why the KeySpec's key material is returned as a byte array. The output of the DES key demonstration showing that the keys are in fact equal is shown in Listing 7-13.

Listing 7-12: The RichDESKey class: A demonstration of the DES secret key
start example 
 package com.richware.chap07;     /*  * Different imports than RichDSAKey  */ import javax.crypto.*; import javax.crypto.spec.*; import java.security.*; import java.io.*;     /**  * Class RichDESKey  * Description: A custom demonstration of  * creating, writing, reading and  * re-creating a DES public key.  *  * Copyright:    Copyright (c) 2002 Wiley Publishing, Inc.  * @author Rich Helton <rhelton@richware.com>  * @version 1.0  01-FEB-2002  * DISCLAIMER: Please refer to the disclaimer at the beginning of this book.  */ public class RichDESKey {       /**    * Method main    * Description: The main driver to run the methods.    * @param args (no arguments presently).    *    */   public static void main(String args[]) {         try {           /*        * Generate the Secret key        */       KeyGenerator keyGen = KeyGenerator.getInstance("DES");       SecureRandom random =         SecureRandom.getInstance("SHA1PRNG", "SUN");       random.setSeed(101L);       keyGen.init(56, random);       SecretKey sKey = keyGen.generateKey();           /*        * Initialize the KeyFactory for DSA        */       SecretKeyFactory kfactory =         SecretKeyFactory.getInstance("DES");           /*        * Create the DSA public key spec        */       DESKeySpec kspec = (DESKeySpec) kfactory.getKeySpec(sKey,                            DESKeySpec.class);           /*        * Create the output stream        */       System.out.println("********Saving Secret Key*******");       System.out.println(sKey);       FileOutputStream   fos =         new FileOutputStream("secretKeys");       ObjectOutputStream oos = new ObjectOutputStream(fos);           /*        * Write the Key        */       oos.writeObject(kspec.getKey());           /*        * Create the input stream        */       FileInputStream   fin =         new FileInputStream("secretKeys");       ObjectInputStream ois = new ObjectInputStream(fin);           /*        * Read the key variables        */       byte[] kMaterial = (byte[]) ois.readObject();           /*        * Create the public key again        */       DESKeySpec keyspec = new DESKeySpec(kMaterial);       SecretKey  newKey  = kfactory.generateSecret(keyspec);       System.out.println("********SecretKey rebuilt*******");       System.out.println(newKey);       System.out.println("Do the keys equal :"                          + newKey.equals(sKey));           /*        * Catches        */     } catch (Exception e) {       e.printStackTrace();     }   } }
end example
 
Listing 7-13: Demonstration of the DES secret key: An output of Listing 7-12
start example 
 >java com.richware.chap07.RichDESKey ********Saving Secret Key******* com.sun.crypto.provider.DESKey@fffe792d ********SecretKey rebuilt******* com.sun.crypto.provider.DESKey@fffe792d Do the keys equal :true
end example
 

One of the changes in Listing 7-12 is that the key factory for handling secret key specifications is the javax.crypto.SecretKeyFactory class. The secret key is developed in a manner similar to development of the key pairs. The difference is that there is a different Java API for handling secret keys, a different provider, different algorithms, and the secret key is a single key instead of a key pair. The similarities are that the classes are engine classes, there is service provider lookup to a provider of the algorithm using many of the same classes, and the KeySpec is used in a similar manner. The sequence diagram for generating the DES secret key is shown in Figure 7-5, which shows that the flow is similar.

click to expand
Figure 7-5: The UML of generating a DES secret key
Note  

There are many more keys interfaces and algorithms. Some of the keys that come standard with the JDK 1.4 that were not mentioned include the Diffie-Hellman (DH) key pair and the Rivest, Shamir, and Adleman (RSA) key pairs. Other secret keys that are included in the JDK 1.4 are the Password Based Encryption (PBE) and the Data Encryption Standard Encode-Decode-Encode (DES-EDE), commonly known as "Triple DES." These keys are fully supported by distributed service providers, key specifications, and all that is needed for key generation. Chapter 6 goes into detail of how these keys are different algorithmically.

  

Previous page
Table of content
Next page
Java Security Solutions
Java Security Solutions
ISBN: 0764549286
EAN: 2147483647
Year: 2001
Pages: 222
Authors: Rich Helton, Johennie Helton
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
CISSP Exam Cram 2
FileMaker Pro 8: The Missing Manual
Building Web Applications with UML (2nd Edition)
Twisted Network Programming Essentials
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy