11.4 JCE in Practice

Previous page
Table of content
Next page
 < Day Day Up > 

Listing 11.12 on page 420 showed how to encrypt and then decrypt the contents of a file in the same code fragment. However, real-life situations are more complex. A realistic situation would be when two personssay, Bob and Aliceare situated at two different locations and want to exchange data safely by encrypting it during transmission. In this case, there will be two different programs for encryption and decryption. It should be noted that sending a secret key along with the encrypted message would be like locking jewels in a box and then sending the key along with the locked box of jewels . A secure solution is for Bob and Alice to generate the same secret key independently. The general steps required in this process are as follows .

  1. Bob and Alice establish a secret key between themselves , without transmitting it over the network.

  2. Bob runs a program that encrypts data using the secret key and sends the encrypted data over the network to Alice.

  3. Alice runs a program that uses the secret key to decrypt the data encrypted by Bob.

The following list describes in more detail the steps involved in this process.

  1. Both Bob and Alice generate a key pair using the DH algorithm. The private key in this key pair is used to initiate a KeyAgreement object by either party.

  2. The public key generated in the key pair is encoded and stored in a file by both parties. Both parties now send this file to each other.

  3. Using the public key belonging to Alice and Bob's own private key, Bob's KeyAgreement object generates a secret key using the DES algorithm.

  4. Similarly, using the public key belonging to Bob and Alice's own private key, Alice's KeyAgreement object generates the same secret key, also using the DES algorithm.

  5. Using the secret key, Bob encrypts the confidential data he wants to send to Alice and stores the encrypted data in a file. The encryption is done using a Cipher object that is initialized in the encrypt mode. The file containing the encrypted data is then transmitted over the network to Alice.

  6. Using the secret key, Alice decrypts the data that she has received from Bob and stores the decrypted data in a file. The decryption is done using a Cipher object at Alice's end, which is initialized in the decrypt mode.

11.4.1 Bob's Program

Listing 11.14 shows the code fragment embedded in Bob's J2EE application. This code is responsible for

  1. Generating Bob's public and private key pair

  2. Storing Bob's public key to a file , bobPublicKeyFile simulating Bob's publishing his public key

  3. Obtaining Alice's public key from a file , alicePublicKeyFile simulating the receiving of Alice's public key from Alice or from a Certificate Authority (see Section 10.3.4 on page 372)

  4. Calculating the shared secret key based on Bob's private key and Alice's public key

  5. Encrypting with the secret key an input String object: inputString

  6. Storing the encrypted string to a file , cipherFile simulating the sending of the encrypted string to Alice

Listing 11.14. Bob's Code Fragment for Encryption 
 import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.AlgorithmParameterGenerator; import java.security.AlgorithmParameters; import java.security.KeyPairGenerator; import java.security.KeyPair; import java.security.KeyFactory; import java.security.PublicKey; import java.security.spec.X509EncodedKeySpec; import javax.crypto.KeyAgreement import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.DHParameterSpec; // Other code goes here... // Generate the AlgorithmParameterGenerator object. AlgorithmParameterGenerator gen =    AlgorithmParameterGenerator.getInstance("DH"); gen.init(512); // Generate the AlgorithmParameters. AlgorithmParameters parameters = gen.generateParameters(); DHParameterSpec paramSpec = (DHParameterSpec)    parameters.getParameterSpec(DHParameterSpec.class); // Generate and initialize the KeyPair. KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH"); kpg.initialize(paramSpec); KeyPair kp = kpg.generateKeyPair(); // Write the PublicKey to a file. byte[] pubKeyEnc = kp.getPublic().getEncoded(); FileOutputStream fos = new    FileOutputStream(bobPublicKeyFile); fos.write(pubKeyEnc); fos.close(); // Generate and initialize the KeyAgreement object. KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(kp.getPrivate()); // Wait for Alice's public key. boolean read = false; while(!read)    try    {       FileInputStream fis = new          FileInputStream("alicePublicKeyFile");       fis.close();       read = true;    }    catch (Exception e)    {       System.out.println(e);    } // Get Alice's PublicKey. FileInputStream pfis = new FileInputStream("alicePublicKeyFile"); byte[] encKey = new byte[pfis.available()]; pfis.read(encKey); pfis.close(); X509EncodedKeySpec pubKeySpec = new    X509EncodedKeySpec(encKey); KeyFactory kf = KeyFactory.getInstance("DH"); PublicKey alicePubKey = kf.generatePublic(pubKeySpec); // Generate the SecretKey. ka.doPhase(alicePubKey, true); SecretKey secretKey = ka.generateSecret("DES"); // Generate and initialize the Cipher object. Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey); // Store the encrypted data in a file. byte[] data = inputString.getBytes(); byte[] cipherData = cipher.doFinal(data); FileOutputStream cfos = new FileOutputStream("cipherFile"); cfos.write(cipherData); cfos.close(); // Other code goes here...

11.4.2 Alice's Program

Listing 11.15 shows the code fragment embedded in Alice's J2EE application. This code is responsible for

  1. Obtaining Bob's public key from a file , bobPublicKeyFile simulating the receiving of Bob's public key from Bob or from a CA

  2. Generating Alice's public- and private-key pair

  3. Storing Alice's public key to a file , alicePublicKeyFile which simulates Alice's publishing her own public key

  4. Calculating the shared secret key based on Alice's private key and Bob's public key

  5. Getting the encrypted string generated by Bob from a file , cipherFile simulating the receiving of the encrypted string from Bob

  6. Decrypting the encrypted string and storing the decrypted contents to a file: dataFile

Listing 11.15. Alice's Code Fragment for Decryption 
 import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.AlgorithmParameterGenerator; import java.security.AlgorithmParameters; import java.security.KeyPairGenerator; import java.security.KeyPair; import java.security.KeyFactory; import java.security.PublicKey; import java.security.spec.X509EncodedKeySpec; import javax.crypto.KeyAgreement; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.DHParameterSpec; import import javax.crypto.interfaces.DHPublicKey; // Other code goes here... // Wait for Bob's public key. This is done by looping until // Bob's public key is received. boolean over = false; while (!over)    try    {       FileInputStream pfis1 =          new FileInputStream("bobPublicKeyFile");       pfis1.close();       over = true;    }    catch (Exception e)    {       System.out.println(e);    } // Get Bob's PublicKey. FileInputStream pfis = new FileInputStream("bobPublicKeyFile"); byte[] encKey = new byte[pfis.available()]; pfis.read(encKey); pfis.close(); X509EncodedKeySpec pubKeySpec =    new X509EncodedKeySpec(encKey); KeyFactory kf = KeyFactory.getInstance("DH"); PublicKey bobPubKey = kf.generatePublic(pubKeySpec); // Get the parameters of Bob's PublicKey. DHParameterSpec paramSpec =    ((DHPublicKey) bobPubKey).getParams(); // Generate Alice's KeyPair. KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH"); kpg.initialize(paramSpec); KeyPair kp = kpg.generateKeyPair(); // Get Alice's PublicKey and store it to a file. byte[] pubKeyEnc = kp.getPublic().getEncoded(); FileOutputStream fos =    new FileOutputStream("alicePublicKeyFile"); fos.write(pubKeyEnc); fos.close(); // Generate and initialize the KeyAgreement object. KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(kp.getPrivate()); // Generate the shared SecretKey ka.doPhase(bobPubKey, true); SecretKey secKey = ka.generateSecret("DES"); // Generate and initialize a Cipher object. Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, secKey); // Wait for the file produced by Bob containing the encrypted // data. boolean read = false; while (!read) try {    FileInputStream cfis = new FileInputStream("cipherFile");    cfis.close();    read = true; } catch(Exception e) { } // Get the file produced by Bob containing the encrypted // data. FileInputStream cfis = new FileInputStream("cipherFile"); byte[] cipherData = new byte[cfis.available()]; cfis.read(cipherData); cfis.close(); // Decrypt Bob's encrypted data and store the decrypted data // to a file. byte[] data = cipher.doFinal(cipherData); FileOutputStream dfos = new FileOutputStream("dataFile"); dfos.write(data); dfos.close();
 < Day Day Up > 

Previous page
Table of content
Next page
Enterprise Java Security. Building Secure J2EE Applications
Enterprise Javaв„ў Security: Building Secure J2EEв„ў Applications
ISBN: 0321118898
EAN: 2147483647
Year: 2004
Pages: 164
Authors: Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin
BUY ON AMAZON
Java for RPG Programmers, 2nd Edition
An Introduction to Design Patterns in C++ with Qt 4
Microsoft WSH and VBScript Programming for the Absolute Beginner
File System Forensic Analysis
Java Concurrency in Practice
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy