< Day Day Up > |
Listing 11.12 on page 420 showed how to encrypt and then decrypt the contents of a file in the same code fragment. However, real-life situations are more complex. A realistic situation would be when two personssay, Bob and Aliceare situated at two different locations and want to exchange data safely by encrypting it during transmission. In this case, there will be two different programs for encryption and decryption. It should be noted that sending a secret key along with the encrypted message would be like locking jewels in a box and then sending the key along with the locked box of jewels . A secure solution is for Bob and Alice to generate the same secret key independently. The general steps required in this process are as follows .
The following list describes in more detail the steps involved in this process.
11.4.1 Bob's ProgramListing 11.14 shows the code fragment embedded in Bob's J2EE application. This code is responsible for
Listing 11.14. Bob's Code Fragment for Encryptionimport java.io.FileInputStream; import java.io.FileOutputStream; import java.security.AlgorithmParameterGenerator; import java.security.AlgorithmParameters; import java.security.KeyPairGenerator; import java.security.KeyPair; import java.security.KeyFactory; import java.security.PublicKey; import java.security.spec.X509EncodedKeySpec; import javax.crypto.KeyAgreement import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.DHParameterSpec; // Other code goes here... // Generate the AlgorithmParameterGenerator object. AlgorithmParameterGenerator gen = AlgorithmParameterGenerator.getInstance("DH"); gen.init(512); // Generate the AlgorithmParameters. AlgorithmParameters parameters = gen.generateParameters(); DHParameterSpec paramSpec = (DHParameterSpec) parameters.getParameterSpec(DHParameterSpec.class); // Generate and initialize the KeyPair. KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH"); kpg.initialize(paramSpec); KeyPair kp = kpg.generateKeyPair(); // Write the PublicKey to a file. byte[] pubKeyEnc = kp.getPublic().getEncoded(); FileOutputStream fos = new FileOutputStream(bobPublicKeyFile); fos.write(pubKeyEnc); fos.close(); // Generate and initialize the KeyAgreement object. KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(kp.getPrivate()); // Wait for Alice's public key. boolean read = false; while(!read) try { FileInputStream fis = new FileInputStream("alicePublicKeyFile"); fis.close(); read = true; } catch (Exception e) { System.out.println(e); } // Get Alice's PublicKey. FileInputStream pfis = new FileInputStream("alicePublicKeyFile"); byte[] encKey = new byte[pfis.available()]; pfis.read(encKey); pfis.close(); X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey); KeyFactory kf = KeyFactory.getInstance("DH"); PublicKey alicePubKey = kf.generatePublic(pubKeySpec); // Generate the SecretKey. ka.doPhase(alicePubKey, true); SecretKey secretKey = ka.generateSecret("DES"); // Generate and initialize the Cipher object. Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey); // Store the encrypted data in a file. byte[] data = inputString.getBytes(); byte[] cipherData = cipher.doFinal(data); FileOutputStream cfos = new FileOutputStream("cipherFile"); cfos.write(cipherData); cfos.close(); // Other code goes here... 11.4.2 Alice's ProgramListing 11.15 shows the code fragment embedded in Alice's J2EE application. This code is responsible for
Listing 11.15. Alice's Code Fragment for Decryptionimport java.io.FileInputStream; import java.io.FileOutputStream; import java.security.AlgorithmParameterGenerator; import java.security.AlgorithmParameters; import java.security.KeyPairGenerator; import java.security.KeyPair; import java.security.KeyFactory; import java.security.PublicKey; import java.security.spec.X509EncodedKeySpec; import javax.crypto.KeyAgreement; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.DHParameterSpec; import import javax.crypto.interfaces.DHPublicKey; // Other code goes here... // Wait for Bob's public key. This is done by looping until // Bob's public key is received. boolean over = false; while (!over) try { FileInputStream pfis1 = new FileInputStream("bobPublicKeyFile"); pfis1.close(); over = true; } catch (Exception e) { System.out.println(e); } // Get Bob's PublicKey. FileInputStream pfis = new FileInputStream("bobPublicKeyFile"); byte[] encKey = new byte[pfis.available()]; pfis.read(encKey); pfis.close(); X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey); KeyFactory kf = KeyFactory.getInstance("DH"); PublicKey bobPubKey = kf.generatePublic(pubKeySpec); // Get the parameters of Bob's PublicKey. DHParameterSpec paramSpec = ((DHPublicKey) bobPubKey).getParams(); // Generate Alice's KeyPair. KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH"); kpg.initialize(paramSpec); KeyPair kp = kpg.generateKeyPair(); // Get Alice's PublicKey and store it to a file. byte[] pubKeyEnc = kp.getPublic().getEncoded(); FileOutputStream fos = new FileOutputStream("alicePublicKeyFile"); fos.write(pubKeyEnc); fos.close(); // Generate and initialize the KeyAgreement object. KeyAgreement ka = KeyAgreement.getInstance("DH"); ka.init(kp.getPrivate()); // Generate the shared SecretKey ka.doPhase(bobPubKey, true); SecretKey secKey = ka.generateSecret("DES"); // Generate and initialize a Cipher object. Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, secKey); // Wait for the file produced by Bob containing the encrypted // data. boolean read = false; while (!read) try { FileInputStream cfis = new FileInputStream("cipherFile"); cfis.close(); read = true; } catch(Exception e) { } // Get the file produced by Bob containing the encrypted // data. FileInputStream cfis = new FileInputStream("cipherFile"); byte[] cipherData = new byte[cfis.available()]; cfis.read(cipherData); cfis.close(); // Decrypt Bob's encrypted data and store the decrypted data // to a file. byte[] data = cipher.doFinal(cipherData); FileOutputStream dfos = new FileOutputStream("dataFile"); dfos.write(data); dfos.close(); |
< Day Day Up > |