-
Notifications
You must be signed in to change notification settings - Fork 1
Home
neurite edited this page Jul 24, 2017
·
20 revisions
JCA (Java Cryptography Architecture)
JSSE (Java Secure Socket Extensions)
The Java Tutorials -- Security Features in Java SE
Key
|
|__ SecretKey: Group all secret key interfaces and provide type safety
| |
| |__ PBEKey: Password-based encryption key
|
|__ PrivateKey
| |
| |__ RSAPrivateKey
| |
| |__ ECPrivateKey
| |
| |__ DHPrivateKey
|
|__ PublicKey
|
|__ RSAPublicKey
|
|__ ECPublicKey
|
|__ DHPublicKey
Destroyable
- getAlgorithm(): String -- the name of the algorithm that uses this key
- getEncoded(): byte[] -- for transmitting the key outside the JVM
- getFormat(): String -- the encoding format, e.g. "X.509" for RSA public key
All the secret keys and private keys implement this interface. Call destroy() after the use of the key.
- destroy(): void
- isDestroyed(): boolean
- getIterationCount(): int
- getPassword(): char[] -- wipe out the char array after use
- getSalt(): byte[]
(To be written)
To save the key, use Key.getEncoded(): byte[]. If needed, base64 encode the bytes.
To load the key, use the KeySpec types. Depending on the type of the key,
-
SecretKeySpec(key: byte[], algorithm: String)wherealgorithmcan be looked up in Standard Names.SecretKeySpecimplementsKeythus can be used directly as a key.
SecretKeySpec
Java certificate authority (or root certificate): jre/lib/security/cacerts
- ID generation
- S3 HMAC request signing; you can similarly sign the response using HMAC.
- Encryption at rest (one key per item)
- Data upload with a special example of code publishing
- SSL, TLS
- JWT, JWS, JWE
- OAuth
- Data upload using JWE
- Random number generation
- Hashing
- Symmetric encryption
- Asymmetric encryption
openssl
keytool
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS: Or SSL, protocol
- ECDHE: EC, elliptical curve, algorithm; DHE, E is ephemeral, for forward secrecy
- ECDSA_WITH_AES_128: Symmetrical encryption after key exchange
- GCM: Cipher mode
- SHA256: Hashing