Skip to content

Home

Jump to bottom
neurite edited this page Jul 16, 2017 · 20 revisions

Basics

  • Random number generation
  • Hashing
  • Symmetric encryption
  • Asymmetric encryption

Java

JCA (Java Cryptography Architecture)

JSSE (Java Secure Socket Extensions)

Standard algorithm names

Tools

openssl

keytool

Bouncy Castle

Bouncy Castle Specifications

Bouncy Castle GitHub mirror

Bouncy Castle tests

Bouncy Castle API

Bouncy Castle PKIX API

Bouncy Castle OpenPGP API

Algorithm Names

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS: Or SSL, protocol
  • ECDHE: EC, elliptical curve, algorithm; DHE, E is ephemeral, for forward secrecy
  • ECDSA_WITH_AES_128: Symmetrical encryption after key exchange
  • GCM: Cipher mode
  • SHA256: Hashing

Keys

Interfaces

  1. Destroyable

  2. Key

  • getAlgorithm(): String -- the name of the algorithm that uses this key
  • getEncoded(): byte[] -- for transmitting the key outside the JVM
  1. SecretKey

"Group (and provide type safety for) all secret key interfaces."

  1. PBEKey

Password-based encryption key. Extends SecretKey and Destroyable.

  • getIterationCount(): int
  • getPassword(): char[] -- wipe out the char array after use
  • getSalt(): byte[]
  1. PrivateKey, PublicKey

Under which, there are DHPrivateKey, DHPublicKey, ECPrivateKey, ECPublicKey, RSAPrivateKey, RSAPublicKey, etc.

Extends SecretKey and Destroyable.

SecretKeySpec

Certificates

Java certificate authority (or root certificate): jre/lib/security/cacerts

Applications

  • ID generation
  • S3 HMAC request signing; you can similarly sign the response using HMAC.
  • Encryption at rest (one key per item)
  • Data upload with a special example of code publishing
  • SSL, TLS
  • JWT, JWS, JWE
  • OAuth
  • Data upload using JWE

Clone this wiki locally