Who Are You?
This book is written for moderately experienced Java developers whoare interested in cryptography. It describes cryptographicdevelopment in Java. If you know nothing about cryptography,dont worrytheres a whole chapter () that describes the concepts. The main thrustof this book is to detail the classes and techniques that you need toadd cryptographic functionality to your Java application.
This book stubbornly sticks to its subject, cryptographic developmentin Java. If youre curious about the mathematics or politics ofcryptography, pick up a copy of Bruce Schneiers Applied Cryptography (Wiley). Although I willimplement the ElGamal cipher and signature algorithms in ), I wont try to explain the laws indetail or comment on them. A solid book on the mathematics ofcryptography is the Handbook of AppliedCryptography by Alfred J. Menezes et al. (CRC Press). Fora recent look at the politics of cryptography, see Privacyon the Line: The Politics of Wiretapping and Encryption ,by Whitfield Diffie and Susan Landau (MIT Press).
If you need to get up to speed with Java development, I suggest theseOReilly books:
David Flanagans Java in a Nutshell provides a speedy introduction to Java for the experienced developer.
Exploring Java , by Pat Niemeyer and Joshua Peck,has a gentler learning curve for the less experienced developer.
For an overview of the entire Java Security API, try ScottOaks Java Security , also published byOReilly.
About This Book
This book is organized like a sandwich. The outer chapters ( (the meat) are a methodical and pragmaticdescription of cryptographic programming in Java, including numeroususeful examples.
, describes cryptographys role insecure systems development and introduces some short examples ofcryptographic programming.
, introduces the fundamental concepts ofcryptography: ciphers, message digests, signatures, and randomnumbers.
, presents a birds-eye view ofJava cryptographic software packages and introduces the ProviderArchitecture that underlies the Java Security API.
, describes cryptographic random numbersin Java.
, describes the key management classesthat are included with the JDK.
, shows how to use message digests,signatures, and certificates for authentication.
, covers encryption: symmetric andasymmetric ciphers, cipher modes, and hybrid systems.
, describes how to create signed applets.
, describes how to write a securityprovider. It includes classes that implement the ElGamal cipher andsignature algorithms.
, presents a completely functionalapplication, a cryptographically enabled network talk application.
, includes another complete application,a cryptographically enabled email client.
, talks about noncryptographic securityissues you should know about.
, discusses theBigInteger
class, which is useful for implementingthe mathematics of cryptographic algorithms.
, presents classes for base64 conversion.
, describes the jar
archiving tool, which is used to bundle up Java applets andapplications.
, includes a description of the JDK 1.1javakey
tool, which is used to manage a databaseof keys and certificates.
, contains a quick reference listing ofthe cryptographic classes covered in this book.
Whats Not in This Book
This book does not discuss:
For a thorough treatment of these subjects, seeOReillys Java Security .
About the Examples
Versions
The examples in this book run with the Java Developers Kit(JDK) 1.2 and the Java Cryptography Extension (JCE) 1.2. The examplesin the book were tested with JDK 1.2beta3 and JCE 1.2ea2. Some of thetopics covered are applicable to JDK 1.1, especially theIdentity
-based key management discussed in .However, anything involving encryption requires the JCE. The onlysupported version of the JCE is 1.2, and it only runs with JDK 1.2.(Although the JCE had a 1.1 release, it never progressed beyond theearly access stage. It is not supported by Sun and not available fromtheir web site any longer.)
The signed applets in work with HotJava1.1, Netscape Navigator 4.0, and Internet Explorer 4.0.
File Naming
This book assumes you are comfortable programming in Java andfamiliar with the concepts of packages andCLASSPATH
. The source code for examples in thisbook should be saved in files based on the class name. For example,consider the following code:
import java.applet.*;import java.awt.*;public class PrivilegedRenegade extends Applet { ...}
This file describes the PrivilegedRenegade
class;therefore, you should save it in a file namedPrivilegedRenegade.java.
Other classes belong to particular packages. For example, here is thebeginning of one of the classes from :
package oreilly.jonathan.security;import java.math.BigInteger;import java.security.*;public class ElGamalKeyPairGenerator extends KeyPairGenerator { ...}
This should be saved in oreilly/jonathan/security/ElGamalKeyPairGenerator.java .
Throughout the book, I define classes in theoreilly.jonathan.*
package hierarchy. Some of themare used in other examples in the book. For these examples to workcorrectly, youll need to make sure that the directorycontaining the oreilly directory is in yourCLASSPATH
. On my computer, for example, theoreilly directory lives in c:\Jonathan\ classes. So my CLASSPATH
contains c:\ Jonathan\ classes ; this makes theclasses in the oreilly.jonathan.*
hierarchyaccessible to all Java applications.
CLASSPATH
Several examples in this book consist of classes spread acrossmultiple files. In these cases, I dont explicitlyimport
files that are part of the same example.For these files to compile, then, you need to have the currentdirectory as part of your classpath. My classpath, for example,includes the current directory and the Java Cryptography Extension(JCEsee ). On my Windows 95system, I set the CLASSPATH in autoexec.bat asfollows:
set classpath=.set classpath=%classpath%;c:\jdk1.2beta3\jce12-ea2-dom\jce12-ea2-dom.jar