Java Reference
In-Depth Information
Cryptography
The core Java platform doesn't include support for encryption and decryption of
data because of strict U.S. export regulations. The Java Cryptography Extension, or
JCE, does support these technologies, however. To enable them, you simply have
to download and install the JCE from
http://java.sun.com/pr oducts/jce/
. Note that
JCE 1.2.1 (in beta at this writing) is available in a globally exportable version that
allows only weak encryption using reduced key sizes. If you are outside the
United States and Canada, you can use this version of the JCE, or you can obtain
some other implementation that has been developed outside of the United States
and is therefore free from restrictive regulation.
To install the JCE, simply copy all the JAR files that come with it to the
jr e/lib/ext/
directory of your Java distribution. Next, to make the JCE algorithms automatically
available to all Java programs, edit the
jr e/lib/security/java.security
file to include a
line like the following:
security.provider.3=com.sun.crypto.provider.SunJCE
Read the comments in the
java.security
file for more information about what this
line does.
Example 6-5 is a program that allows you to encrypt and decrypt files using the
TripleDES encryption algorithm and to generate TripleDES keys that are stored in
files. It uses the JCE classes in
javax.crypto
and its subpackages. The key classes
are
Cipher
, which represents an encryption or decryption algorithm, and
SecretKey
, which represents the encryption and decryption key used by the algo-
rithm. You can find an API quick-reference for the JCE classes in
Java in a Nut-
shell
. You can also learn more about cryptography and the JCE from
Java
Cryptography
by Jonathan Knudsen (O'Reilly).
Example 6−5: TripleDES.java
package com.davidflanagan.examples.security;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.*;
import java.security.spec.*;
import java.io.*;
/**
* This class defines methods for encrypting and decrypting using the Triple
* DES algorithm and for generating, reading and writing Triple DES keys.
* It also defines a main() method that allows these methods to be used
* from the command line.
**/
public class TripleDES {
/**
* The program. The first argument must be -e, -d, or -g to encrypt,
* decrypt, or generate a key. The second argument is the name of a file
* from which the key is read or to which it is written for -g. The
* -e and -d arguments cause the program to read from standard input and
* encrypt or decrypt to standard output.
**/
public static void main(String[] args) {
try {
