Java Reference
In-Depth Information
Data Security Needs and Cryptographic Solutions
Your applications will have some or all of the following data security needs:
•
Integrity
: At the simplest level, you'd like to be sure that the data you're sending is not
getting changed or corrupted in any way. This is data integrity.
•
Authentication
: It's often important to verify the identity of the machine or person on
the other end of your network connection. Authentication is the process of proving
identity.
•
Confidentiality
: If you're sending sensitive data over the network, other people shouldn't
be able to see that information. This is confidentiality.
Cryptography provides solutions for each of these needs:
•
Message digests
: A message digest smushes a large piece of data into a small piece of data.
You might, for example, run an entire file through a message digest to end up with a
160-bit digest value. If you change even 1 bit of the file and run it through the message
digest again, you'll get an entirely different digest value. A message digest value is some-
times called a
digital fingerprint
.
•
Digital signatures
: A digital signature is like a message digest except it is produced by a
particular person, the
signer
. The signer must have a
private key
that is used to create the
signature. A corresponding
public key
can be used by anyone to verify that the signature
came from the signer. The private key and public key together are called a
key pair
. Keys
are really just data—think of an array of bytes.
Certificates
are really just an extension of
digital signatures. A certificate is a document, signed by some authority like the U.S.
Postal Service, that proves your identity. It's like a driver's license, except it's based on
digital signatures.
•
Ciphers
: Ciphers can either encrypt data or decrypt it. An encrypting cipher accepts your
data, called
plaintext
, and produces an unreadable mess, called
ciphertext
. A decrypting
cipher takes ciphertext and converts it back to plaintext. Ciphers use keys; if you encrypt
the same plaintext with two different keys, you'll get two different sets of ciphertext.
A
symmetric
cipher uses the same key for encryption and decryption. An
asymmetric
cipher operates with a key pair—one key is used for encrypting, while the matching key
is used for decrypting. Ciphers operate in different
modes
that determine how plaintext
is encrypted into ciphertext. This, in turn, affects the use and security of the cipher.
Note
For comprehensive coverage of cryptographic concepts and algorithms, see Bruce Schneier's
Applied Cryptography: Protocols, Algorithms, and Source Code in C
(John Wiley & Sons, 1995). To find out
more about the JCA and JCE in J2SE, read Jonathan's
Java Cryptography
(O'Reilly, 1998). Sun's developer
web site also contains Jonathan's excellent four-part series on security and cryptography in MIDP, located
at
http://developers.sun.com/techtopics/mobility/midp/articles/security1/
.
■
Search WWH ::
Custom Search