Java Reference
In-Depth Information
•
Ciphers
: A cipher lets you encrypt data or decrypt data once it's been encrypted. An
encrypting cipher takes your original message, called
plaintext
, and renders it
unreadable to third parties without the corresponding decrypting cipher. Ciphers
rely on
keys
; to decipher the encrypted message, you must have a key. Today's
ciphers use advancements in number theory that let you split keys into a public
part and a private part; participants sharing a secret message keep their private key
to themselves and use a recipient's public key to encrypt a message.
•
Message digests
: A message digest is nothing more than a cleverly designed hash
function; it takes a large block of data and reduces it to a small block of data. Two
popular message digest functions are SHA-1, which creates a digest 20 bytes long
for an arbitrary input, and MD5, which creates a digest 16 bytes long for an arbi-
trary input.
•
Digital signatures
: A digital signature is a personalized message digest. It uses an
individual's private key to create a message digest that can be verified using the
signer's public key, to prove that the person generating the signature signed the
message.
•
Certificates
: A certificate is really just an extension of a digital signature—it's a doc-
ument signed by a trusted third party that proves your identity.
■
Note
For comprehensive coverage of cryptographic concepts and algorithms, you can't do better than
Applied Cryptography: Protocols, Algorithms, and Source Code in C
by Bruce Schneier (John Wiley & Sons,
1995).
These tools are in widespread use in the mobile marketplace today. Consider digital
signatures and certificates: they provide the backbone for today's on-deck delivery of
wireless applications. Through the Java Verified Program, a third party signs your applica-
tion before giving it to carriers for distribution; when a device downloads your
application, it verifies the signature, permitting access to restricted APIs based on the
authorities that signed your application.
Another application of these tools is HTTPS, based on TLS. HTTPS is the secure ver-
sion of HTTP that you may well be using to secure your application's network. HTTPS can
rely on certificates exchanged between client and server to prove the identify of both;
regardless, it uses public-key ciphers to encrypt the network communication that occurs
between client and server.
Of course, cryptography is but one countermeasure among many. Designing a secure
application requires
defense in depth
—never relying on a single security measure alone.
Strategies including physical security (preventing access to your application service's
