Database Reference
In-Depth Information
}
// Appreciate the power of random
iterationCount =
random
.nextInt( 10 ) + 15;
salt = new byte[SALT_LENGTH];
for( int i = 0; i < SALT_LENGTH; i++ ) {
salt[i] = ( byte )
random
.nextInt( 256 );
}
}
Note
You can find this code in the file
Chapter6/orajavsec/OracleJavaSecure.java.
Calculating the Size of the Password
The first thing you'll notice in Listing 6-1 is a definition of the maximum size of the passphrase. It is
calculated based on the size of the RSA key.
maxPassPhraseBytes = ( keyLengthRSA/8 ) - 11;
The reason we base our password length on the size of the RSA key is that we are going to encrypt
our passphrase with the public key, and RSA can only encrypt a byte array smaller than its own key,
minus the padding.
We could have made
maxPassPhraseBytes
a constant, but we might have been tempted to try
something larger (okay, I tried it) had we not known the derivation. Also, we may at some point increase
the RSA key size, which will automatically translate into a larger passphrase length.
Respecting the Power of Random
In our method, shown in Listing 6-1, we instantiate a byte array the size of
maxPassPhraseBytes
and
populate it with random characters in the
for
loop. Notice the parameters for the random character. We
want our passphrase to be made up of printable characters in the ASCII range of 32 to 126.
We will set the iteration count to be a random number between 15 and 25.
And we will populate the salt byte array with random bytes between 0 and 256. Our salt byte array
size is fixed at eight bytes. We declare
SALT_LENGTH
as a constant (static final).
All of these artifacts of our password-based encryption will be generated for each Oracle session and
passed back to the client. They will be encrypted using the RSA public key prior to transmission. The
client will decrypt them using the private key. Then with those artifacts in hand, the client will create an
identical secret password key to use in sending and receiving encrypted data.
Initializing Static Class Members
We are going to move the initialization of two static class members from their previous location in a
method out into the class body. See Listing 6-2. Instead of two separate calls to the
makeCryptUtilities()
method (one on the client and a different one on the server), we unify the process
of creating these components. We will instantiate the
SecureRandom
at the point of definition, and we will
instantiate the
cipherRSA
in a static initializer block (catching Exceptions, as required).
