Java Reference
In-Depth Information
◾
KeyFactory/SecretKeyFactory
Message Authentication Codes (MAC)
◾
◾
KeyPairGenerator
◾
KeyAgreement
KeyGenerator
◾
AlgorithmParameters
◾
AlgorithmParameterGenerator
◾
KeyStore
◾
CertiicateFactory
◾
◾
CertPathValidator
CertPathBuilder
◾
CertStore
◾
We will choose some of important engine classes/algorithms in the following sections.
8.3.5.2.1 The
SecureRandom
Class
In many situations, the developers need to generate a key and initialization vector for use in a sym-
metric algorithm. In such times, the
SecureRandom
class will help in producing true random
numbers, as enunciated above. he
SecureRandom
class provides two important methods in
realizing this—
getProvider()
and
getAlgorithm()
. More details on
SecureRandom
class are elaborated below:
he
SecureRandom
extends
Random
class and provides a “cryptographically strong” ran-
dom number generator (RNG). A cryptographically strong random number essentially means
that it minimally complies with the statistical random number generator tests speciied in Federal
Information Processing Standards (FIPS) 140-2, Security Requirements for Cryptographic
Modules, section 4.9.1. Moreover, it is important that this class produce nondeterministic RNG
output. herefore, any seed material passed to a
SecureRandom
object for generating the RNG
must be unpredictable, and all
SecureRandom
output sequences must be cryptographically
strong.
SecureRandom
implementation can generate both pseudorandom numbers (using a
deterministic algorithm to produce a pseudorandom sequence from a true random seed) and true
random numbers (other implementations producing true random numbers). his class can also be
used to generate random request tokens that are stored in the user session to protect against cross-
site request forgery (CSRF). CSRF protection was discussed in Chapter 7.
8.3.5.2.2 The
MessageDigest
Class
he
MessageDigest
class of the
java.security
package is essentially an abstract class
that extends the
MessageDigestSpi
class. his
MessageDigest
class provides applica-
tions with the services of providing message digest algorithm, such as MD5 or SHA. Message
digests are secure one-way hash functions that transform any variable-length cleartext to a
ixed-length hash value.
he process of
MessageDigest
transpires as follows: A
MessageDigest
object starts
out initialized. he data are processed through it using methods such as
u p d ate(),
reset(),
and
digest()
. he information is processed using one or more of overloaded
update()
meth-
ods. Methods such as
reset()
can be called to reset the digest, at any point in time. Once all
the data/information is updated, one of the
digest()
methods should be called to complete the
Search WWH ::
Custom Search