Application Data Protection Techniques - Secure Java: For Web Application Development

Java Reference

In-Depth Information

◾ KeyFactory/SecretKeyFactory

Message Authentication Codes (MAC)

◾

KeyPairGenerator

◾ KeyAgreement

KeyGenerator

◾ AlgorithmParameters

◾ AlgorithmParameterGenerator

◾ KeyStore

◾ CertiicateFactory

◾

◾ CertPathValidator

CertPathBuilder

◾ CertStore

◾

We will choose some of important engine classes/algorithms in the following sections.

8.3.5.2.1 The SecureRandom Class

In many situations, the developers need to generate a key and initialization vector for use in a sym-

metric algorithm. In such times, the SecureRandom class will help in producing true random

numbers, as enunciated above. he SecureRandom class provides two important methods in

realizing this— getProvider() and getAlgorithm() . More details on SecureRandom

class are elaborated below:

he SecureRandom extends Random class and provides a “cryptographically strong” ran-

dom number generator (RNG). A cryptographically strong random number essentially means

that it minimally complies with the statistical random number generator tests speciied in Federal

Information Processing Standards (FIPS) 140-2, Security Requirements for Cryptographic

Modules, section 4.9.1. Moreover, it is important that this class produce nondeterministic RNG

output. herefore, any seed material passed to a SecureRandom object for generating the RNG

must be unpredictable, and all SecureRandom output sequences must be cryptographically

strong. SecureRandom implementation can generate both pseudorandom numbers (using a

deterministic algorithm to produce a pseudorandom sequence from a true random seed) and true

random numbers (other implementations producing true random numbers). his class can also be

used to generate random request tokens that are stored in the user session to protect against cross-

site request forgery (CSRF). CSRF protection was discussed in Chapter 7.

8.3.5.2.2 The MessageDigest Class

he MessageDigest class of the java.security package is essentially an abstract class

that extends the MessageDigestSpi class. his MessageDigest class provides applica-

tions with the services of providing message digest algorithm, such as MD5 or SHA. Message

digests are secure one-way hash functions that transform any variable-length cleartext to a

ixed-length hash value.

he process of MessageDigest transpires as follows: A MessageDigest object starts

out initialized. he data are processed through it using methods such as u p d ate(), reset(),

and digest() . he information is processed using one or more of overloaded update() meth-

ods. Methods such as reset() can be called to reset the digest, at any point in time. Once all

the data/information is updated, one of the digest() methods should be called to complete the

Secure Java: For Web Application Development

Search WWH ::

Custom Search

Home