Java Reference
In-Depth Information
hash computation. he
digest()
method can be called once for a given number of updates.
After the
digest()
method has been called, the
MessageDigest
object is reset to its initial-
ized state.
To protect against birthday attacks (Section 8.1.6) or collisions, it is recommended that hash-
ing be performed with salts. he salts are random-byte values that are added to the hashing process
to introduce more randomness to the hashed value, ensuring that it is collision resistant. he salt
may ideally be a 64-bit value (recommended by the PKCS5 Standard). he salt can be introduced
to the hashing process with the
update()
method. Salts may be stored as cleartext next to the
hashed information. he salt value for each entry should be diferent.
8.3.5.2.3 The
Cipher
Class
he cipher class provides the functionality of a cryptographic cipher for encryption and decryption
operations of the information. It is important to note that this is a very important class that forms
the core of the JCE framework. To instantiate a cipher object, the application developer initiates
one of the cipher's overloaded
getInstance()
methods and passes the name of the requested
“transformations” to it.
A transformation, indicated above, is essentially a string object that describes the operation
(or set of operations) to be performed on the given input to produce some output. A transforma-
tion always includes the name of a cryptographic algorithm (e.g., DES) and may be followed by a
feedback mode and padding scheme.
he cipher class has a number of utility methods that help in carrying out various encryption/
decryption operations. Some of them are
i n it(),
u p d ate(),
and
doFinal()
.
8.3.5.2.4 The
KeyFactory
Class
he
KeyFactory
class helps in building key factories. With the help of a
KeyFactory
,
a developer can generate a public key, a private key, or even transformation. his aspect of the
KeyFactory
is very useful in the transformation of keys. he factories help in the conversion of
keys (opaque cryptographic keys of type key) into key speciications (transparent representations of
the underlying key material), and vice versa. his way, the key factories are bidirectional in nature
and functionality.
In an enterprise environment, multiple compatible key speciications may exist for the
same key. For instance, a DSA public key may be speciied using key speciications such as
DSAPublicKeySpec or X509EncodedKeySpec. In such situations, the key factory can be used to
translate between compatible key speciications.
8.3.5.2.5 The
KeyGenerator
Class
his class of the JCE provides the functionality of symmetric key generator. Developers can use
an appropriate
getInstance()
method to construct the
KeyGenerator
object of this class.
KeyGenerator
objects are reusable in nature, and the same
KeyGenerator
object can be
reused to generate further keys. JCE provides two ways of generating the key: through the use
of algorithm-speciic initialization of the
KeyGenerator
object or the algorithm-independent
initialization of the
KeyGenerator
object.
As a part of algorithm-speciic initialization, JCE provides two init methods that have an
AlgorithmParameterSpec argument:
init(AlgorithmParameterSpec
params)
and
Search WWH ::
Custom Search