Java Reference
In-Depth Information
8.5.4.3 TrustManagerFactory Class
he javax.net.ssl.TrustManagerFactory is an engine class for a provider-based service
that acts as a factory for one or more types of TrustManager objects. Because it is provider-
based, additional factories can be implemented and conigured that provide additional or alternate
trust managers that provide more sophisticated services or that implement installation-speciic
authentication policies.
8.5.4.4 KeyManager Interface
We have already indicated in the overview that to authenticate to a remote peer, one needs to
initialize an SSLContext object with one or more KeyManagers . By using the internal
default context (e.g., a SSLContext created by SSLSocketFactory.getDefault() or
SSLServerSocketFactory . getDefault()) , a default KeyManager can be created.
Typically, there is a single key manager that supports authentication based on X.509 public key
certiicates. Some secure socket implementations may also support authentication based on other
mechanisms such as shared secret keys, Kerberos, and so on. he KeyManager instances are
created either by using a KeyManagerFactory or by providing a concrete implementation of
the KeyManager interface.
8.5.4.5 KeyManagerFactory Class
he javax.net.ssl.KeyManagerFactory is an engine class for a provider-based service
that acts as a factory for one or more types of KeyManager objects. he SunJSSE provider
implements a factory, which can return a basic X.509 key manager. Because it is provider-based,
additional factories can be implemented and conigured to provide additional or alternate key
managers.
8.6 Summary
We began this chapter by introducing cryptography. We discussed the evolution of cryptogra-
phy through the ages, from the Roman Empire and the world wars to the current-day crypto-
graphic implementations with a computing dimension. Some common terms and deinitions to
aid in the understanding of cryptography and its related concepts were explored. Two important
types of cryptographic implementations were discussed, namely, the symmetric and asymmetric
cryptographic methods of cryptography. We contrasted the two cryptographic implementations
and also highlighted their respective merits and demerits. Symmetric encryption consists of two
types of ciphers: block and stream ciphers. Modes of encryption that are present for block cipher
implementations were explained. Subsequently, we discussed several attacks against cryptogra-
phy like known-plaintext, known-ciphertext, and birthday attack and delved into the reasons
for the success of the said cryptographic attacks. We then explored the realm of Web application
cryptography by studying some of the popular encryption algorithms used to protect data in
storage, following which we also discussed some of the lawed implementations of cryptography
in Web applications, provided an insight into some of the best practices of Web application
cryptography, and explored some of the security compliance and regulatory requirements relat-
ing to the encryption of sensitive data stored or transmitted by an organization. From the Java
Search WWH ::




Custom Search