Customer Reviews

Beginning Cryptography with Java

5 star:		(7)
4 star:		(2)
3 star:		(3)
2 star:		(0)
1 star:		(0)

 

 

Cryptography is still a delicate issue with a lot of people. There are those, especially in certain law enforcement agencies, who believe that access to stong encryption should not be allowed in the hands of the general public. Indeed, there are export regulations that define encryption technology as munitions. ==At the other end of the scale, there is the simple fact that without secure data transmission, web based electronic commerce would simply be impossible.

This book is on the use of standard Java encryption libraries. This book is written for people who are Java developers and are trying to make use of cryptography in their applications. It presumes that you are familiar with the Java language, but it does not assume you have any familiarity with the encryption APIs. The book covers the recent updates in the security APIs with J2SE 5.0.

This book is very good from the programming point of view, it does not have a lot of history or the background technology of how encryption is done.

Whether it is complete or not (of course, it is not), I would challenge anyone to point at a single alternative book covering Java cryptography at a greater level of details. The style is clear, coverage of ASN.1 is very helpful, and selection of BouncyCastle open source cryptoprovider is the most natural one. Lots more of details and code samples can be found in Bouncy Castle javadocs, but to navigate them without conceptual understanding of Java security in general and BouncyCastle implementation in particular, gained from the book like this one, would be a nightmare.

"Inside Java 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition)" would be another book to recommend, for general overview of Java Security Platform, and, also, to make sense of Java Cryptography Extension (JCE) APIs standardizing access to cryptoproviders' (such as BouncyCastle) libraries. But, of course, the two books have very little overlap.

This book is the best choice if you need to initiate in the use of java crypto API (as its title claims) and it informs extensively about Bouncy Castle crypto API (which I also recommend).

Definitely a good book.

By anyone's measure, cryptography is a dry and dusty subject but Hook has made it a pleasure to read this book both by trying to keep the tone light and having such a deep and thorough understanding of the topic that the discussion is effortless. While he moves through the subject matter briskly, his mastery of the area means that it's elegantly structured and easy to follow.

All the Wrox books seem to follow a pretty rigid format and I felt sometimes that had the author been given a little more flexibility there, it could have flowed more easily. That said, the consistent organisation of the book makes it easier to use as a reference.

If you are just beginning Java this may be a little over your head. However, the concepts and sample applications are all relatively simple. The first chapter provides an excellent overview of why and how the Java crypto architecture works.

I do not regularly keep up with crypto news so some of the tips in this book have been helpful such as not to use SHA1 anymore. It it helpful when the book goes into potential attacks on code as well in order to provide the reader with ideas of the best approach to building secure architectures.

Prior to purchasing this book I had been trying to use several different online examples that did not go into enough depth. I would be willing to recommend this book to anyone trying to do crypto in Java.

This book guided me to understand cryptography with Java, but it was not easy.

Even having in mind that this would not be a "for dummies" book, and also knowing cryptography is a hard subject on its own, I found this book hard to follow in many times. Please note I read technical books regularly.

The author demands a lot from the reader. That's because one thing is to read and simply try to understand what the author is saying. That is not so hard. But another thing is to stop and think how you would actually use and code the processes in real life. I think the book deserves more paragraphs in the end of the chapters, to help the reader concludes important points on each subject. Examples of what you find throughout the book:

- in the RSA sections, the book does not talk clearly about what details must and what details must not be agreed between the 2 parties before the process. Do the parties have to agree upon the symmetric key size? Both the mode and the padding of the 2 cryptography (RSA and symmetric) have to be agreed or each party can choose freely?
- in Diffie-Hellman, in real life applications, do the parties have to previously agree upon the value of P and G?

It is up to the reader to find out this kind of "detail", having to make and test his own code or to make further researches.

Another point is that the sample codes the book has are a little too much simplified. Of course, this is good to introduce a new concept, and also for the sake of the book size. But something that bothered me a lot was the fact the the codes are never split between the code that runs in one of the parties (the sender, for instance) and the other party (the receiver). They were always a single block of code, with the codes of the 2 parties mixed up and reusing variables (a good example of this is the Diffie-Hellman code blocks), making it harder, again, to understand how things would be in real life.

I do not need a for dummies book. But a couple more of sentences in each chapter, to help the reader a littler more, would be appreciated.

EDITED: initially I had given 3 stars, but reading the book further, I think it deserves 4 stars. The problems I listed for the first chapters do exist, but only 3 stars would not make justice for this book.

The book contains a ton of technical names of various encryption algorithms and explanations of how they work, and other horribly boring things like that, somehow it's a fairly interesting read despite that and the code examples give you exactly what you need to get up and running. That said, that's just cryptography for ya, I gave the book a 5 star rating.

Wrox books are well known for being good. The chapters are easy to read even though the ropic itself may seem daunting. Each chapter has several short programs that are downloadable to illustrate the concepts in the chapters. All that is needed is Java to be installed (which is free to download as well.) The hardest part is getting it set up in the first chapter (getting the unlimited security installed), and even that wasn't all that bad if you follow the steps.

I am using the book with a graduate class, so I am only partway through, but so far, I am pleased.

I've had a lot of books on my Java bookshelf over the last 15 years. Most I no longer own because the material or ideas are dated. But this book will stay as long as I write Java code, and has attained a "do not loan" (because it might not come back) status. It's well-written and an indispensable reference for Java security programming info that you don't keep in your head. Even in 2011, I can open this book and quickly refresh my memory on such topics as coding trust managers, key managers, and therefore support for SSL where the default cacerts file does not contain certs my app needs to trust.

I enthusiastically recommend this book to anyone working with Java crypto, including working with custom SSL code.

This text has a lot of code snippets. If you like copying code into an IDE, compiling and running with litle understanding of what the code is doing, this book is for you. This is an old book 2005 so the author had a superficial unnderstanding of cryptography when he wrote it. Terms just mysteriously appear with no lead in. Consider a newer and more comprehensive text.