Java Cryptography (Java Series) [Paperback]

Jonathan Knudsen (Author)

Book Description

Series: Java Series | Publication Date: May 8, 1998

Cryptography, the science of secret writing, is the biggest, baddest security tool in the application programmer's arsenal. Cryptography provides three services that are crucial in secure programming. These include a cryptographic cipher that protects the secrecy of your data; cryptographic certificates, which prove identity (authentication); and digital signatures, which ensure your data has not been damaged or tampered with.

This book covers cryptographic programming in Java. Java 1.1 and Java 1.2 provide extensive support for cryptography with an elegant architecture, the Java Cryptography Architecture (JCA). Another set of classes, the Java Cryptography Extension (JCE), provides additional cryptographic functionality. This book covers the JCA and the JCE from top to bottom, describing the use of the cryptographic classes as well as their innards.

The book is designed for moderately experienced Java programmers who want to learn how to build cryptography into their applications. No prior knowledge of cryptography is assumed. The book is peppered with useful examples, ranging from simple demonstrations in the first chapter to full-blown applications in later chapters.

Topics include:

• The Java Cryptography Architecture (JCA)
• The Java Cryptography Extension (JCE)
• Cryptographic providers
• The Sun key management tools
• Message digests, digital signatures, and certificates (X509v3)
• Block and stream ciphers
• Implementations of the ElGamal signature and cipher algorithms
• A network talk application that encrypts all data sent over the network
• An email application that encrypts its messages

Covers JDK 1.2 and JCE 1.2.

Editorial Reviews

Amazon.com Review

Cryptography isn't all there is to security. But rendering information unintelligible to those without the proper key usually plays a big role in any networked data-sharing system. Java Cryptography shows the Java programmer (with or without crypto experience) how to implement ciphers, keys, and other data-obscuring techniques in Java.

The Java language includes lots of classes that are designed to facilitate cryptography, and this book explores them in depth. Key management classes, random-number generators, signed applets, and other parts of the Java security mechanism get attention in these pages. But most interesting are the author's examples. He has written a complete implementation of the ElGamal cipher as a provider in the framework of the Java Security API. If you want to understand how the Provider Architecture works, this is what you need to examine. Don't look here for an explanation of the mathematics, however.

In addition to his discussions and examples for individual pieces of the cryptography infrastructure and his implementation of the ElGamal system, Knudsen includes two nifty crypto-enabled programs: a chat system and an e-mail system.

About the Author

Jonathan Knudsen is an author at O'Reilly & Associates. His books include The Unofficial Guide to Lego Mindstorms Robots, Java 2D Graphics, and Java Cryptography. He is the Courseware Writer for LearningPatterns.com.

Product Details

• Paperback: 368 pages
• Publisher: O'Reilly Media; 1 edition (May 8, 1998)
• Language: English
• ISBN-10: 1565924029
• ISBN-13: 978-1565924024
• Product Dimensions: 9.2 x 7 x 0.7 inches
• Shipping Weight: 1.3 pounds (View shipping rates and policies)
• Average Customer Review: 3.2 out of 5 stars  See all reviews (16 customer reviews)
• Amazon Best Sellers Rank: #1,229,775 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

20 of 20 people found the following review helpful:

3.0 out of 5 stars Written for those without prior crypto experience, November 27, 1998

By A Customer

This review is from: Java Cryptography (Java Series) (Paperback)

This book is intended to teach experienced Java programmers how to add cryptographic elements to their applications. The text is not intended to teach encryption algorithms, basic Java programming, or the overall Java security model: there are other books that fulfill those functions. There is one other limitation: much of the book relies on the Java Cryptography Extensions (JCE) which are only available to those in the United States and Canada (nudge, nudge, wink, wink).

Chapter one lists some fundamentals of encryption and the relationship to security. There are also a couple of programs right off the bat that will let you explore message digests, and encrypting and decrypting messages. The basics of confidentiality, authentication, and some major cryptographic algorithms are outlined in chapter two. The explanations are quite terse, but not out of line with the aim of the book. Java Security Architecture (JCA) is explained in chapter three, along with a quick overview of the API (Application Programming Interface) and SPI (Service Provider Interface). Chapter four introduces Java's own pseudo-random number generator, plus programming for key seeds from keyboard timing. Key management, in chapter five, is somewhat weak. The APIs only deal with hierarchical key certification, but this may simply be an example of Knudsen dealing strictly with the language, and leaving the concepts to others. I was, however, bemused at some passages that may have suffered from a lack of copy editing: for example, one section that seemed to confuse production of Message Authentication Codes with working on Macintosh computers. Authentication of various types is covered quite well in chapter six. Chapter seven's guide to encryption covers details not normally dealt with in cryptography texts because it must handle all matters related to getting an encryption algorithm to actually function in an application.

Chapter eight gives enough detail about signed applets to prove that they are going to be browser specific for a while. Security provider programming is covered in chapter nine, using the ElGamal algorithm as an example. A sample application is created using an encrypted version of the talk utility in chapter ten. An e-mail application is created in chapter eleven using th provider previously generated in chapter nine. Chapter twelve closes off by looking at security design for the system overall.

Appendices review BigInteger arithmetic in Java, the Base64 encoding scheme (an option for converting binary objects to text characters for e-mailing), Java archive files, Javakey, and a quick reference for the Java cryptography classes as covered in the book.

Knudsen states that the book is written, as far as possible, without assuming any prior knowledge of cryptography. In this aim he succeeds rather well. The programmer with no background in encryption can still add a reasonable layer of security to his or her application. Those who study further, of course, will be able to ensure a higher level of protection and reliability.

27 of 29 people found the following review helpful:

1.0 out of 5 stars Teaches cryptography the wrong way, December 31, 1998

By A Customer

This review is from: Java Cryptography (Java Series) (Paperback)

The goal of this book is to show how to implement a secure application. It does not achieve this. Generally, it is a good idea to rely on algorithms and protocol that are published, well analyzed and preferably standardized. Specially public key cryptography has many pitfalls that are difficult to avoid.

However, the author of this book designs his own key exchange protocol and uses ad-hoc padding schemes. This procedure sets a bad example for the reader. The result is what one has to expect from an ad-hoc design: The applications have serious design flaws. For example the ElGamal signature scheme in chapter 9 does not use a hash function besides other omissions. The padding scheme for the ElGamal encryption simply adds 0's and therefore does not prevent chosen message attacks. The key exchange protocol in chapter 10 constructs a session key from two halves that are sent seperately. Each half can be attacked seperately in a reply attack, etc.

To conclude, this book does certainly not show the proper use of cryptography, and hence is hardly worth reading.

6 of 6 people found the following review helpful:

4.0 out of 5 stars Great for beginners, August 9, 2000

By 

Chris Wilper (Austin, TX United States) - See all my reviews

This review is from: Java Cryptography (Java Series) (Paperback)

If you're new to cryptography in general, I'd recommend this book. Within the first chapter I was able to understand quite a few concepts that I had been struggling with. Thanks to the author for not trying to talk over everyone's heads and just getting things laid out simply, with good diagrams. Another reader had the opinion that this book does not introduce the Best Way of doing things, so it's not worth reading. I would disagree. You should read this book with the understanding that it's not going to make you a master cryptography expert, but will give a good introduction.