Beginning Cryptography with Java

David Hook

01_596330_ffirs.qxd 7/15/05 5:06 PM Page iii

01_596330_ffirs.qxd 7/15/05 5:06 PM Page ii

Beginning Cryptography with Java

01_596330_ffirs.qxd 7/15/05 5:06 PM Page i

C1.jpg

01_596330_ffirs.qxd 7/15/05 5:06 PM Page ii

Beginning Cryptography with Java

David Hook

01_596330_ffirs.qxd 7/15/05 5:06 PM Page iii

Beginning Cryptography with JavaPublished byWiley Publishing, Inc.10475 Crosspoint BoulevardIndianapolis, IN 46256www.wiley.com

Copyright 2005 by Wiley Publishing

Published by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN-13: 978-0-7645-9633-9

ISBN-10: 0-7645-9633-0

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

1MA/SV/QX/QV/IN

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by anymeans, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, orauthorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 RosewoodDrive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should beaddressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317)572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REP-RESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CON-TENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUTLIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATEDOR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINEDHEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTAND-ING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFES-SIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENTPROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BELIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE ISREFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMA-TION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THEORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READ-ERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DIS-APPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services or to obtain technical support, please contact our Cus-tomer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not beavailable in electronic books.

Library of Congress Cataloging-in-Publication DataHook, David, 1962Beginning cryptography with Java / David Hook.

p. cm.Includes bibliographical references and index.ISBN-13: 978-0-7645-9633-9 (paper/website)ISBN-10: 0-7645-9633-0 (paper/website)

1. Computer security. 2. Cryptography. 3. Public key infrastructure (Computer security) 4. Java (Computer pro-gram language) I. Title.QA76.9.A25H645 2005005.8--dc22

2005011272

Trademarks: Wiley, the Wiley Publishing logo, Wrox, the Wrox logo, Programmer to Programmer, and related tradedress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United Statesand other countries, and may not be used without written permission. Java is a trademark of Sun Microsystems.All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with anyproduct or vendor mentioned in this book.

01_596330_ffirs.qxd 7/15/05 5:06 PM Page iv

www.wiley.com

About the Author

David HookDavid Hook has been writing software in a variety of domains and languages for the last 20 years. Hehas worked with Java since 1995, originally doing medical imaging before moving into cryptographyand security a year or so later. In April 2000, he co-founded the open source Bouncy Castle cryptographyproject and has played an active role in it ever since. He currently works as a freelance consultant,mainly in Java, doing the odd bit of lecturing and writing on the side. When he is not using his sparetime to work on Bouncy Castle, he spends it pursuing his other interest in computer graphics. He livesin Melbourne, Australia, with his most patient wife Janine and a cat named Hamlet, who really seems tothink hes a little cryptographer in a fur coat. David can be reached at dgh@bund.com.au.

01_596330_ffirs.qxd 7/15/05 5:06 PM Page v

CreditsAcquisitions EditorCarol Long

Development EditorKezia Endsley

Production EditorAngela Smith

Copy EditorJoanne Slike

Editorial ManagerMary Beth Wakefield

Vice President & Executive Group PublisherRichard Swadley

Vice President and PublisherJoseph B. Wikert

Project CoordinatorErin Smith

Graphics and Production SpecialistsApril FarlingDenny HagerJennifer HeleineJulie Trippetti

Quality Control TechnicianCarl PierceBrian H. Walls

Proofreading and IndexingTECHBOOKS Production Services

01_596330_ffirs.qxd 7/15/05 5:06 PM Page vi

To FB and HC.

01_596330_ffirs.qxd 7/15/05 5:06 PM Page vii

01_596330_ffirs.qxd 7/15/05 5:06 PM Page viii

Acknowledgments

First of all, Id like to thank Peter Grant for reviewing the chapters and exercises during the developmentof this book, Jon Eaves who also provided additional feedback, and Bernard Leach, who, with Peter andJon, helped bring the Bouncy Castle project to life.

I would also like to thank Simon McMahon for additional feedback and comments, Jan Leuhe and SharonLiu for answering my questions on early JCE history for this book, not to mention many of the other ques-tions Ive had over the years. Thanks must also go to all the people making up the Bouncy Castle user com-munity where the project has been successful; it is as much due to your feedback, comments,contributions, and patience, as to any other efforts.

To the Wrox crew, especially Carol Long and Carol Griffith for helping me get started and keeping me ontrack, and to my development editor Kezia Endsley, who never commented on the fact, that as a firsttime author, I clearly had no idea what I was doing. If this book provides you with all you expected, it isas much due to Kezias patient editing and direction as it is with any knowledge I have of the subject.

Finally, I would like to thank the members of my family. To my parents, Geoff and Pauline, brothers,Brendan, Martin, and Warwick, and my sister, Sarah, you have all been a constant source of inspirationand support. To my parents-in-law, Ron and Maureen, who quietly went about helping my wife Janinerepaint our house while I was hiding in the office typing furiously, and to my wife Janine who foundtime to support me through the book as well, what can I possibly say? Thank you.

01_596330_ffirs.qxd 7/15/05 5:06 PM Page ix

01_596330_ffirs.qxd 7/15/05 5:06 PM Page x

Contents

Acknowledgments ixIntroduction xxvii

Chapter 1: The JCA and the JCE 1

Basic Architecture 1Provider Signing 4Jurisdiction Policy Files 4

Installing the Unrestricted Policy Files 4Troubleshooting Other Issues 7How Do You Know the Policy Files Really Behave as Sun Says They Do? 7

Installing the Bouncy Castle Provider 7Installing by Configuring the Java Runtime 8

Install the JAR File Containing the Provider 8Enable the Provider by Adding It to the java.security File 8

Installing During Execution 10How Provider Precedence Works 10Examining the Capabilities of a Provider 12Summary 13Exercises 14

Chapter 2: Symmetric Key Cryptography 15

A First Example 15A Basic Utility Class 16The SecretKeySpec Class 19The Cipher Class 19

Cipher.getInstance() 19Cipher.init() 20Cipher.update() 20Cipher.doFinal() 20

Symmetric Block Cipher Padding 21PKCS #5/PKCS #7 Padding 21Other Padding Mechanisms 24

02_596330_ftoc.qxd 7/6/05 2:01 PM Page xi

xii

Contents

Symmetric Block Cipher Modes 24ECB Mode 25CBC Mode 26

Inline IVs 28Creating an IV 30Random IVs 31Creating a SecureRandom Object 31Pseudorandom IVs 32

A Look at Cipher Parameter Objects 34The AlgorithmParameters Class 34CTS Mode: A Special Case of CBC 34Streaming Symmetric Block Cipher Modes 35

CTR Mode 35OFB Mode 37CFB Mode 38

Symmetric Stream Ciphers 39Generating Random Keys 40

The Key Interface 42Key.getAlgorithm() 42Key.getEncoded() 42Key.getFormat() 42

The KeyGenerator Class 42KeyGenerator.getInstance() 43KeyGenerator.init() 43KeyGenerator.generateKey() 43

Password-Based Encryption 43Basic PBE 44

The Password 45The Salt 45The Iteration Count 45

PBE in the JCE 45The PBEParameterSpec Class 48The PBEKeySpec Class 48The SecretKeyFactory Class 48

Key Wrapping 50Doing Cipher-Based I/O 52Summary 55Exercises 55

02_596330_ftoc.qxd 7/6/05 2:02 PM Page xii

xiii

Contents

Chapter 3: Message Digests, MACs, and HMACs 57

Getting Started 57The Problem of Tampering 60Message Digests 62

The MessageDigest Class 64MessageDigest.update() 65MessageDigest.digest() 65MessageDigest.isEqual() 65

Tampering with the Digest 66MACs Based on Digests the HMAC 68

The Mac Class 71Mac.init() 71Mac.update() 71Mac.doFinal() 71

MACs Based on Symmetric Ciphers 72Digests in Pseudorandom Functions 73

PBE Key Generation 74Mask Generation 77

Doing Digest-Based I/O 79Summary 81Exercises 82

Chapter 4: Asymmetric Key Cryptography 83

Getting Started 84The PublicKey and PrivateKey Interfaces 85The RSA Algorithm 85

The KeyFactory Class 88RSAPublicKeySpec and RSAPublicKey 88RSAPrivateKeySpec and RSAPrivateKey 89Creating Random RSA Keys 89

The KeyPair Class 90The KeyPairGenerator Class 91The RSAKeyGenParameterSpec Class 91

Improving RSA Performance 91Chinese Remainder Theorem 92RSAPrivateCrtKeySpec and RSAPrivateCrtKey 92Multi Prime Chinese Remainder Theorem 93

02_596330_ftoc.qxd 7/6/05 2:02 PM Page xiii