Dôležité triedy a interface:• Cipher• MAC• SecureRandom• KeyGenerator• KeyPairGenerator• Signature• KeyStore

JAVA API JS API

JCA

JCE

AbstractionLayer

Service ProviderInterface

Provider functionality

Application code JCE/JCA API

JCE/JCA SPI Classes In Provider

Provider Internal Classes

private static Key createKey() throws Exception {

Key k = null; KeyGenerator kg = KeyGenerator.getInstance(“AES”); k = kg.generateKey(); return k;}

private static KeyPair createKeyPair() throws Exception {

KeyPair k = null; KeyGenerator kg = KeyGenerator.getInstance(“RSA”); k = kg.generateKeyPair(); return k;}

private static PublicKey getPubliceKey(KeyPair kp) throws Exception {

return kp.getPublic();}

private static PrivateKey getPrivateKey(KeyPair kp) throws Exception {

return kp.getPrivate();}

1. Vytvoríme alebo načítame inštanciu triedy Key

2. Vytvoríme inštanciu triedy Cipher v šifrovacom móde

3. Vykonáme šifrovanie

private static byte[] encrypt(String plainText, PrivateKey pk) throws Exception {

byte[] plainData = plainText.getBytes(“UTF-8”); Cipher c = Cipher.getInstance(“RSA”); c.init(Cipher.ENCRYPT_MODE, pk); byte[] cipherData = c.doFinal(plainData); return cipherData;}

1. Načítame inštanciu triedy Key2. Vytvoríme inštanciu triedy Cipher v

dešifrovacom móde3. Vykonáme dešifrovanie

private static byte[] decrypt(byte[] cipherData, PublicKey pk) throws Exception {

Cipher c = Cipher.getInstance(“RSA”); c.init(Cipher.DECRYPT_MODE, pk); byte[] plainData = c.doFinal(plainData); return plainData;}

private static Certificate getCertificate (File file) throws Exception {

Certificate certificate = null; FileInputStream is = new FileInputStream(file); CertificateFactory cf = CertificateFactory.getInstance(“X.509”); certificate = cf.generateCertificate(is); return certificate;}

public byte[] getHash(String input) throws Exception {

MessageDigest messageDigest = MessageDigest.getInstance(“SHA”); messageDigest.reset(); messageDigest.update(input.getBytes(“UTF-8”)); return messageDigest.digest();}

public static byte[] sign(String input, PrivateKey pk) throws Exception {

Signature sign = Signature.getInstance(“DSA”); signature.initSign(pk); signature.update(input.getBytes(“UTF-8”)); return signature.sign();}

public static boolean verify(byte[] input, PublicKey pk) throws Exception {

Signature sign = Signature.getInstance(“DSA”); signature.initVerify(pk); return signature.verify(input);}

keytool -genkey –alias ALIAS -keystore main.keystore -keypass KEYPASS -storepass STOREPASS -keyalg RSA

keytool -exportcert -alias ALIAS –file certificate.cer -keystore main.keystore -keypass KEYPASS -storepass STOREPASS

private static Key getKey() throws Exception{ Key k = null; KeyStore ks = KeyStore.getInstance(“jks”); ks.load(new FileInputStream(“main.keystore”),

“STOREPASS”.toCharArray()); k = ks.getKey(“ALIAS”,

“KEYPASS”.toCharArray()); return k;}

private static void saveKey() throws Exception{ Key k = null; KeyStore ks = KeyStore.getInstance(“jks”); KeyGenerator kg =

KeyGenerator.getInstance(“AES”); k = kg.generateKey(); ks.setKeyEntry(“ALIAS”, k,

“KEYPASS”.toCharArray(), null); ks.store(new FileOutputStream(“main.keystore”),

“STOREPASS”.toCharArray());}

Základný tvar príkazu: jarsigner jar-file alias

jar-file – cesta a meno súboru, ktorý chceme podpisovať

alias - alias identifikujúci súkromný kľúč, ktorý bude použitý na podpísanie .jar súboru

jarsigner –keystore main.keystore –storepass STOREPASS –keypass KEYPASS file.jar ALIAS

• vygenerovanie páru kľúčov• vytvorenie certifikátu• vytvorenie aplikácie typu klient-server komunikujúci cez

SSLServerSocket a SSLSocket

• prístup k súkromnému kľúču(dekódovanie správ)• prístup k certifikátu(musí ho poslať klientovi)• vytvoriť SSL server socket

Normálne sockety:

serverSocket = new ServerSocket(port); clientSocket = serverSocket.accept();

Štruktúra zdrojového kódu: importy public class SecureSocketServer { deklarácia premenných public static voi main(String[] args) { inicializácia SSLServerSocket sslClientSocket = (SSLSocket) SSLServerSocket.accept(); asociácia I/O streamov so socketmi Input/Output (komunikácia) zatváranie socketov a streamov } }

import java.net.*;import java.io.*;import javax.net.ssl.*;import java.security.*;

public class SecureSocketServer { static final String KEYSTORE = "myStore.ks"; static final String STOREPASSWD = "123456"; static final String ALIASPASSWD = "123456";

public static void main(String[] args) throws Exception { KeyStore ks = KeyStore.getInstance("JCEKS"); ks.load( new FileInputStream( KEYSTORE ), STOREPASSWD.toCharArray() ); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init( ks, ALIASPASSWD.toCharArray() ); SSLContext sslContext = SSLContext.getInstance( "TLS" );

sslContext.init( kmf.getKeyManagers(), null, null ); SSLServerSocketFactory sslServerFactory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerFactory.createServerSocket(4444); sslServerSocket.setEnabledCipherSuites( sslServerSocket.getSupportedCipherSuites());

SSLSocket sslClientSocket = (SSLSocket)sslServerSocket.accept();

PrintWriter out = new PrintWriter(sslClientSocket.getOutputStream(), true);BufferedReader in = new BufferedReader(new InputStreamReader( sslClientSocket.getInputStream()));String inputLine = in.readLine();if (inputLine.equals("Hello")) out.println("Connection established");else out.println("Connection refused");

out.close(); in.close(); sslClientSocket.close(); sslServerSocket.close(); }}

SSLContext sslContext = SSLContext.getInstance( "TLS" );KeyStore ts = KeyStore.getInstance("JCEKS");ts.load(new FileInputStream(TRUSTSTORE), TRUSTSTOREPASSWD.toCharArray());TrustManagerFactory tfm = TrustManagerFactory.getInstance("SunX509");tfm.init(ts);sslContext.init(null, tfm.getTrustManagers(), null );SSLSocketFactory sslFact = sslContext.getSocketFactory();SSLSocket client =

(SSLSocket)sslFact.createSocket("localhost",4444);client.setEnabledCipherSuites( client.getSupportedCipherSuites());