Šifrovanie v jave
DESCRIPTION
Šifrovanie v Jave. JCE. Dôležité triedy a interface : Cipher MAC SecureRandom KeyGenerator KeyPairGenerator Signature KeyStore. JCE. JAVA API. JS API. JCA. JCE. JCE. Abstraction Layer. Application code. JCE/JCA API. Service Provider Interface. JCE/JCA SPI Classes In Provider. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/1.jpg)
![Page 2: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/2.jpg)
Dôležité triedy a interface:• Cipher• MAC• SecureRandom• KeyGenerator• KeyPairGenerator• Signature• KeyStore
![Page 3: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/3.jpg)
JAVA API JS API
JCA
JCE
![Page 4: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/4.jpg)
AbstractionLayer
Service ProviderInterface
Provider functionality
Application code JCE/JCA API
JCE/JCA SPI Classes In Provider
Provider Internal Classes
![Page 5: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/5.jpg)
private static Key createKey() throws Exception {
Key k = null; KeyGenerator kg = KeyGenerator.getInstance(“AES”); k = kg.generateKey(); return k;}
![Page 6: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/6.jpg)
private static KeyPair createKeyPair() throws Exception {
KeyPair k = null; KeyGenerator kg = KeyGenerator.getInstance(“RSA”); k = kg.generateKeyPair(); return k;}
![Page 7: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/7.jpg)
private static PublicKey getPubliceKey(KeyPair kp) throws Exception {
return kp.getPublic();}
private static PrivateKey getPrivateKey(KeyPair kp) throws Exception {
return kp.getPrivate();}
![Page 8: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/8.jpg)
1. Vytvoríme alebo načítame inštanciu triedy Key
2. Vytvoríme inštanciu triedy Cipher v šifrovacom móde
3. Vykonáme šifrovanie
![Page 9: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/9.jpg)
private static byte[] encrypt(String plainText, PrivateKey pk) throws Exception {
byte[] plainData = plainText.getBytes(“UTF-8”); Cipher c = Cipher.getInstance(“RSA”); c.init(Cipher.ENCRYPT_MODE, pk); byte[] cipherData = c.doFinal(plainData); return cipherData;}
![Page 10: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/10.jpg)
1. Načítame inštanciu triedy Key2. Vytvoríme inštanciu triedy Cipher v
dešifrovacom móde3. Vykonáme dešifrovanie
![Page 11: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/11.jpg)
private static byte[] decrypt(byte[] cipherData, PublicKey pk) throws Exception {
Cipher c = Cipher.getInstance(“RSA”); c.init(Cipher.DECRYPT_MODE, pk); byte[] plainData = c.doFinal(plainData); return plainData;}
![Page 12: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/12.jpg)
private static Certificate getCertificate (File file) throws Exception {
Certificate certificate = null; FileInputStream is = new FileInputStream(file); CertificateFactory cf = CertificateFactory.getInstance(“X.509”); certificate = cf.generateCertificate(is); return certificate;}
![Page 13: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/13.jpg)
public byte[] getHash(String input) throws Exception {
MessageDigest messageDigest = MessageDigest.getInstance(“SHA”); messageDigest.reset(); messageDigest.update(input.getBytes(“UTF-8”)); return messageDigest.digest();}
![Page 14: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/14.jpg)
public static byte[] sign(String input, PrivateKey pk) throws Exception {
Signature sign = Signature.getInstance(“DSA”); signature.initSign(pk); signature.update(input.getBytes(“UTF-8”)); return signature.sign();}
![Page 15: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/15.jpg)
public static boolean verify(byte[] input, PublicKey pk) throws Exception {
Signature sign = Signature.getInstance(“DSA”); signature.initVerify(pk); return signature.verify(input);}
![Page 16: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/16.jpg)
keytool -genkey –alias ALIAS -keystore main.keystore -keypass KEYPASS -storepass STOREPASS -keyalg RSA
keytool -exportcert -alias ALIAS –file certificate.cer -keystore main.keystore -keypass KEYPASS -storepass STOREPASS
![Page 17: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/17.jpg)
private static Key getKey() throws Exception{ Key k = null; KeyStore ks = KeyStore.getInstance(“jks”); ks.load(new FileInputStream(“main.keystore”),
“STOREPASS”.toCharArray()); k = ks.getKey(“ALIAS”,
“KEYPASS”.toCharArray()); return k;}
![Page 18: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/18.jpg)
private static void saveKey() throws Exception{ Key k = null; KeyStore ks = KeyStore.getInstance(“jks”); KeyGenerator kg =
KeyGenerator.getInstance(“AES”); k = kg.generateKey(); ks.setKeyEntry(“ALIAS”, k,
“KEYPASS”.toCharArray(), null); ks.store(new FileOutputStream(“main.keystore”),
“STOREPASS”.toCharArray());}
![Page 19: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/19.jpg)
Základný tvar príkazu: jarsigner jar-file alias
jar-file – cesta a meno súboru, ktorý chceme podpisovať
alias - alias identifikujúci súkromný kľúč, ktorý bude použitý na podpísanie .jar súboru
jarsigner –keystore main.keystore –storepass STOREPASS –keypass KEYPASS file.jar ALIAS
![Page 20: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/20.jpg)
• vygenerovanie páru kľúčov• vytvorenie certifikátu• vytvorenie aplikácie typu klient-server komunikujúci cez
SSLServerSocket a SSLSocket
![Page 21: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/21.jpg)
• prístup k súkromnému kľúču(dekódovanie správ)• prístup k certifikátu(musí ho poslať klientovi)• vytvoriť SSL server socket
![Page 22: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/22.jpg)
Normálne sockety:
serverSocket = new ServerSocket(port); clientSocket = serverSocket.accept();
![Page 23: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/23.jpg)
Štruktúra zdrojového kódu: importy public class SecureSocketServer { deklarácia premenných public static voi main(String[] args) { inicializácia SSLServerSocket sslClientSocket = (SSLSocket) SSLServerSocket.accept(); asociácia I/O streamov so socketmi Input/Output (komunikácia) zatváranie socketov a streamov } }
![Page 24: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/24.jpg)
import java.net.*;import java.io.*;import javax.net.ssl.*;import java.security.*;
public class SecureSocketServer { static final String KEYSTORE = "myStore.ks"; static final String STOREPASSWD = "123456"; static final String ALIASPASSWD = "123456";
![Page 25: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/25.jpg)
public static void main(String[] args) throws Exception { KeyStore ks = KeyStore.getInstance("JCEKS"); ks.load( new FileInputStream( KEYSTORE ), STOREPASSWD.toCharArray() ); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init( ks, ALIASPASSWD.toCharArray() ); SSLContext sslContext = SSLContext.getInstance( "TLS" );
![Page 26: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/26.jpg)
sslContext.init( kmf.getKeyManagers(), null, null ); SSLServerSocketFactory sslServerFactory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerFactory.createServerSocket(4444); sslServerSocket.setEnabledCipherSuites( sslServerSocket.getSupportedCipherSuites());
![Page 27: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/27.jpg)
SSLSocket sslClientSocket = (SSLSocket)sslServerSocket.accept();
![Page 28: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/28.jpg)
PrintWriter out = new PrintWriter(sslClientSocket.getOutputStream(), true);BufferedReader in = new BufferedReader(new InputStreamReader( sslClientSocket.getInputStream()));String inputLine = in.readLine();if (inputLine.equals("Hello")) out.println("Connection established");else out.println("Connection refused");
![Page 29: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/29.jpg)
out.close(); in.close(); sslClientSocket.close(); sslServerSocket.close(); }}
![Page 30: Šifrovanie v Jave](https://reader035.vdocuments.net/reader035/viewer/2022081420/568159a1550346895dc6f3a0/html5/thumbnails/30.jpg)
SSLContext sslContext = SSLContext.getInstance( "TLS" );KeyStore ts = KeyStore.getInstance("JCEKS");ts.load(new FileInputStream(TRUSTSTORE), TRUSTSTOREPASSWD.toCharArray());TrustManagerFactory tfm = TrustManagerFactory.getInstance("SunX509");tfm.init(ts);sslContext.init(null, tfm.getTrustManagers(), null );SSLSocketFactory sslFact = sslContext.getSocketFactory();SSLSocket client =
(SSLSocket)sslFact.createSocket("localhost",4444);client.setEnabledCipherSuites( client.getSupportedCipherSuites());