DSA keys Asymmetric Keys
9.2.1.1 Using the KeyPairGenerator class
Like all engine classes, the KeyPairGenerator is an abstract class for which there is no implementation in the core API. However, it is possible to retrieve instances of the KeyPairGenerator class via these methods: public static KeyPairGenerator getInstanceString algorithm public static KeyPairGenerator getInstanceString algorithm, String provider Find the implementation of the engine that generates key pairs with the named algorithm. The algorithm should be one of the standard API algorithm names; if an appropriate implementation cannot be found, this method throws a NoSuchAlgorithmException . The first format of this method searches all available providers according to the rules we outlined in Chapter 8. The second method searches only the named provider, throwing a NoSuchProviderException if that provider has not been loaded. These methods search the providers that have been registered with the security provider interface for a key pair generator that supports the named algorithm. The names supported by the standard Sun security provider are DSA and RSA; the JCE security provider also supports the name Diffie−Hellman. The JSSE security provider supplies its own implementation of RSA keys. Once we have the key pair generator, we can invoke any of the following methods on it: public String getAlgorithm Return the name of the algorithm that this key pair generator implements e.g., DSA. public void initializeint strength public abstract void initializeint strength, SecureRandom random Initialize the key pair generator to generate keys of the given strength. The idea of strength is common among key pair generator algorithms; typically it means the number of bits that are used as input to the engine to calculate the key pair, but the actual meaning may vary between algorithms. Most key algorithms restrict the values that are valid for strength . In the case of DSA and Diffie−Hellman, the strength must be between 512 and 1024 and it must be a multiple of 64. For RSA, the strength must be any number between 512 and 2048. If an invalid number is passed for strength , an InvalidParameterException will be thrown. Key pairs require a random number generator to assist them. You may specify a particular random number generator if desired; otherwise, a default random number generator an instance of the SecureRandom class is used. public void initializeAlgorithmParameterSpec params public void initializeAlgorithmParameterSpec params, SecureRandom random Initialize the key pair generator using the given parameter specification which well discuss a little later. By default, the first method simply calls the second method with a default instance of the 144 SecureRandom class. public abstract KeyPair generateKeyPair public final KeyPair genKeyPair Generate a key pair using the initialization parameters previously specified. A KeyPairGenerator object can repeatedly generate key pairs by calling one of these methods; each new call generates a new key pair. The genKeyPair method simply calls the generateKeyPair method. Using these methods, generating a pair of keys is very straightforward: KeyPairGenerator kpg = KeyPairGenerator.getInstanceDSA; kpg.initialize512; KeyPair kp = kpg.generateKeyPair ; According to the Java documentation, you are allowed to generate a key pair without initializing the generator; in this situation, a default strength and random number generator are to be used. However, this feature has not always worked: a NullPointerException is sometimes thrown from within the generateKeyPair method. Since it is possible that third−party providers may behave similarly, it is always best to initialize the key pair generator. Well show what to do with these keys in the next chapter when we discuss the topic of key management.9.2.1.2 Generating DSA keys
The abstraction provided by the key pair generator is usually all we need to generate keys. However, sometimes the particular algorithm needs additional information to generate a key pair. When a DSA key pair is generated, default values for P, Q, and G are used; in the Sun security provider, these values are precomputed to support strength values of 512 and 1024. Precomputing these values greatly reduces the time required to calculate a DSA key. Third−party DSA providers may provide precomputed values for additional strength values. It is possible to ask the key generator to use different values for P, Q, and G if the key pair generator supports the DSAKeyPairGenerator interface java.security.interfaces.DSAKeyPairGenerator : public interface DSAKeyPairGenerator Provide a mechanism by which the DSA−specific parameters of the key pair engine can be manipulated. There are two methods in this interface: public void initializeint modlen, boolean genParams, SecureRandom random Initialize the DSA key pair generator. The modulus length is the number of bits used to calculate the parameters; this must be any multiple of 64 between 512 and 1024. If genParams is true , then the P, Q, and G parameters will be generated for this new modulus length; otherwise, a precomputed value will be used but precomputed values in the Sun security provider are available only for modlen values of 512 and 1024. If the modulus length is invalid, this method throws an InvalidParameterException . public void initializeDSAParams params, SecureRandom randomParts
» OReilly.Java.Security 2nd Edition
» What Is Security? Java Application Security
» The Java 2 Platform Software Used in This Book
» The Java Cryptography Extension
» The Java Secure Sockets Extension The Java Authentication and Authorization Service
» Applets, Applications, and Programs Anatomy of a Java Program
» Security Debugging Java Application Security
» Summary Java Application Security
» Elements of the Java Sandbox
» Permissions The Default Sandbox
» Keystores The Default Sandbox
» Code Sources The Default Sandbox
» Managing policy codebases The policytool
» Managing permissions The policytool
» Permissions Outside of Policy Files
» Comparison with Previous Releases
» Object Serialization and Memory Integrity
» Compiler Enforcement Enforcement of the Java Language Rules
» Inside the bytecode verifier
» Delayed bytecode verification The Bytecode Verifier
» Runtime Enforcement Enforcement of the Java Language Rules
» Controlling Bytecode Verification Comparisons with Previous Releases
» Summary Java Language Security
» Security Managers and the Java API
» Operating on the Security Manager
» Methods Relating to File Access
» Methods Relating to Network Access
» Methods Protecting the Java Virtual Machine
» Methods Protecting Program Threads
» Methods Protecting System Resources
» Methods Protecting Security Aspects
» System access Differences in the Security Manager Class
» Thread access Differences in the Security Manager Class
» Security access Differences in the Security Manager Class
» Summary The Security Manager
» The CodeSource Class The Access Controller
» The Permission Class Permissions
» The BasicPermission Class Permissions
» The Permissions Class Permissions
» Protection Domains The Access Controller
» Access Control Contexts The AccessController Class
» Guarded Objects The Access Controller
» Summary The Access Controller
» The Class Loader and Namespaces
» Class Loading Architecture Java Class Loaders
» Class Loader Classes Implementing a Class Loader
» The loadClass method Key Methods of the Class Loader
» The findClass method Key Methods of the Class Loader
» The defineClass methods Key Methods of the Class Loader
» Responsibilities of the Class Loader
» Step 1: Optionally call the checkPackageAccess method
» Step 2: Use the previously−defined class, if available
» Step 3: Defer class loading to the parent
» Step 4: Optionally call the checkPackageDefinition method
» Step 5: Read in the class bytes
» Step 6: Create the appropriate protection domain
» Steps 7−8: Define the class, verify it, and resolve it
» Using the SecureClassLoader Class
» Other Class Loaders Implementing a Class Loader
» Delegation Miscellaneous Class Loading Topics
» Loading Resources Miscellaneous Class Loading Topics
» Loading Libraries Miscellaneous Class Loading Topics
» Author Authentication The Need for Authentication
» Data Authentication The Need for Authentication
» Javas Role in Authentication
» Cryptographic Keys Cryptographic Engines
» Message Digests Cryptographic Engines
» Digital Signatures Cryptographic Engines
» Encryption Engines Cryptographic Engines
» Summary Introduction to Cryptography
» Components of the Architecture
» Choosing a Security Provider
» Implementing the Provider Class
» The Security Class and the Security Manager
» The Architecture of Engine Classes
» Diffie−Hellman keys Asymmetric Keys
» The KeyPair class Asymmetric Keys
» Using the KeyPairGenerator class
» Generating DSA keys The KeyPairGenerator Class
» Implementing a Key Pair Generator
» Using the KeyGenerator class
» Implementing a KeyGenerator class
» The SecretKeyFactory Class Key Factories
» Existing key specification classes
» The Certificate Class Certificates
» The CertificateFactory Class Certificates
» Advanced X509Certificate Methods
» Keys, Certificates, and Object Serialization
» Comparison with Previous Releases Summary
» Key Management Terms Key Management
» Generating a Certificate Request
» Importing a Certificate The keytool
» Creating a Certificate Entry
» Modifying Keystore Entries The keytool
» Deleting Keystore Entries The keytool
» Examining Keystore Data The keytool
» Miscellaneous Commands The keytool
» Using Certificates from Netscape
» Principals The KeyStore Class
» Secret Key Distribution Secret Key Management
» Secret Key Agreement Secret Key Management
» Using the Message Digest Class
» The Mac Class Secure Message Digests
» The DigestOutputStream Class Message Digest Streams
» The DigestInputStream Class Message Digest Streams
» The SignedObject Class The Signature Class
» Signing and Certificates The Signature Class
» Implementing a Signature Class
» Using the Cipher Class for EncryptionDecryption
» Initialization of a PBEWithMD5AndDES Cipher
» Using the Cipher Class for Key Wrapping
» Implementing the Cipher Class
» The CipherOutputStream Class Cipher Streams
» The CipherInputStream Class Cipher Streams
» Sealed Objects Cipher−Based Encryption
» Keystores and Truststores An Overview of SSL and JSSE
» JSSE Certificates An Overview of SSL and JSSE
» JSSE Socket Factories An Overview of SSL and JSSE
» SSL Server Sockets SSL Client and Server Sockets
» SSL Sockets SSL Client and Server Sockets
» Choosing an SSL Cipher Suite
» SSL Handshaking Miscellaneous SSL Issues
» JSSE Permissions Miscellaneous SSL Issues
» Verifying HTTPS Hosts The HTTPS Protocol Handler
» HTTPS Properties The HTTPS Protocol Handler
» Debugging JSSE SSL and HTTPS
» JAAS Overview Authentication and Authorization
» The LoginContext class The JAAS Setup Code
» The Subject class The JAAS Setup Code
» Login control flags Configuring Login Modules
» Sample login modules Configuring Login Modules
» Running the Example Simple JAAS Administration
» The name callback JAAS Callbacks
» The password callback JAAS Callbacks
» The choice callback JAAS Callbacks
» The confirmation callback JAAS Callbacks
» The language callback JAAS Callbacks
» ClientServer Authentication Advanced JAAS Topics
» Groups and Roles Advanced JAAS Topics
Show more