7.3.3 Digital Signatures

The primary engine in the security package at least as far as authentication goes is the digital signature engine. Like a real signature, a digital signature is presumed to provide a unique identification of an entity that is, an individual or an organization. Like a real signature, a digital signature can be forged, although its much harder to forge a digital signature than a real signature. [2] Forging a digital signature requires access to the private key of the entity whose signature is being forged; this is yet another reason why it is important to keep your private keys private. Like a real signature, a digital signature can be smudged so that it is no longer recognizable. And because theyre based on key certificates, digital signatures have other properties, such as the fact that they can expire. [2] On the other hand, a forged digital signature is undetectable, unlike a forged real signature. Digital signatures rely on two things: the ability to generate a message digest and the ability to encrypt that digest. The entire process is shown in Figure 7−4. Figure 7−4. Generating a digital signature The process is as follows: A message digest is calculated that represents the input data. 1. The digest is then encrypted with the private key. 2. Note that encryption is performed on the digest and not on the data itself. In order to present this signature to another entity, you must present the original data with it −− the signature is just a message digest, and, as we mentioned earlier, you cannot reconstruct the input data from the message digest. Verifying a digital signature requires the same path; the message digest of the original data must be calculated. The signed digest is decrypted with the public key and if the decrypted digest matches the calculated digest, the signature is valid. Strictly speaking, the operations performed on the digests are not necessarily encryption and decryption; most digital signature algorithms cannot be used for encryption of arbitrary data. The symmetry of the operation is the same. Nothing prevents the signed data from being intercepted. So the data that accompanies the digital signature cannot be sensitive data; the digital signature only verifies that the message came from a particular entity and that the message was not altered in transit, but it does not actually protect that message from being read by anyone with access to it. If the data is altered, it will not produce the same message digest, which in turn will not produce the same digital signature. And its computationally infeasible to change the data, generate a new digest of that data, and then regenerate the digital signature without access to the private key. It is, however, possible to replace one message that was signed by a private key with another message that was signed by that same private key.

7.3.4 Encryption Engines

The final engines well discuss handle actual encryption. These engines are part of the Java Cryptography Extension JCE and the Java Secure Socket Extension JSSE rather than the core security package. Encryption engines handle the encryption and decryption of arbitrary data, just as we would expect. An important thing to note is that the encryption engines that are part of JCE are not used in the generation and verification of digital signatures −− digital signatures use their own algorithms to encrypt and decrypt the message digest that are suitable only for manipulating data the size of a message digest. This difference allows the digital signature engine to be exportable, where the encryption engines may not be.

7.4 Summary

Much of the Java security package is made up of a collection of engines, the basic properties of which weve outlined in this chapter. As a unit, these engines allow us primarily to create digital signatures −− a useful notion that authenticates a particular piece of data. One thing that a digital signature can authenticate is a Java class file, which provides the basis for a security manager to consider a class to be trusted as least to some degree, even though the class was loaded from the network. The security package, like many Java APIs, is actually a fairly abstract interface that several implementations may be plugged into. Hence, another feature of the security package is its infrastructure to support these differing implementations. In the next chapter, well explore the structure of the security package and how it supports these differing implementations; well then proceed into how to use the engines of the security package. 122