Using the KeyFactory class
9.3.3.2 The AlgorithmParameterSpec interface
In addition to their encoded format, keys are typically able to be specified by providing the parameters to the algorithm that produced the key. Specifying keys in this manner is a function of the AlgorithmParameterSpec interface java.security.spec.AlgorithmParameterSpec : public interface AlgorithmParameterSpec Provide an infrastructure for specifying keys based on the parameters used to generate them. Implementations of this interface have specific methods that are used to retrieve or set the parameters within the object.9.3.4 A Key Factory Example
As we mentioned at the beginning of this section, the prime reason for key factories is that they give us the ability to import and export keys. Exporting a key specification is typically done by transmitting the individual data elements of the key specification those individual elements vary by the type of key. Importing a key specification typically involves constructing the specification with the transmitted elements as parameters to the constructor. Heres an example using a DSA algorithmic parameter specification. Well look first at exporting a key: package javasec.samples.ch09; import java.security.; import java.security.spec.; import java.io.; public class Export { public static void mainString args[] { try { KeyPairGenerator kpg = KeyPairGenerator.getInstanceDSA; kpg.initialize512, new SecureRandom ; KeyPair kp = kpg.generateKeyPair ; Class spec = Class.forName java.security.spec.DSAPrivateKeySpec; KeyFactory kf = KeyFactory.getInstanceDSA; DSAPrivateKeySpec ks = DSAPrivateKeySpec kf.getKeySpeckp.getPrivate , spec; FileOutputStream fos = new FileOutputStreamexportedKey; ObjectOutputStream oos = new ObjectOutputStreamfos; oos.writeObjectks.getX ; oos.writeObjectks.getP ; oos.writeObjectks.getQ ; oos.writeObjectks.getG ; } catch Exception e { e.printStackTrace ; } } } Two items are interesting in this code. First, one argument to the getKeySpec method is a class object, requiring us to construct the class object using the forName method a somewhat unusual usage. Then, once we have the key specification itself, we have to figure out how to transmit the specification. Since in this case the specification is an algorithmic specification, we chose to write out the individual parameters from the specification. [2] If we had used an encoded key specification, we simply would have written out the byte array returned from the getEncoded method. [2] The DSAPrivateKeySpec class −− like all key specification classes −− is not serializable itself. But for reasons that well discuss later, its better not to serialize key classes that are to be imported into another Java virtual machine anyway. We can import this key as follows: package javasec.samples.ch09; import java.security.; import java.security.spec.; import java.io.; import java.math.; public class Import { public static void mainString args[] { try { FileInputStream fis = new FileInputStreamexportedKey; ObjectInputStream ois = new ObjectInputStreamfis; DSAPrivateKeySpec ks = new DSAPrivateKeySpec BigInteger ois.readObject , BigInteger ois.readObject , BigInteger ois.readObject , BigInteger ois.readObject ; KeyFactory kf = KeyFactory.getInstanceDSA; PrivateKey pk = kf.generatePrivateks; System.out.printlnGot private key; } catch Exception e { e.printStackTrace ; } } } This example is predictably symmetric to exporting a key.9.3.4.1 Existing key specification classes
Table 9−1 lists all the classes that can be used to import and export or translate keys. To use this table, find an appropriate key specification that youd like to use. Thats simply a matter of finding the specification that matches the type of key that you have e.g., the specifications beginning with DH are for Diffie−Hellman keys. Next use the methods shown to export data from the key spec or to create a new key spec. Then you can use the key factory to create a key from the specification. Note that the SecretKeySpec class is an exception to this last step: that class implements the SecretKey interface already. Once youve instantiated a SecretKeySpec object, youve created a secret key. Chapter 9. Keys and CertificatesParts
» OReilly.Java.Security 2nd Edition
» What Is Security? Java Application Security
» The Java 2 Platform Software Used in This Book
» The Java Cryptography Extension
» The Java Secure Sockets Extension The Java Authentication and Authorization Service
» Applets, Applications, and Programs Anatomy of a Java Program
» Security Debugging Java Application Security
» Summary Java Application Security
» Elements of the Java Sandbox
» Permissions The Default Sandbox
» Keystores The Default Sandbox
» Code Sources The Default Sandbox
» Managing policy codebases The policytool
» Managing permissions The policytool
» Permissions Outside of Policy Files
» Comparison with Previous Releases
» Object Serialization and Memory Integrity
» Compiler Enforcement Enforcement of the Java Language Rules
» Inside the bytecode verifier
» Delayed bytecode verification The Bytecode Verifier
» Runtime Enforcement Enforcement of the Java Language Rules
» Controlling Bytecode Verification Comparisons with Previous Releases
» Summary Java Language Security
» Security Managers and the Java API
» Operating on the Security Manager
» Methods Relating to File Access
» Methods Relating to Network Access
» Methods Protecting the Java Virtual Machine
» Methods Protecting Program Threads
» Methods Protecting System Resources
» Methods Protecting Security Aspects
» System access Differences in the Security Manager Class
» Thread access Differences in the Security Manager Class
» Security access Differences in the Security Manager Class
» Summary The Security Manager
» The CodeSource Class The Access Controller
» The Permission Class Permissions
» The BasicPermission Class Permissions
» The Permissions Class Permissions
» Protection Domains The Access Controller
» Access Control Contexts The AccessController Class
» Guarded Objects The Access Controller
» Summary The Access Controller
» The Class Loader and Namespaces
» Class Loading Architecture Java Class Loaders
» Class Loader Classes Implementing a Class Loader
» The loadClass method Key Methods of the Class Loader
» The findClass method Key Methods of the Class Loader
» The defineClass methods Key Methods of the Class Loader
» Responsibilities of the Class Loader
» Step 1: Optionally call the checkPackageAccess method
» Step 2: Use the previously−defined class, if available
» Step 3: Defer class loading to the parent
» Step 4: Optionally call the checkPackageDefinition method
» Step 5: Read in the class bytes
» Step 6: Create the appropriate protection domain
» Steps 7−8: Define the class, verify it, and resolve it
» Using the SecureClassLoader Class
» Other Class Loaders Implementing a Class Loader
» Delegation Miscellaneous Class Loading Topics
» Loading Resources Miscellaneous Class Loading Topics
» Loading Libraries Miscellaneous Class Loading Topics
» Author Authentication The Need for Authentication
» Data Authentication The Need for Authentication
» Javas Role in Authentication
» Cryptographic Keys Cryptographic Engines
» Message Digests Cryptographic Engines
» Digital Signatures Cryptographic Engines
» Encryption Engines Cryptographic Engines
» Summary Introduction to Cryptography
» Components of the Architecture
» Choosing a Security Provider
» Implementing the Provider Class
» The Security Class and the Security Manager
» The Architecture of Engine Classes
» Diffie−Hellman keys Asymmetric Keys
» The KeyPair class Asymmetric Keys
» Using the KeyPairGenerator class
» Generating DSA keys The KeyPairGenerator Class
» Implementing a Key Pair Generator
» Using the KeyGenerator class
» Implementing a KeyGenerator class
» The SecretKeyFactory Class Key Factories
» Existing key specification classes
» The Certificate Class Certificates
» The CertificateFactory Class Certificates
» Advanced X509Certificate Methods
» Keys, Certificates, and Object Serialization
» Comparison with Previous Releases Summary
» Key Management Terms Key Management
» Generating a Certificate Request
» Importing a Certificate The keytool
» Creating a Certificate Entry
» Modifying Keystore Entries The keytool
» Deleting Keystore Entries The keytool
» Examining Keystore Data The keytool
» Miscellaneous Commands The keytool
» Using Certificates from Netscape
» Principals The KeyStore Class
» Secret Key Distribution Secret Key Management
» Secret Key Agreement Secret Key Management
» Using the Message Digest Class
» The Mac Class Secure Message Digests
» The DigestOutputStream Class Message Digest Streams
» The DigestInputStream Class Message Digest Streams
» The SignedObject Class The Signature Class
» Signing and Certificates The Signature Class
» Implementing a Signature Class
» Using the Cipher Class for EncryptionDecryption
» Initialization of a PBEWithMD5AndDES Cipher
» Using the Cipher Class for Key Wrapping
» Implementing the Cipher Class
» The CipherOutputStream Class Cipher Streams
» The CipherInputStream Class Cipher Streams
» Sealed Objects Cipher−Based Encryption
» Keystores and Truststores An Overview of SSL and JSSE
» JSSE Certificates An Overview of SSL and JSSE
» JSSE Socket Factories An Overview of SSL and JSSE
» SSL Server Sockets SSL Client and Server Sockets
» SSL Sockets SSL Client and Server Sockets
» Choosing an SSL Cipher Suite
» SSL Handshaking Miscellaneous SSL Issues
» JSSE Permissions Miscellaneous SSL Issues
» Verifying HTTPS Hosts The HTTPS Protocol Handler
» HTTPS Properties The HTTPS Protocol Handler
» Debugging JSSE SSL and HTTPS
» JAAS Overview Authentication and Authorization
» The LoginContext class The JAAS Setup Code
» The Subject class The JAAS Setup Code
» Login control flags Configuring Login Modules
» Sample login modules Configuring Login Modules
» Running the Example Simple JAAS Administration
» The name callback JAAS Callbacks
» The password callback JAAS Callbacks
» The choice callback JAAS Callbacks
» The confirmation callback JAAS Callbacks
» The language callback JAAS Callbacks
» ClientServer Authentication Advanced JAAS Topics
» Groups and Roles Advanced JAAS Topics
Show more