Using the KeyGenerator class
9.3 Key Factories
There is another way to generate keys, and that is through the use of key factories. Key factories are most often used to import and export keys; the factory translates between an external format of the key that is easily transportable and the internal implementation of the key. There are certain types of keys, however, that can only be obtained via a key factory since there is no key generator to produce them e.g., a password−based encryption key. There are two external representations by which a key may be transmitted −− by its encoded format or by the parameters that were used to generate the key. Either of these representations may be encapsulated in a key specification, which is used to interact with the KeyFactory class java.security.KeyFactory and the SecretKeyFactory class javax.crypto.SecretKeyFactory .9.3.1 The KeyFactory Class
Converting asymmetric keys is done with this class: public class KeyFactory Provide an infrastructure for importing and exporting keys according to the specific encoding format or parameters of the key.9.3.1.1 Using the KeyFactory class
The KeyFactory class is an engine class, which provides the typical method of instantiating itself: public static final KeyFactory getInstanceString alg public static final KeyFactory getInstanceString alg, String provider Create a key factory capable of importing and exporting keys that were generated with the given algorithm. The class that implements the key factory comes from the named provider or is located according to the standard rules for provider engines. If a key factory that implements the given algorithm is not found, a NoSuchAlgorithmException is generated. If the named provider is not found, a NoSuchProviderException is generated. A key factory presents the following public methods: public final Provider getProvider Return the provider that implemented this particular key factory. public final PublicKey generatePublicKeySpec ks public final PrivateKey generatePrivateKeySpec ks These methods are used to import a key: they create the key based on the imported data that is held in the key specification object. If the key cannot be created, an InvalidKeySpecException is thrown. public final KeySpec getKeySpecKey key, Class keySpec This method is used to export a key: it creates a key specification based on the actual key. If the key specification cannot be created, an InvalidKeySpecException is thrown. public final Key translateKeyKey key Translate a key from an unknown source into a key that was generated from this object. This method can be used to convert the type of a key that was loaded from a different security provider e.g., a DSA key generated from the XYZ provider −− type com.xyz.DSAPrivateKey −− could be converted to a DSA key generated from the Sun provider −− type sun.security.provider.DSAPrivateKey . If the key cannot be translated, an InvalidKeyException is generated. public final String getAlgorithm Return the algorithm this key factory supports. Well defer examples of these methods until we discuss the KeySpec class later.9.3.1.2 Implementing a key factory
Like all engines, the key factory depends on a service provider interface class: the KeyFactorySpi class java.security.KeyFactorySpi : public abstract class KeyFactorySpi Provide the set of methods necessary to implement a key factory that is capable of importing and exporting keys in a particular format. The KeyFactorySpi class contains the following methods; since each of these methods is abstract, our class must provide an implementation of all of them: protected abstract PublicKey engineGeneratePublicKeySpec ks protected abstract PrivateKey engineGeneratePrivateKeySpec ks Generate of the public or private key. Depending on the key specification, this means either decoding the data of the key or regenerating the key based on specific parameters to the key algorithm. If the key cannot be generated, an InvalidKeyException should be thrown. protected abstract KeySpec engineGetKeySpecKey key, Class keySpec Export the key. Depending on the key class specification, this means either encoding the data e.g., by calling the getEncoded method or saving the parameters that were used to generate the key. If the specification cannot be created, an InvalidKeySpecException should be thrown. protected Key engineTranslateKeyKey key Perform the actual translation of the key. This is typically performed by translating the key to its specification and back. If the key cannot be translated, an InvalidKeyException should be thrown. Although we show how to use a key factory later, we wont show how to implement one; the amount of code involved is large and relatively uninteresting. However, the online examples do contain a sample key factory implementation if youre interested in seeing one.9.3.2 The SecretKeyFactory Class
The second engine that well look at is the SecretKeyFactory class 152Parts
» OReilly.Java.Security 2nd Edition
» What Is Security? Java Application Security
» The Java 2 Platform Software Used in This Book
» The Java Cryptography Extension
» The Java Secure Sockets Extension The Java Authentication and Authorization Service
» Applets, Applications, and Programs Anatomy of a Java Program
» Security Debugging Java Application Security
» Summary Java Application Security
» Elements of the Java Sandbox
» Permissions The Default Sandbox
» Keystores The Default Sandbox
» Code Sources The Default Sandbox
» Managing policy codebases The policytool
» Managing permissions The policytool
» Permissions Outside of Policy Files
» Comparison with Previous Releases
» Object Serialization and Memory Integrity
» Compiler Enforcement Enforcement of the Java Language Rules
» Inside the bytecode verifier
» Delayed bytecode verification The Bytecode Verifier
» Runtime Enforcement Enforcement of the Java Language Rules
» Controlling Bytecode Verification Comparisons with Previous Releases
» Summary Java Language Security
» Security Managers and the Java API
» Operating on the Security Manager
» Methods Relating to File Access
» Methods Relating to Network Access
» Methods Protecting the Java Virtual Machine
» Methods Protecting Program Threads
» Methods Protecting System Resources
» Methods Protecting Security Aspects
» System access Differences in the Security Manager Class
» Thread access Differences in the Security Manager Class
» Security access Differences in the Security Manager Class
» Summary The Security Manager
» The CodeSource Class The Access Controller
» The Permission Class Permissions
» The BasicPermission Class Permissions
» The Permissions Class Permissions
» Protection Domains The Access Controller
» Access Control Contexts The AccessController Class
» Guarded Objects The Access Controller
» Summary The Access Controller
» The Class Loader and Namespaces
» Class Loading Architecture Java Class Loaders
» Class Loader Classes Implementing a Class Loader
» The loadClass method Key Methods of the Class Loader
» The findClass method Key Methods of the Class Loader
» The defineClass methods Key Methods of the Class Loader
» Responsibilities of the Class Loader
» Step 1: Optionally call the checkPackageAccess method
» Step 2: Use the previously−defined class, if available
» Step 3: Defer class loading to the parent
» Step 4: Optionally call the checkPackageDefinition method
» Step 5: Read in the class bytes
» Step 6: Create the appropriate protection domain
» Steps 7−8: Define the class, verify it, and resolve it
» Using the SecureClassLoader Class
» Other Class Loaders Implementing a Class Loader
» Delegation Miscellaneous Class Loading Topics
» Loading Resources Miscellaneous Class Loading Topics
» Loading Libraries Miscellaneous Class Loading Topics
» Author Authentication The Need for Authentication
» Data Authentication The Need for Authentication
» Javas Role in Authentication
» Cryptographic Keys Cryptographic Engines
» Message Digests Cryptographic Engines
» Digital Signatures Cryptographic Engines
» Encryption Engines Cryptographic Engines
» Summary Introduction to Cryptography
» Components of the Architecture
» Choosing a Security Provider
» Implementing the Provider Class
» The Security Class and the Security Manager
» The Architecture of Engine Classes
» Diffie−Hellman keys Asymmetric Keys
» The KeyPair class Asymmetric Keys
» Using the KeyPairGenerator class
» Generating DSA keys The KeyPairGenerator Class
» Implementing a Key Pair Generator
» Using the KeyGenerator class
» Implementing a KeyGenerator class
» The SecretKeyFactory Class Key Factories
» Existing key specification classes
» The Certificate Class Certificates
» The CertificateFactory Class Certificates
» Advanced X509Certificate Methods
» Keys, Certificates, and Object Serialization
» Comparison with Previous Releases Summary
» Key Management Terms Key Management
» Generating a Certificate Request
» Importing a Certificate The keytool
» Creating a Certificate Entry
» Modifying Keystore Entries The keytool
» Deleting Keystore Entries The keytool
» Examining Keystore Data The keytool
» Miscellaneous Commands The keytool
» Using Certificates from Netscape
» Principals The KeyStore Class
» Secret Key Distribution Secret Key Management
» Secret Key Agreement Secret Key Management
» Using the Message Digest Class
» The Mac Class Secure Message Digests
» The DigestOutputStream Class Message Digest Streams
» The DigestInputStream Class Message Digest Streams
» The SignedObject Class The Signature Class
» Signing and Certificates The Signature Class
» Implementing a Signature Class
» Using the Cipher Class for EncryptionDecryption
» Initialization of a PBEWithMD5AndDES Cipher
» Using the Cipher Class for Key Wrapping
» Implementing the Cipher Class
» The CipherOutputStream Class Cipher Streams
» The CipherInputStream Class Cipher Streams
» Sealed Objects Cipher−Based Encryption
» Keystores and Truststores An Overview of SSL and JSSE
» JSSE Certificates An Overview of SSL and JSSE
» JSSE Socket Factories An Overview of SSL and JSSE
» SSL Server Sockets SSL Client and Server Sockets
» SSL Sockets SSL Client and Server Sockets
» Choosing an SSL Cipher Suite
» SSL Handshaking Miscellaneous SSL Issues
» JSSE Permissions Miscellaneous SSL Issues
» Verifying HTTPS Hosts The HTTPS Protocol Handler
» HTTPS Properties The HTTPS Protocol Handler
» Debugging JSSE SSL and HTTPS
» JAAS Overview Authentication and Authorization
» The LoginContext class The JAAS Setup Code
» The Subject class The JAAS Setup Code
» Login control flags Configuring Login Modules
» Sample login modules Configuring Login Modules
» Running the Example Simple JAAS Administration
» The name callback JAAS Callbacks
» The password callback JAAS Callbacks
» The choice callback JAAS Callbacks
» The confirmation callback JAAS Callbacks
» The language callback JAAS Callbacks
» ClientServer Authentication Advanced JAAS Topics
» Groups and Roles Advanced JAAS Topics
Show more