Professional Documents
Culture Documents
Topics
A. B. C. D. E. F.
Blowfish Password-based encryption (PBE) Key storage Modes Cipher streams and IV (initialization vector) Sealed objects
File encryption
Network encryption
Database encryption Applications that require encryption of large amount of data.
Javax.crypto.KeyGenerator
http://java.sun.com/j2se/1.4.1/docs/api/javax/crypto/KeyGenerator.html
KeyGenerator objects are reusable, i.e., after a key has been generated, the same KeyGenerator object can be re-used to generate further keys.
There are two ways to generate a key: in an algorithm-independent manner, and in an algorithm-specific manner. The only difference between the two is the initialization of the object.
Javax.crypto.KeyGenerator
A.
Using KeyGenerator
Create a new key generator:
KeyGenerator keyGenerator = KeyGenerator.getInstance (DESede); Note: DESede is a triple DES variant with three DES keys k1, k2, k3. The message is encrypted with k1 first, then decrypted with k2, and finally encrypted again with k3. This increases the key space and prevents brute force attacks.
B.
C.
Java.security.Key
http://java.sun.com/j2se/1.4.1/docs/api/java/security/Key.html java.security Interface Key All Superinterfaces: Serializable All Known Subinterfaces: DHPrivateKey, DHPublicKey, DSAPrivateKey, DSAPublicKey, PBEKey, PrivateKey, PublicKey, RSAMultiPrimePrivateCrtKey, RSAPrivateCrtKey, RSAPrivateKey, RSAPublicKey, SecretKey All Known Implementing Classes: KerberosKey, SecretKeySpec
Java.security.Key
The Key interface is the top-level interface for all keys. It defines the functionality shared by all key objects. All keys have three characteristics:
1. 2.
3.
The key algorithm for that key; An external encoded form for the key used when a standard representation of the key is needed outside the Java Virtual Machine, as when transmitting the key to some other party; The name of the format of the encoded key
Keys are generally obtained through key generators, key factory, certificates, or various Identity classes used to manage keys. Examples: javax.crypto.KeyGenerator( ); java.security.KeyFactory( );
csci5931 Web Security 7
Javax.crypto.Cipher
http://java.sun.com/j2se/1.4.1/docs/api/
public class Cipher
extends Object This class provides the functionality of a cryptographic cipher for
Javax.crypto.Cipher.getInstance( )
A.
In order to create a Cipher object, the application calls the Cipher's getInstance method, and passes the name of the requested transformation to it.
static Cipher getInstance(String transformation) Generates a Cipher object that implements the specified transformation. static Cipher getInstance(String transformation, Provider provider) Creates a Cipher object that implements the specified transformation, as supplied by the specified provider. static Cipher getInstance(String transformation, String provider)
Javax.crypto.Cipher.getInstance( )
Examples:
Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding"); Cipher cipher = Cipher.getInstance(DESede/ECB/PKCS5Padding);
10
Javax.crypto.Cipher.init( )
B.
Initialize an instance of Cipher: 1. Declares the operating mode (ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE, UNWRAP_MODE) 2. Pass a key (java.security.Key) to the cipher Example:
Cipher.init (Cipher.ENCRYPT_MODE, myKey);
Note: When a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a
11
Javax.crypto.Cipher.update( )
C.
Pass the information to be encrypted/decrypted to the cipher: 1. The information must be in the form of a byte array. 2. Note: Ciphers typically buffer their output. If the buffer has not been filled, null will be returned. Alternative update( ) methods: byte[ ] update (byte[] input) byte[ ] plaintext = myString.getBytes (UTF8); byte[ ] ciphertext = cipher.update (plaintext); int update (byte[ ] input, int inputOffset, int inputLen, byte[ ] output, int outputOffset) Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
12
Javax.crypto.Cipher.doFinal( )
D.
Example:
Byte[ ] ciphertext = cipher.doFinal ( );
13
SimpleExample.java
Sample output:
Plain Message=How are you doing? Generating a TripleDES key... Done generating the key. Now encrypting the message Message Encrypted Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855 Now decrypting the message Message decrypted Decrypted text: How are you doing?
csci5931 Web Security 14
BlowfishExample.java
Blowfish keys can be any bit size from 8 to 448, as long as the number if divisible by 8.
Sample output:
>java BlowfishExample "It's a wonderful day!" Generating a Blowfish key... Done generating the key. Plaintext: 73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext: -77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 11 2 -37 -125
Decrypted text: It's a wonderful day!
csci5931 Web Security 15
The user-provided password is hashed by a message digest algorithm, such as SHA. The hash value is then used to construct a key for a symmetric encryption algorithm, such as Blowfish. The plaintext is then encrypted by the symmetric encryption algorithm. PBE is usually less secure, due to its smaller key space. Passwords may suffer dictionary attack. Two people might choose the same password, which would create two identical entries in the password file.
csci5931 Web Security 16
Problems?
1. 2. 3.
A salt is a randomly generated piece of data, say 64 bits, that is added to each password. The combined salt+password is used to generate the key. The key is then used to generate a symmetric cipher. For the purpose of decryption, the salt must be stored as part of the ciphertext. See figures on page 74.
17
18
Base64 Encoding
Effective in representing ASCII data as 6-bit characters (save one bit per character)
Input: N bytes
20
extends Object implements KeySpec A user-chosen password that can be used with password-based encryption (PBE). The password can be viewed as some kind of raw key material, from which the encryption mechanism that uses it derives a cryptographic key.
21
This class represents a factory for secret keys. Key factories are used to convert keys (opaque cryptographic keys of type
Key factories are bi-directional, i.e., they allow to build an opaque key object
from a given key specification (key material), or to retrieve the underlying key material of a key object in a suitable format. Application developers should refer to their provider's documentation to find out which key specifications are supported by the generateSecret and
getKeySpec methods.
csci5931 Web Security 22
Password-based encryption
23
Password-based encryption
>java PBE -e sasquatch "Hello World!" yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg== >java PBE -e sasquatch "Hello World!" lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w== >java PBE -d sasquatch "lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==" Hello World!
24
Key storage
Storage of keys in a persistent media (file, database) for later retrieval or transportation
Solutions?
Key storage
Key Wrapping
The wrap( ) method, defined in javax.crypto.Cipher, takes a key as an
argument and returns the encrypted value of the key as a byte array.
Example:
cipher.init (Cipher.WRAP_MODE, passwordKey, paramSpec); byte[ ] encryptedKeyBytes = cipher.wrap (secretKey);
26
Key storage
Key Encryption
Use the getEncoded( ) method, as defined in java.security.Key, to encrypt the
key.
Example:
byte[ ] keyBytes = myKey.getEncoded( ); cipher.init (Cipher.ENCRYPT_MODE, passwordKey, paramSpec); byte[ ] encryptedKeyBytes = cipher.doFinal (keyBytes);
Padding
Padding is needed to make the size of the plaintext to be a multiple of the block size.
No padding requires the data end on a block exactly PKCS#5 padding (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded. Fill each of the N bytes with the value N. If the data end on a multiple of the block size, add an entire block of
padding.
(See the illustration on p.81.)
csci5931 Web Security 28
Modes of DES
ECB, CBC
Similar to CBC, but may work on smaller chunks of data (8 bits for example).
Similar to CFB, but provides better protection against data loss during transmission.
That is, a single-bit error will not cause the whole block to be lost, as in the cases of ECB, CBC and CFB.
29
Javax.crypto.CipherInputStream javax.crypto.CipherOutputStream
They provide convenient wrappers around standard input and output streams for them to be automatically encrypted or decrypted.
A sequence of random bytes appended to the front of the plaintext before encryption by a block cipher. Adding the initialization vector to the beginning of the plaintext eliminates the possibility of having the initial ciphertext block the same for any two messages.
How to determine the size of a IV, given a cipher? Example: A 256-bit Rijndael cipher needs a 16-byte IV.
csci5931 Web Security 30
IV in Java
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV). Examples which use IVs are ciphers in feedback mode, e.g., DES in CBC mode and RSA ciphers with OAEP encoding operation.
31
Rijndael
What is Rijndael ? (Dutch, pronounced as Rain Doll) Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen as a candidate algorithm for the AES. The cipher has a variable block length and key length. We currently specified how to use keys with a length of 128, 192, or 256 bits to encrypt blocks with al length of 128, 192 or 256 bits.
(Source: http://www.esat.kuleuven.ac.be/~rijmen/rijndael/)
After nearly four years of evaluation, in October 2000, Rijndael was selected by the NIST as the `AES' (Advanced Encryption Standard). See the press release.
32
FileEncryptor.java
FileEncryptor.java (see
http://sce.cl.uh.edu/yang/teaching/proJavaSecurityCode.html)
Four functions:
createKey( password ) loadKey ( password ) encrypt ( password, inputFile, outputEncryptedFile ) decrypt ( password, inputEncryptedFile, outputfile)
33
Sealed objects
The default JDK 1.2 prevents extensions from using the class
See Appendix D the EncryptedObject class for a better sealed object implementation.
csci5931 Web Security 34
Sealed objects
SealedObjectExample.java (see
http://sce.cl.uh.edu/yang/teaching/proJavaSecurityCode.html)
Sample output:
>java SealedObjectExample Creating a key. Encrypting the object. Unencrypting the object. Credit card number: 1234567890
35
Next
RFC 1829 - The ESP DES-CBC Transform - This document describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP). The GNU Crypto project This project aims at providing free, versatile, high-quality, and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users. Its also got a comprehensive listing of crypto-related algorithms.
36