JCA/JCE Java Crypto Architecture / Java Crypto Extensions Dušan Klinec deadcode.me Provider architecture Provider architecture MessageDigest. getInstance(“MD5”); Provider architecture MessageDigest. getInstance(“MD5”, “ProviderC”); JCA • java.security.* • SecureRandom - PRNG • MessageDigest – SHA256, MD5, ... • Signature – RSA, DSA • KeyStore – PKCS12 • KeyPairGenerator, KeyFactory, CertificateFactory, JCE • javax.crypto.* • Cipher – AES, RSA, ElGamal, RC4, Salsa20 • Mac – HMACWithSHA256 • KeyGenerator • Implementation independence • Implementation interoperability • Algorithm extensibility Provider architecture Bouncy Castle Bouncy Castle BouncyCastle Bouncy Castle • Implements a LOT OF ciphers, cipher suites, algorithms, modes, ASN.1, PEM, Certs, … • Origin: Australian, former advantage (crypto regulations) • Android • getInstance() • update() • digest() • reset() Provider architecture – Engine classes • getInstance() • init() • update() • doFinal() Provider architecture – Engine classes Provider architecture – Spi skeleton Provider architecture – Spi skeleton Provider architecture – Spi skeleton Strong cryptography • Limits the strength of your crypto • the size of the Key • AES-256, RSA-2048 not available by default • Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files Strong cryptography Strong cryptography Algorithm Key size DES 64 DESede * RC2 128 RC4 128 RC5 128 RSA * (KeyPairGenerator 1024) other 128 Download NetBeans project Visit study materials Pls open NetBeans Pls open Getting started Cipher – import missing Cipher – import missing Lighbulb helps Getting started CTRL+SHIFT+I Problem again Problem again The web Pls open – the guide Case sensitive goo.gl/4Ztqen Task01 - SecureRandom • SecureRandom rnd = new SecureRandom() • rnd.nextDouble() • rnd.nextByte() • rnd. .... SecureRandom - solution • SecureRandom rnd = new SecureRandom(); • rnd.nextBytes(buffer); • System.out.println(Globals.bytesToHex(buffer)); Task02 - MessageDigest • MessageDigest md5 = MessageDigest.getInstance(“MD5”); MessageDigest • MessageDigest md5 = MessageDigest.getInstance(“MD5”); • md5.update(inputBuffer, 0, bytesRead); • md5.update(inputBuffer, 0, bytesRead); • md5.update(inputBuffer, 0, bytesRead); • byte[] md5hash = md5.digest() MessageDigest – incremental API MD5 md5.update(data) md5.update(data) md5.update(data) md5.update(data) md5.update(data) md5.update(data) md5.digest() byte[] hash MessageDigest – incremental API Task03 - Cipher • getInstance(“algorithm/mode/padding”); • Default mode: ECB • Default padding: PKCS5 Cipher Cipher • init(mode, key, algorithmParameterSpec) • Cipher.DECRYPT_MODE • new SecretKeySpec(aesKey, "AES") • new IvParameterSpec(iv) Cipher – Key vs KeySpec • Key – opaque key, used in engine • getAlgoritm(), getEncoded() • KeySpec – key specification, transport & storage • getP(), getQ(), getN() Cipher – Key vs KeySpec • SecretKeySpec = Spec & Key in the same time Cipher – Key vs KeySpec Cipher – Key vs KeySpec • Why separated? Cipher – Key vs KeySpec • Why separated? Cipher.init(Cipher.DECRYPT_MODE, key) Cipher – Key vs KeySpec • Why separated? Cipher.init(Cipher.DECRYPT_MODE, key) Handle=0x123330 Cipher – Key vs KeySpec • Why separated? Cipher.init(Cipher.DECRYPT_MODE, key) Handle=0x123330, endpoint=https://… Cloud encryption HSM Cipher – Key materials • String vs. char[] • String is immutable, cannot zero out • Zero-out mutable byte[] after use to prevent key leakage to swap files (or Heartblead) Cipher – Key materials • GC deallocates but does not zero-out – key still there • Modern GC can copy, reorder mem (heap defrag), unable to properly delete keys from memory nowadays (Java does not specify behaviour, can differ). Key Factories • KeySpec à Key • Key à KeySpec • KeyFactory – asymetric keys • SecretKeyFactory – symmetric keys Key generators • KeyGenerator – symmetric • generateSecret() à SecretKey • KeyPairGenerator – asymmetric • generateKeyPair() à KeyPair Certificate Builder • X509V3CertificateGenerator • goo.gl/I9WLUD Diffie Hellman • KeyPairGenerator • KeyAgreement • goo.gl/Lus40Y Thank you for your attention! Questions References / resources • TBD