PV181 Laboratory of security and applied cryptography Seminar 10: Java Crypto Architecture / Java Crypto Extensions Łukasz Chmielewski (based on seminars by Dušan Klinec) chmiel@fi.muni.cz | PV1811 Provider architecture | PV1812 Provider architecture MessageDigest. getInstance(“MD5”); | PV1813 Provider architecture MessageDigest. getInstance(“MD5”, “ProviderC”); | PV1814 JCA • java.security.* • SecureRandom - PRNG • MessageDigest – SHA256, MD5, ... • Signature – RSA, DSA • KeyStore – PKCS12 • KeyPairGenerator, KeyFactory, CertificateFactory, | PV1815 JCE • javax.crypto.* • Cipher – AES, RSA, ElGamal, RC4, Salsa20 • Mac – HMACWithSHA256 • KeyGenerator | PV1816 • Implementation independence • Implementation interoperability • Algorithm extensibility Provider architecture | PV1817 Bouncy Castle | PV1818 Bouncy Castle BouncyCastle | PV1819 Bouncy Castle • Implements a LOT OF ciphers, cipher suites, algorithms, modes, ASN.1, PEM, Certs, … • Origin: Australian, former advantage (crypto regulations) • Android | PV18110 • getInstance() • update() • digest() • reset() Provider architecture – Engine classes | PV18111 • getInstance() • init() • update() • doFinal() Provider architecture – Engine classes | PV18112 Provider architecture – Spi skeleton | PV18113 Provider architecture – Spi skeleton | PV18114 Provider architecture – Spi skeleton Strong cryptography • Limits the strength of your crypto • the size of the Key • In old Java versions: • AES-256 and RSA-2048 were not available by default • Now even PQC is available • Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files | PV18116 | PV18117 Install new Java JDK, but not too new… | PV18118 In case of old Java… Strong cryptography Algorithm Key size DES 64 (56) DESede * RC2 128 RC4 128 RC5 128 RSA * (KeyPairGenerator 1024) other 128 | PV18119 Download NetBeans (maven) project Case sensitive Take from IS: PV181JCA_maven.zip | PV18120 Please open NetBeans (point to java 17) | PV18121 Pls open | PV18122 Getting started | PV18123 Cipher – import missing | PV18124 Cipher – import missing | PV18125 Lighbulb helps | PV18126 Getting started CTRL+SHIFT+I | PV18127 Problem again | PV18128 Problem again | PV18129 The web | PV18130 Pls open – the guide goo.gl/4Ztqen (link is case sensitive, Tasks 0-4) + Optional Task05NewHopeKeyExchangeExample | PV18131 Task01 - SecureRandom • SecureRandom rnd = new SecureRandom() • rnd.nextDouble() • rnd.nextByte() • rnd. .... | PV18132 SecureRandom - solution • SecureRandom rnd = new SecureRandom(); • rnd.nextBytes(buffer); • System.out.println(Globals.bytesToHex(buffer)); | PV18133 Task02 - MessageDigest • MessageDigest md5 = MessageDigest.getInstance(“MD5”); | PV18134 MessageDigest • MessageDigest md5 = MessageDigest.getInstance(“MD5”); • md5.update(inputBuffer, 0, bytesRead); • md5.update(inputBuffer, 0, bytesRead); • md5.update(inputBuffer, 0, bytesRead); • byte[] md5hash = md5.digest() | PV18135 MessageDigest – incremental API MD5 md5.update(data) md5.update(data) md5.update(data) md5.update(data) md5.update(data) md5.update(data) md5.digest() byte[] hash | PV18136 MessageDigest – incremental API | PV18137 MessageDigest – solution | PV18138 Task03 - Cipher • getInstance(“algorithm/mode/padding”); • Default mode: ECB • Default padding: PKCS5 | PV18139 Cipher | PV18140 Cipher • init(mode, key, algorithmParameterSpec) • Cipher.DECRYPT_MODE • new SecretKeySpec(aesKey, "AES") • new IvParameterSpec(iv) | PV18141 Cipher – Key vs KeySpec • Key – opaque key, used in engine • getAlgoritm(), getEncoded() • KeySpec – key specification, transport & storage • getP(), getQ(), getN() | PV18142 Cipher – Key vs KeySpec • SecretKeySpec = Spec & Key in the same time | PV18143 Cipher – Key vs KeySpec | PV18144 Cipher – Key vs KeySpec • Why separated? | PV18145 Cipher – Key vs KeySpec • Why separated? Cipher.init(Cipher.DECRYPT_MODE, key) | PV18146 Cipher – Key vs KeySpec • Why separated? Cipher.init(Cipher.DECRYPT_MODE, key) Handle=0x123330 | PV18147 Cipher – Key vs KeySpec • Why separated? Cipher.init(Cipher.DECRYPT_MODE, key) Handle=0x123330, endpoint=https://… Cloud encryption HSM | PV18148 Cipher – Key materials • String vs. char[] • String is immutable, cannot zero out • Zero-out mutable byte[] after use to prevent key leakage to swap files (or Heartblead) | PV18149 Cipher – Key materials • GC deallocates but does not zero-out – key still there • Modern GC can copy, reorder mem (heap defrag), unable to properly delete keys from memory nowadays (Java does not specify behaviour, can differ). | PV18150 Cipher – Solution | PV18151 Key Factories • KeySpec → Key • Key → KeySpec • KeyFactory – asymmetric keys • SecretKeyFactory – symmetric keys | PV18152 Key generators • KeyGenerator – symmetric • generateSecret() → SecretKey • KeyPairGenerator – asymmetric • generateKeyPair() → KeyPair | PV18153 Certificate Builder • X509V3CertificateGenerator • goo.gl/I9WLUD • If it does not work (it is from October but it seems to be down now): https://web.archive.org/web/20200813000741/http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+C ertification+Request+Generation | PV18154 Diffie Hellman • KeyPairGenerator • KeyAgreement • goo.gl/Lus40Y | PV18155 Task05NewHopeKeyExchangeExample • Directly implemented in Bouncy Castle • KeyAgreement • goo.gl/Lus40Y | PV18156 Thank you for your attention! Questions | PV18157