The JCA is a major piece of the platform, and contains a"provider" architecture and a set of APIs for digital signatures,message digests (hashes), certificates and certificate validation,encryption (symmetric/asymmetric block/stream ciphers), keygeneration and management, and secure random number generation, toname a few. These APIs allow developers to easily integratesecurity into their application code. The architecture was designedaround the following principles:
pdf architect key generator
Other cryptographic communication libraries available in the JDKuse the JCA provider architecture, but are described elsewhere. TheJava Secure Socket Extension(JSSE) provides access to Secure Socket Layer (SSL) andTransport Layer Security (TLS) implementations. The Java Generic Security Services(JGSS) (via Kerberos) APIs, and the Simple Authentication and SecurityLayer (SASL) can also be used for securely exchanging messagesbetween communicating applications.
Prior to JDK 1.4, the JCE was an unbundled product, and as such,the JCA and JCE were regularly referred to as separate, distinctcomponents. As JCE is now bundled in the JDK, the distinction isbecoming less apparent. Since the JCE uses the same architecture asthe JCA, the JCE should be more properly thought of as a part ofthe JCA.
Implementation independence is achieved using a "provider"-basedarchitecture. The term CryptographicService Provider (CSP) (used interchangeably with "provider" inthis document) refers to a package or set of packages thatimplement one or more cryptographic services, such as digitalsignature algorithms, message digest algorithms, and key conversionservices. A program may simply request a particular type of object(such as a Signature object) implementing a particularservice (such as the DSA signature algorithm) and get animplementation from one of the installed providers. If desired, aprogram may instead request an implementation from a specificprovider. Providers may be updated transparently to theapplication, for example when faster or more secure versions areavailable.
This architecture also makes it easy for end-users to addadditional providers. Many third party provider implementations arealready available. See TheProvider Class for more information on howproviders are written, installed, and registered.
The SecureRandom class is an engine class that provides the functionality of aRandom Number Generator (RNG). It differs from thejava.lang.Random class in that it producescryptographically strong random numbers. If there is insufficientrandomness in a generator, it makes it much easier to compromiseyour protection mechanisms. Random numbers are used throughoutcryptography, such as generating cryptographic keys, algorithmicparameters, and so on.
The SecureRandom implementation attempts tocompletely randomize the internal state of the generator itselfunless the caller follows the call to a getInstancemethod with a call to one of the setSeed methods:
Generators are used to generate brand new objects.Generators can be initialized in either an algorithm-dependent oralgorithm-independent way. For example, to create a Diffie-Hellman(DH) keypair, an application could specify the necessary P and Gvalues, or the generator could simply be initialized with theappropriate key length, and the generator will select appropriate Pand G values. In both cases, the generator will produce brand newkeys based on the parameters.
A key pair generator needs to be initialized before it cangenerate keys. In most cases, algorithm-independent initializationis sufficient. But in other cases, algorithm-specificinitialization can be used.
All key pair generators share the concepts of a keysize and asource of randomness. The keysize is interpreted differently fordifferent algorithms. For example, in the case of the DSAalgorithm, the keysize corresponds to the length of the modulus.(See the Standard Namesdocument for information about the keysizes for specificalgorithms.)
All key generators share the concepts of a keysize and asource of randomness. There is an init methodthat takes these two universally shared types of arguments. Thereis also one that takes just a keysize argument, anduses a system-provided source of randomness, and one that takesjust a source of randomness:
The KeyAgreement class provides the functionality of a keyagreement protocol. The keys involved in establishing a sharedsecret are created by one of the key generators(KeyPairGenerator or KeyGenerator), aKeyFactory, or as a result from an intermediate phaseof the key agreement protocol.
You initialize a KeyAgreement object with your privateinformation. In the case of Diffie-Hellman, you initialize it withyour Diffie-Hellman private key. Additional initializationinformation may contain a source of randomness and/or a set ofalgorithm parameters. Note that if the requested key agreementalgorithm requires the specification of algorithm parameters, andonly a key, but no parameters are provided to initialize theKeyAgreement object, the key must contain the required algorithmparameters. (For example, the Diffie-Hellman algorithm uses a primemodulus p and a base generator g as itsparameters.)
The algorithm-independent approach uses the fact that allparameter generators share the concept of a "size" and a source ofrandomness. The measure of size is universally shared by allalgorithm parameters, though it is interpreted differently fordifferent algorithms. For example, in the case of parameters forthe DSA algorithm, "size" corresponds to the size of the primemodulus, in bits. (See the StandardNames document for information about the sizes for specificalgorithms.) When using this approach, algorithm-specific parametergeneration values--if any--default to some standard values. Oneinit method that takes these two universally sharedtypes of arguments:
A third approach initializes a parameter generator object usingalgorithm-specific semantics, which are represented by a set ofalgorithm-specific parameter generation values supplied in anAlgorithmParameterSpec object:
Before discussing details of the actual handshake, a quickreview of some of the JSSE's architecture is needed. The heart ofthe JSSE architecture is the SSLContext. The contexteventually creates end objects (SSLSocket andSSLEngine) which actually implement the SSL/TLSprotocol. SSLContexts are initialized with twocallback classes, KeyManager andTrustManager, which allow applications to first selectauthentication material to send and second to verify credentialssent by a peer.
A KeyStore's contents might have originally beencreated using a utility such as keytool.keytool creates a RSA or DSAKeyPairGenerator and initializes it with anappropriate keysize. This generator is then used to create aKeyPair which keytool would store alongwith the newly-created certificate in the KeyStore,which is eventually written to disk.
With this basic understanding of the architecture, we can lookat some of the steps in the SSL/TLS handshake. The client begins bysending a ClientHello message to the server. The server selects aciphersuite to use, and sends that back in a ServerHello message,and begins creating JCA objects based on the suite selection. We'lluse server-only authentication in the following examples.
In a different example, an ephemeral Diffie-Hellman keyagreement algorithm along with the DSA signature algorithm ischosen, such as TLS_DHE_DSS_WITH_AES_128_CBC_SHA. The two sidesmust each establish a new temporary DH public/private keypair usinga KeyPairGenerator. Each generator creates DH keyswhich can then be further converted into pieces using theKeyFactory and DHPublicKeySpec classes.Each side then creates a KeyAgreement object andinitializes it with their respective DH PrivateKeys.The server sends its public key pieces in a ServerKeyExchangemessage (protected by the DSA signature algorithm, and the clientsends its public key in a ClientKeyExchange message. When thepublic keys are reassembled using another KeyFactory,they are fed into the agreement objects. TheKeyAgreement objects then generate agreed-upon bytesthat are then used to establish the actual encryption keys.
All key pair generators share the concepts of a keysize and asource of randomness. The KeyPairGenerator classinitialization methods at a minimum needs a keysize. If the sourceof randomness is not explicitly provided, aSecureRandom implementation of the highest-priorityinstalled provider will be used. Thus to generate keys with akeysize of 2048, simply call:
For situations where a set of algorithm-specific parametersalready exists (such as "community parameters" in DSA), there aretwo initialize methods that have an AlgorithmParameterSpecargument. Suppose your key pair generator is for the "DSA"algorithm, and you have a set of DSA-specific parameters,p, q, and g, that you wouldlike to use to generate your key pair. You could execute thefollowing code to initialize your key pair generator (recall thatDSAParameterSpec is an AlgorithmParameterSpec):
You can configure the cryptographic strength of the Java CryptographyExtension (JCE) architecture using jurisdiction policy files (seeAppendix B: Jurisdiction Policy File Format) and thesecurity properties file. 2ff7e9595c
Comments