https://luminoussheep.net/mediawiki/index.php?action=history&feed=atom&title=Java_Security_Frameworks
Java Security Frameworks - Revision history
2026-05-11T19:24:58Z
Revision history for this page on the wiki
MediaWiki 1.43.8
https://luminoussheep.net/mediawiki/index.php?title=Java_Security_Frameworks&diff=70&oldid=prev
Martin: Created page with "= JCA Java Cryptography Architecture = The initial java cryptography API allows independent implementation of the cryptographic functions and defines a standard API Default im..."
2021-09-14T21:34:21Z
<p>Created page with "= JCA Java Cryptography Architecture = The initial java cryptography API allows independent implementation of the cryptographic functions and defines a standard API Default im..."</p>
<p><b>New page</b></p><div>= JCA Java Cryptography Architecture =<br />
The initial java cryptography API allows independent implementation of the cryptographic functions and defines a standard API<br />
Default implementation "SUN"<br />
<br />
Provides:<br />
* Digital signature algorithms (DSA)<br />
** DSA key pair generation<br />
** DSA algorithm parameter generator/manager<br />
** DSA factory for conversion of private key to public key<br />
** Digital signature generation DSG<br />
* Certificate builder and validator X509<br />
* Certificate facory X509 certificates and revocation lists<br />
* Key store JKS management of keys and certificates<br />
* Message digest algorithms e.g. md5/sha1<br />
<br />
new in jdk 2:<br />
* key factories<br />
* keystore creation and management<br />
* algorithm parameter management<br />
* algorithm parameter generation<br />
* certificate factories<br />
* enables a provider to supply a random number generation (RNG) algorithm<br />
<br />
Based on the key clases: <br />
* MessageDigest<br />
* Signature<br />
* KeyFactory<br />
* KeyPairGenerator<br />
<br />
= JCE Java Cryptography Extension =<br />
Extends the JCA originally for algorithms subject to export control<br />
Default provider "SunJCE"<br />
<br />
* Symmetric bulk encryption<br />
** i.e. Block ciphers e.g. AES-128, AES-192, AES-256, DES, tripple DES, RC2, IDEA, blowfish, Serpent, Twofish<br />
* Symmetric stream encryption, e.g. RC4<br />
** as used in SSL, WEP<br />
* Asymmetric encryption i.e. PGP e.g. RSA, ElGamal encryption, ECC (Elliptic curve cryptography)<br />
** note: there is also an ElGamal signature scheme related to DSA different to ElGamal sncryption<br />
* Password-based encryption (PBE) e.g. MD5 + DES-CBC or PKCS<br />
** password + salt -> cryptographic hash, cipher, or HMAC -> repeat 1000 times => derived key - use as a cryptographic key<br />
* Key Agreement - e.g. Diffie Hellman<br />
* Message Authentication Codes (MAC) e.g. HMAC-SHA1<br />
* PKCS#11 - RSA cryptographic token interface standard - storage and cryptographic services from devices <br />
** Hardware Security Modules (HSM) and smart cards.<br />
** Standard interfaces required<br />
<br />
= CertPath Java Certification Path API =<br />
API for certificate chains - checking, verifying, validating<br />
<br />
= JSSE Java Secure Socket Extension =<br />
Secure communication via SSL (Secure Socket Layer)/TLS (Transport Layer Security)<br />
* data encryption<br />
* server authentication<br />
* message integrity<br />
* optional client authentication<br />
<br />
* public key crypto for exchange<br />
* secret key crypto (block) for data transfer<br />
<br />
Supports building of HTTPS, SSH, secure SMTP, IPSEC, Secure RMI or RMI/IIOP (over SSL)<br />
<br />
= JAAS Java Authentication and Authorisation Service =<br />
* identity verification<br />
* roles/privileges<br />
* supports pluggable authentication<br />
<br />
* authentication - verifying identity, <br />
* authorisation - access rights<br />
<br />
= JGGS Java Generic Secure Services = <br />
* Authentication/SSO Single Sign On<br />
* e.g. kerberos<br />
* GSS-API developed by IEFT<br />
* token passing security protocols<br />
* Does '''not''' support authorisation<br />
<br />
<br />
= Jargon =<br />
=== Encryption ===<br />
* Encrypted message = cypher text<br />
*Two way process involving a cryptographic key<br />
<br />
=== Symetric Ciphers ===<br />
* Symetric because encryption and decryption share same key<br />
<br />
=== Block cipher ===<br />
* symetric key encryption works on fixed length block of data<br />
* padding required to make data fit block size<br />
<br />
=== Stream cipher ===<br />
* encrypts one byte/bit at a time<br />
* sensitive to starting state<br />
<br />
=== Sealed object ===<br />
* encryption of a serialisable object<br />
* offers confidentiality<br />
<br />
=== Password based encryption PBE ===<br />
* derivation of an encryption key from password<br />
* password + salt -> hashing algorithm many times<br />
<br />
=== AES ===<br />
* Advanced Encryption Standard<br />
* block algorithm<br />
<br />
=== Message Authentication Code (MAC) ===<br />
* HMAC - hashed key (hashed using password)<br />
<br />
=== TLS Transport Layer Security ===<br />
* successor to SSL<br />
* TLS uses stronger encryption algorithms and has the ability to work on different ports<br />
* TLS 1.0 based on SSL 3.0 but incompatible<br />
* More extensible<br />
* TLS allows secure and insecure communication over the same port<br />
<br />
=== Key agreement protocols ===<br />
* exchange of a secret key over an insecure network<br />
* Diffie Hellman<br />
<br />
=== Ephemeral ===<br />
* short lived, transient<br />
<br />
=== Non-repudiation ===<br />
* irrefutable proof - person signed the document</div>
Martin