Bibliographic record and links to related information available from the Library of Congress catalog.
Note: Contents data are machine generated based on pre-publication provided by the publisher. Contents may have variations from the printed book or be incomplete or contain other coding.
TOC pages page ????? COMPOSITION SERVICES: Please insert "Contents" header on all following recto and verso pages of this section (after its first page). Contents COMPOSITION SERVICES: Please insert compiled TOC ( up to level 2 heads). Do not list level-1 or level-2 heads for appendixes, however. Please include Foreword, Preface, Acknowledgments, and all back matter, including the Appendixes, Index, EULA, and CD-ROM Installation Instructions. Beginning Cryptography and PKI in Java ISBN: 596330 WROX Title Detailed TOC Chapter 1: The JCA and the JCE Basic Architecture Provider Signing Jurisdiction Policy Files Installing the Unrestricted Policy Files Testing the Policy Files Are Installed Troubleshooting Other Issues How Do I Know the Policy Files Really Behave as Sun Says They Do? Installing the Bouncy Castle Provider Installing by Configuring the Java Runtime Install the jar File Containing the Provider Enable the Provider by Adding it to the java.security File Verifying the Bouncy Castle Provider Is Installed Installing During Execution How Precedence Works Examining the Capabilities of a Provider Summary Exercises Solutions Chapter 2: Symmetric Key Cryptography A First Example A Basic Utility Class Try It Out Using AES How It Works The SecretKeySpec Class The Cipher Class Cipher.getInstance() Cipher.init() Cipher.update() Cipher.doFinal() Symmetric Block Cipher Padding PKCS5/PKCS7Padding Try It Out Adding Padding How It Works Other Padding Mechanisms Symmetric Block Cipher Modes ECB Mode Try It Out Cipher Text Patterns in ECB Mode How It Works CBC Mode Try It Out Using CBC Mode How It Works Inline IVs Try It Out Using an Inline IV How It Works Creating an IV Random IVs Creating a SecureRandom Object Pseudorandom IVs Try It Out Using an IV Based on a Nonce How It Works A Look at Cipher Parameter Objects The AlgorithmParameters Class Streaming Symmetric Block Cipher Modes CTR Mode Try It Out CTR Mode How It Works OFB Mode CFB Mode Symmetric Stream Ciphers Try It Out Using the ARC4 Stream Cipher How It Works Generating Random Keys Try It Out Random Symmetric Key Generation How It Works The Key Interface Key.getAlgorithm() Key.getEncoded() Key.getFormat() The KeyGenerator Class KeyGenerator.getInstance() KeyGenerator.init() KeyGenerator.generateKey() Password-Based Encryption Basic PBE The Password The Salt The Iteration Count PBE in the JCE Try It Out PBE Using PBEParameterSpec How It Works The PBEParameterSpec Class The PBEKeySpec Class The SecretKeyFactory Class Try It Out PBE Based Solely on PBEKeySpec How It Works Key Wrapping Try It Out Symmetric Key Wrapping How It Works Doing Cipher-Based I/O Try It Out Using Cipher Based I/O How It Works Summary Exercises Solutions Chapter 3: Message Digests, MACs, and HMACs Getting Started Try It Out Some More Utilities The Problem of Tampering Try It Out Tampering with an Encrypted Stream How It Works Message Digests Try It Out Using a Message Digest How It Works The MessageDigest Class MessageDigest.update() MessageDigest.digest() MessageDigest.isEqual() Tampering with the Digest Try It Out Tampering with a Digest in an Encrypted Stream How It Works MACs Based on Digests - the HMAC Try It Out Using a HMAC How It Works The Mac Class Mac.init() Mac.update() Mac.doFinal() MACs Based on Symmetric Ciphers Try It Out Using a Cipher-Based MAC How It Works Digests in Pseudo-Random Functions PBE Key Generation Try It Out Implementing PKCS #5 Scheme 1 How It Works Mask Generation Try It Out Implementing MGF1 How It Works Doing Digest Based I/O Summary Exercises Chapter 4: Asymmetric Key Cryptography Some More Infrastructure The PublicKey and PrivateKey Interfaces The RSA Algorithm Try It Out Basic RSA How It Works The KeyFactory Class RSAPublicKeySpec and RSAPublicKey RSAPrivateKeySpec and RSAPrivateKey Creating Random RSA Keys Try It Out Creating Random RSA Keys How It Works The KeyPair Class The KeyPairGenerator Class The RSAKeyGenParameterSpec Class Improving RSA Performance Chinese Remainder Theorem The RSAPrivateCrtKeySpec and RSAPrivateCrtKey Interfaces Multi Prime Chinese Remainder Theorem RSA Padding Mechanisms PKCS #1 V1.5 Padding Try It Out PCKS #1 V1.5 Padding How It Works OAEP Padding Try It Out OAEP Padding How It Works Wrapping RSA Keys Try It Out Wrapping an RSA Private Key How It Works Secret Key Exchange Try It Out Secret Key Exchange How It Works Key Agreement The Diffie-Hellman Algorithm Try It Out Diffie-Hellman Key Agreement The DHParameterSpec Class Specification Objects for Diffie-Hellman Keys Interfaces for Diffie-Hellman Keys Diffie-Hellman with Elliptic Curve Try It Out Diffie-Hellman with Elliptic Curve How It Works ECField, ECFieldFp, and ECFieldF2m The EllipticCurve Class The ECPoint Class The ECParameterSpec Class The ECGenParameterSpec Class Elliptic Curve Cryptography Before JDK 1.5 Diffie-Hellman for More than Two Parties Try It Out Three-Party Diffie-Hellman How It Works The El Gamal Algorithm Try It Out El Gamal Encryption The AlgorithmParameterGenerator Class AlgorithmParameterGenerator.init() AlgorithmParameterGenerator.generateParameters() Try It Out El Gamal Using AlgorithmParameterGenerator How It Works The DHGenParameterSpec Class Digital Signatures The Signature Class Using the Signature Class in Signature Creation Mode Using the Signature Class in Signature Verification Mode Signature.setParameter() and Signature.getParameters() The Digital Signature Algorithm Regular DSA Try It Out DSA How It Works Elliptic Curve DSA Try It Out DSA with Elliptic Curve How It Works RSA-Based Signature Algorithms PKCS #1 1.5 Signatures How It Works PSS Signatures Summary Exercises Chapter 5: Object Description in Cryptography Using ASN.1 What Is ASN.1? Building on the Infrastructure Basic ASN.1 Syntax Comment Syntax Object Identifiers The Module Structure ASN.1 Types Simple Types Bit String Types Character String Types Structured Types Type Annotations Tagging EXPLICIT Tagging IMPLICIT Tagging AUTOMATIC Tagging CHOICE CLASS Encoding Rules BER Encoding The Primitive Definite-Length Method The Constructed Definite-Length Method The Constructed Indefinite-Length Method DER Encoding The Bouncy Castle ASN.1 API Creating the Basic ASN.1 Types Dealing with Tagging Defining Your Own Objects Try It Out Implementing an ASN.1-Based Java Object How It Works Analyzing an Unknown Encoded Object Try It Out Using ASN1Dump How It Works Some Real Examples of XXX Some Basic ASN.1 Structures The AlgorithmIdentifier Structure The Attribute Structure Encoding an IV Try It Out Encoding an IV with ASN.1 How It Works Inside a PKCS #1 V1.5 Signature Try It Out Looking Inside a PKCS #1 V1.5 Signature How It Works Encoding PSS Signature Parameters Try It Out Encoding PSS Parameters How It Works Encoding Public and Private Keys The X509EncodedKeySpec Class Try It Out Using the X509EncodedKeySpec How It Works The PKCS8EncodedKeySpec Class The EncryptedPrivateKeyInfo Class Try It Out Using EncryptedPrivateKeyInfo and PBE How It Works Summary Exercises Chapter 6: Distinguished Names and Certificates Getting Started: Extending the Utils Class Distinguished Names The X500Principal Class X500Principal.getEncoded() X500Principal.getName() Public Key Certificates The Certificate Class Certificate.getType() Certificate.getPublicKey() Certificate.verify() Certificate.getEncoded() X.509 Certificates The X509Certificate Class X509Certificate.getTBSCertificate() X509Certificate.getVersion() X509Certificate.getSerialNumber() X509Certificate.getIssuerX500Principal() X509Certificate.getNotBefore() and X509Certificate.getNotAfter() X509Certificate.checkValidity() X509Certificate.getSubjectX500Principal() X509Certificate.getIssuerUniqueID() X509Certificate.getSubjectUniqueID() X509Certificate.getSignature() X509Certificate.getSigAlgOID(), and X509Certificate.getSigAlgParams() X509Certificate.getSigAlgName() Try It Out Creating a Self-Signed Version 1 Certificate How It Works X.509 Extensions The X509Extension Interface X509Extension.getCriticalExtensionsOIDs() X509Extension.getExtensionValue() X509Extension.getNonCriticalExtensionOIDs() X509Extension.hasUnsupportedCriticalExtension() Extensions Supported Directly by X509Certificate X509Certificate.getKeyUsage() X509Certificate.getSubjectAlternativeNames() X509Certificate.getIssuerAlternativeNames() X509Certificate.getBasicConstraints() X509Certificate.getExtendedKeyUsage() Try It Out Creating a Self-Signed Version 3 Certificate How It Works Reading and Writing Certificates The CertificateFactory Class CertificateFactory.generateCertificate() CertificateFactory.generateCertificates() Try It Out Using the CertificateFactory Class How It Works Try It Out Reading Multiple Certificates How It Works Certification Requests Try It Out Creating a Certification Request How It Works Try It Out Adding Extensions to a Certification Request How It Works Writing a Simple Certificate Authority Try It Out Creating a Certificate from a Certification Request How It Works Certificate Paths and Stores The CertPath Class CertPath.getType() CertPath.getCertificates() CertPath.getEncoded() CertPath.getEncodings() Try It Out Writing a CertPath How It Works The CertStore Class The X509CertSelector Class X509CertSelector.setCertificate() X509CertSelector.setIssuer() X509CertSelector.setSerialNumber() X509CertSelector.setSubject() Try It Out Using a CertStore and a X509CertSelector How It Works Summary Exercises Chapter 7: Certificate Revocation and Path Validation Getting Started: Adding Certificate Generation to the Utils Class Certificate Revocation Lists The CRL Class CRL.getType() CRL.isRevoked() X.509 Certificate Revocation Lists The X509CRL Class X509CRL.getTBSCertList() X509CRL.getVersion() X509CRL.getIssuerX500Principal() X509CRL.getThisUpdate() and X509CRL.getNextUpdate() X509CRL.getRevokedCertificates() X509CRL.getRevokedCertificate() X509CRL.getSignature() X509CRL.getSigAlgOID(), and X509CRL.getSigAlgParams() X509CRL.getSigAlgName() X509CRL.verify() X509CRL.getEncoded() The X509CRLEntry Class X509CRLEntry.getCertificateIssuer() X509CRLEntry.getRevocationDate() X509CRLEntry.getSerialNumber() X509CRLEntry.hasExtensions() X.509 CRL Entry Extensions The ReasonCode Extension The HoldInstructionCode Extension The InvalidityDate Extension The CertificateIssuer Extension X.509 CRL Extensions The AuthorityKeyIdentifier Extension The IssuerAlternativeName Extension The CRLNumber Extension The DeltaCRLIndicator Extension The IssuingDistributionPoint Extension The FreshestCRL Extension Try It Out Creating a CRL How It Works Reading CRLs using the CertificateFactory Class CertificateFactory.generateCRL() CertificateFactory.generateCRLs() Try It Out Building a CRL using the CertificateFactory How It Works The X509CRLSelector Class X509CRLSelector.addIssuer() and X509CRLSelector.addIssuerName() X509CRLSelector.setDateAndTime() X509CRLSelector.setMaxCRL() and X509CRLSelector.setMinCRL() Try It Out Retrieving A CRL from a CertStore How It Works Online Certificate Status Protocol The CertificateID Class CertificateID.getHashAlgOID() CertificateID.getIssuerNameHash() CertificateID.getIssuerKeyHash() CertificateID.getSerialNumber() The OCSPReq Class OCSPReq.getTBSRequest() OCSPReq.getVersion() OCSPReq.getRequestorName() OCSPReq.getRequestList() OCSPReq.isSigned() OCSPReq.getSignature() and OCSPReq.getSignatureAlgOID() OCSPReq.getCertificates() OCSP Request Extensions The Nonce Extension The Acceptable Response Types Extension The Service Locator Extension Try It Out OCSP Request Generation How It Works The OCSPResp Class The BasicOCSPResp Class BasicOCSPResp.getTBSResponseData() BasicOCSPResponse.getVersion() BasicOCSPResponse.getResponderID() BasicOCSPResponse.getProducedAt() BasicOCSPResponse.getResponses() OCSP Response Extensions The CRL References Extension The Archive Cutoff Extensions X.509 CRL Entry Extensions Try It Out Generating An OCSP Response How It Works Certificate Path Validation The TrustAnchor Class The PKIXParameters Class PKIXParameters.addCertStore() and PKIXParameters.setCertStores() PKIXParameters.setDate() PKIXParameters.setTargetCertConstraints() PKIXParameters.setRevocationEnabled() The CertPathValidator Class CertPathValidator.getDefaultType() CertPathValidator.getAlgortihm() CertPathValidator.validate() The PKIXCertPathValidatorResult Class Try It Out Validating a Certificate Path How It Works The PKIXCertPathChecker Class PKIXCertPathChecker.init() PKIXCertPathChecker.isForwardCheckingSupported() PKIXCertPathChecker.getSupportedExtensions() PKIXCertPathChecker.check() Try It Out Using a PKIXCertPathChecker How It Works Building a Valid Path from a CertStore The CertPathBuilder Class The PKIXBuilderParameters Class Try It Out Building a Certificate Path Using CertPathBuilder How It Works Summary Exercises Solutions Chapter 8: Key and Certificate Management Using Keystores Getting Started: Adding Credentials Generation to the Utils Class The KeyStore Class KeyStore Types Standard JDK KeyStore Types Bouncy Castle KeyStore Types The Basic KeyStore API KeyStore.aliases() KeyStore.containsAlias() KeyStore.deleteEntry() KeyStore.getCertificate() KeyStore.getCertificateAlias() KeyStore.getCertificateChain() KeyStore.getCreationDate() KeyStore.getKey() KeyStore.getType() KeyStore.isCertificateEntry() KeyStore.isKeyEntry() KeyStore.load() KeyStore.setCertificateEntry() KeyStore.setKeyEntry() KeyStore.size() KeyStore.store() Try It Out Using a JKS KeyStore How It Works KeyStore Nested Classes and Interfaces The KeyStore.ProtectionParameter Interface KeyStore.CallbackHandlerProtection KeyStore.PasswordProtection The KeyStore.Entry Interface KeyStore.getEntry() KeyStore.setEntry() KeyStore.entryInstanceOf() KeyStore.PrivateKeyEntry KeyStore.SecretKeyEntry KeyStore.TrustedCertificateEntry Try It Out Using KeyStore.setEntry() How It Works The KeyStore.Builder Class KeyStore.Builder.getKeyStore() KeyStore.Builder.getProtectionParameter() KeyStore.Builder.newInstance() Try It Out Using KeyStore.Builder How It Works The KeyStore.LoadStoreParameter Interface The PKCS #12 Format Using PKCS #12 with the KeyStore API Try It Out Using a PKCS #12 KeyStore How It Works The Keytool Keytool Commands General Command Options Commands and Their Options The JVM's CA KeyStore Some Keytool Experiments Generating Some Sample KeyStore Files Try It Out Using Some keytool Commands How It Works Jarsigning and Java Policy The Jarsigner Java Policy Files Summary Exercises Solutions Chapter 9: CMS and S/MIME Getting Started Cryptographic Message Syntax Basic CMS The Data Content Type The CMSProcessable Interface CMS Signed-Data ASN.1 Structure The DigestAlgorithms Field The EncapContentInfo Field The Certificates and Crls Fields The SignerInfos Field The Version Field The SignerInformation Class SignerInformation.getDigestAlgOID() SignerInformation.getDigestAlgParams() SignerInformation.getEncryptionAlgOID() SignerInformation.getEncryptionAlgParams() SignerInformation.getSID() SignerInformation.getSignature() SignerInformation.getSignedAttributes() SignerInformation.getUnsignedAttributes() SignerInformation.verify() SignerInformation.replaceUnsignedAttributes() The SignerInformationStore Class SignerInformationStore.get() SignerInformationStore.getSigners() SignerInformationStore.size() The CMSSignedData Class CMSSignedData.getCertificatesAndCRLs() CMSSignedData.getEncoded() CMSSignedData.getSignedContent() CMSSignedData.getSignedContentOID() CMSSignedData.getSignerInfos() CMSSignedData.replaceSigners() Try It Out Creating and Validating a Detached Signature How It Works CMS Enveloped-Data ASN.1 Structure The OriginatorInfo Field The RecipientInfos Field The EncryptedContentInfo Field The UnprotectedAttrs Field The Version Field The RecipientInformation Class RecipientInformation.getContent() RecipientInformation.getKeyEncryptionAlgOID() RecipientInformation.getKeyEncryptionAlgorithmParameters() RecipientInformation.getKeyEncryptionAlgParams() RecipientInformation.getRID() The KeyTransRecipientInformation Class The RecipientInformationStore Class RecipientInformationStore.get() RecipientInformationStore.getRecipients() RecipientInformationStore.size() The CMSEnvelopedData Class CMSEnvelopedData.getEncoded() CMSEnvelopedData.getEncryptionAlgOID() CMSEnvelopedData.getEncryptionAlgorithmParameters() CMSEnvelopedData.getEncryptionAlgParams() CMSEnvelopedData.getRecipientInfos() CMSEnvelopedData.getUnprotectedAttributes() Try It Out Creating and Decoding CMS Enveloped-Data How It Works The KEKRecipientInformation Class Try It Out Using Key-Encrypted Keys with Enveloped-Data How It Works Data Compression in CMS ASN.1 Structure The CMSCompressedData Class CMSCompressedData.getContent() CMSCompressedData.getEncoded() Try It Out Using Compression with CMS How It Works S/MIME The CMSProcessableBodyPart Class The SMIMEUtil Class SMIMEUtil.toMimeBodyPart() SMIMEUtil.createIssuerAndSerialNumberFor() S/MIME Signed Messages The CMSProcessableBodyPartInbound Class The CMSProcessableBodyPartOutbound Class The SMIMESigned Class SMIMESigned.getContent() SMIMESigned.getContentAsMimeMessage() SMIMESigned.getContentWithSignature() Try It Out Creating and Validating a S/MIME Signed Message How It Works S/MIME Enveloped Messages The SMIMEEnveloped Class Try It Out Using S/MIME Enveloped Messages How It Works Combining Signing with Encryption Try It Out Enveloping a Signed Message How It Works S/MIME Compressed Messages The SMIMECompressed Class Try It Out Using S/MIME Compression How It Works Summary Exercises Solutions Chapter 10: SSL and TLS The SSL and TLS Protocols Getting Started A Basic SSL Client and Server The SSLSocketFactory Class SSLSocketFactory.createSocket() SSLSocketFactory.getDefault() SSLSocketFactory.getDefaultCipherSuites() SSLSocketFactory.getSupportedCipherSuites() The SSLServerSocketFactory Class SSLServerSocketFactory.createServerSocket() SSLServerSocketFactory.getDefault() SSLServerSocketFactory.getDefaultCipherSuites() and SSLServerSocketFactory.getSupportedCipherSuites() The SSLSocket Class SSLSocket.setEnabledCipherSuites() SSLSocket.setEnabledProtocols() SSLSocket.setEnableSessionCreation() SSLSocket.setUseClientMode() The SSLServerSocket Class SSLServerSocket.setEnabledCipherSuites() SSLServerSocket.setEnabledProtocols() SSLServerSocket.setEnableSessionCreation() SSLServerSocket.setUseClientMode() Try It Out A Basic SSL Client and Server How It Works The HandshakeCompletedListener Interface Client-side Authentication SSLServerSocket Configuration SSLServerSocket.setNeedClientAuth() SSLServerSocket.setWantClientAuth() Server-mode SSLSocket Configuration The setNeedClientAuth() Method The setWantClientAuth() Method The SSLContext Class SSLContext.init() SSLContext.getClientSessionContext() SSLContext.getProtocol() SSLContext.getServerSessionContext() SSLContext.getServerSocketFactory() SSLContext.getSocketFactory() The KeyManagerFactory Class KeyManagerFactory.init() KeyManagerFactory.getAlgorithm() KeyManagerFactory.getDefaultAlgorithm() KeyManagerFactory.getKeyManagers() Try It Out Introducing Client-side Authentication How it Works The TrustManagerFactory Class TrustManagerFactory.init() TrustManagerFactory.getAlgorithm() TrustManagerFactory.getDefaultAlgorithm() TrustManagerFactory.getTrustManagers() Try It Out Using the TrustManagerFactory How It Works Managing SSL Session Information The SSLSession Interface SSLSession.getCipherSuite() SSLSession.getCreationTime() SSLSession.getId() SSLSession.getLastAccessedTime() SSLSession.getLocalCertificates() SSLSession.getLocalPrincipal() SSLSession.getPeerCertificates() SSLSession.getPeerHost() SSLSession.getPeerPort() SSLSession.getPeerPrincipal() SSLSession.getProtocol() SSLSession.getSessionContext() SSLSession.invalidate() SSLSession.isValid() SSLSession.putValue() Try It Out Using SSLSession How It Works Dealing with HTTPS The HttpsURLConnection Class HttpsURLConnection.getCipherSuite() HttpsURLConnection.getHostnameVerifier() HttpsURLConnection.getLocalCertificates() HttpsURLConnection.getLocalPrincipal() HttpsURLConnection.getPeerPrincipal() HttpsURLConnection.getServerCertificates() HttpsURLConnection.getSSLSocketFactory() HttpsURLConnection.setDefaultSSLSocketFactory() HttpsURLConnection.setDefaultHostnameVerifier() The HostnameVerifier Interface Try It Out Using HttpsURLConnection and HostnameVerifier How It Works Summary Exercises Appendix A: Solutions to Exercises Chapter 1 Solutions Chapter 2 Solutions Chapter 3 Solutions Chapter 4 Solutions Chapter 5 Solutions Chapter 6 Solutions Chapter 7 Solutions Chapter 8 Solutions Chapter 9 Solutions Chapter 10 Solutions Appendix B: Algorithms Provided By the Bouncy Castle Provider Asymmetric Ciphers Certificate Path Validation Key Agreement Algorithms Key Stores MAC Algorithms Signature Algorithms Message Digests Symmetric Block Ciphers Symmetric Stream Ciphers Appendix C: Using the Bouncy Castle API for Elliptic Curve Elliptic Curve Interfaces The ECKey Interface The ECPrivateKey Interface The ECPublicKey Interface The ECPointEncoder Interface Elliptic Curve Classes The ECNamedCurveParameterSpec Class The ECNamedCurveSpec Class The ECParameterSpec Class The ECPrivateKeySpec Class The ECPublicKeySpec Class Appendix D: Bibliography and Further Reading ASN.1 Standards IETF Working Group Charter Pages RFCs Useful References
Library of Congress Subject Headings for this publication:
Computer security.
Cryptography.
Public key infrastructure (Computer security).
Java (Computer program language).