Šifrovanie v Jave JCE Dôležité triedy a

Скачать презентацию Šifrovanie v Jave JCE Dôležité triedy a

64d363b004f71a5495e95455270cdcc8.ppt

Количество слайдов: 30

Šifrovanie v Jave

JCE Dôležité triedy a interface: • Cipher • MAC • Secure. Random • Key. Generator • Key. Pair. Generator • Signature • Key. Store

JCE JAVA API JS API JCA JCE

JCE Application code JCE/JCA API Abstraction Layer JCE/JCA SPI Classes In Provider Service Provider Interface Provider Internal Classes Provider functionality

Generovanie symetrického kľúča private static Key create. Key() throws Exception { Key k = null; Key. Generator kg = Key. Generator. get. Instance(“AES”); k = kg. generate. Key(); return k; }

Generovanie asymetrického kľúča private static Key. Pair create. Key. Pair() throws Exception { Key. Pair k = null; Key. Generator kg = Key. Generator. get. Instance(“RSA”); k = kg. generate. Key. Pair(); return k; }

Generovanie asymetrického kľúča private static Public. Key get. Publice. Key(Key. Pair kp) throws Exception { return kp. get. Public(); } private static Private. Key get. Private. Key(Key. Pair kp) throws Exception { return kp. get. Private(); }

Šifrovanie 1. Vytvoríme alebo načítame inštanciu triedy Key 2. Vytvoríme inštanciu triedy Cipher v šifrovacom móde 3. Vykonáme šifrovanie

Šifrovanie private static byte[] encrypt(String plain. Text, Private. Key pk) throws Exception { byte[] plain. Data = plain. Text. get. Bytes(“UTF-8”); Cipher c = Cipher. get. Instance(“RSA”); c. init(Cipher. ENCRYPT_MODE, pk); byte[] cipher. Data = c. do. Final(plain. Data); return cipher. Data; }

Dešifrovanie 1. Načítame inštanciu triedy Key 2. Vytvoríme inštanciu triedy Cipher v dešifrovacom móde 3. Vykonáme dešifrovanie

Dešifrovanie private static byte[] decrypt(byte[] cipher. Data, Public. Key pk) throws Exception { Cipher c = Cipher. get. Instance(“RSA”); c. init(Cipher. DECRYPT_MODE, pk); byte[] plain. Data = c. do. Final(plain. Data); return plain. Data; }

Import certifikátov private static Certificate get. Certificate (File file) throws Exception { Certificate certificate = null; File. Input. Stream is = new File. Input. Stream(file); Certificate. Factory cf = Certificate. Factory. get. Instance(“X. 509”); certificate = cf. generate. Certificate(is); return certificate; }

Hashovacie funkcie public byte[] get. Hash(String input) throws Exception { Message. Digest message. Digest = Message. Digest. get. Instance(“SHA”); message. Digest. reset(); message. Digest. update(input. get. Bytes(“UTF-8”)); return message. Digest. digest(); }

Digitálny podpis public static byte[] sign(String input, Private. Key pk) throws Exception { Signature sign = Signature. get. Instance(“DSA”); signature. init. Sign(pk); signature. update(input. get. Bytes(“UTF-8”)); return signature. sign(); }

Digitálny podpis public static boolean verify(byte[] input, Public. Key pk) throws Exception { Signature sign = Signature. get. Instance(“DSA”); signature. init. Verify(pk); return signature. verify(input); }

Java Keytool keytool -genkey –alias ALIAS -keystore main. keystore -keypass KEYPASS -storepass STOREPASS -keyalg RSA keytool -exportcert -alias ALIAS –file certificate. cer -keystore main. keystore -keypass KEYPASS -storepass STOREPASS

Keystore private static Key get. Key() throws Exception{ Key k = null; Key. Store ks = Key. Store. get. Instance(“jks”); ks. load(new File. Input. Stream(“main. keystore”), “STOREPASS”. to. Char. Array()); k = ks. get. Key(“ALIAS”, “KEYPASS”. to. Char. Array()); return k; }

Keystore private static void save. Key() throws Exception{ Key k = null; Key. Store ks = Key. Store. get. Instance(“jks”); Key. Generator kg = Key. Generator. get. Instance(“AES”); k = kg. generate. Key(); ks. set. Key. Entry(“ALIAS”, k, “KEYPASS”. to. Char. Array(), null); ks. store(new File. Output. Stream(“main. keystore”), “STOREPASS”. to. Char. Array()); }

Jarsigner Základný tvar príkazu: jarsigner jar-file alias jar-file – cesta a meno súboru, ktorý chceme podpisovať alias - alias identifikujúci súkromný kľúč, ktorý bude použitý na podpísanie. jar súboru jarsigner –keystore main. keystore –storepass STOREPASS –keypass KEYPASS file. jar ALIAS

TLS • vygenerovanie páru kľúčov • vytvorenie certifikátu • vytvorenie aplikácie typu klient-server komunikujúci cez SSLServer. Socket a SSLSocket

TLS - Server • prístup k súkromnému kľúču(dekódovanie správ) • prístup k certifikátu(musí ho poslať klientovi) • vytvoriť SSL server socket

TLS - Server Normálne sockety: server. Socket = new Server. Socket(port); client. Socket = server. Socket. accept();

TLS - Server Štruktúra zdrojového kódu: importy public class Secure. Socket. Server { deklarácia premenných public static voi main(String[] args) { inicializácia SSLServer. Socket ssl. Client. Socket = (SSLSocket) SSLServer. Socket. accept(); asociácia I/O streamov so socketmi Input/Output (komunikácia) zatváranie socketov a streamov } }

TLS - Server import java. net. *; java. io. *; javax. net. ssl. *; java. security. *; public class Secure. Socket. Server { static final String KEYSTORE = "my. Store. ks"; static final String STOREPASSWD = "123456"; static final String ALIASPASSWD = "123456";

TLS - Server public static void main(String[] args) throws Exception { Key. Store ks = Key. Store. get. Instance("JCEKS"); ks. load( new File. Input. Stream( KEYSTORE ), STOREPASSWD. to. Char. Array() ); Key. Manager. Factory kmf = Key. Manager. Factory. get. Instance("Sun. X 509"); kmf. init( ks, ALIASPASSWD. to. Char. Array() ); SSLContext ssl. Context = SSLContext. get. Instance( "TLS" );

TLS - Server ssl. Context. init( kmf. get. Key. Managers(), null ); SSLServer. Socket. Factory ssl. Server. Factory = ssl. Context. get. Server. Socket. Factory(); SSLServer. Socket ssl. Server. Socket = (SSLServer. Socket) ssl. Server. Factory. create. Server. Socket(4444); ssl. Server. Socket. set. Enabled. Cipher. Suites( ssl. Server. Socket. get. Supported. Cipher. Suites());

TLS - Server SSLSocket ssl. Client. Socket = (SSLSocket)ssl. Server. Socket. accept();

TLS - Server Print. Writer out = new Print. Writer(ssl. Client. Socket. get. Output. Stream(), true); Buffered. Reader in = new Buffered. Reader(new Input. Stream. Reader( ssl. Client. Socket. get. Input. Stream())); String input. Line = in. read. Line(); if (input. Line. equals("Hello")) out. println("Connection established"); else out. println("Connection refused");

TLS - Server out. close(); in. close(); ssl. Client. Socket. close(); ssl. Server. Socket. close(); } }

TLS - Klient SSLContext ssl. Context = SSLContext. get. Instance( "TLS" ); Key. Store ts = Key. Store. get. Instance("JCEKS"); ts. load(new File. Input. Stream(TRUSTSTORE), TRUSTSTOREPASSWD. to. Char. Array()); Trust. Manager. Factory tfm = Trust. Manager. Factory. get. Instance("Sun. X 509"); tfm. init(ts); ssl. Context. init(null, tfm. get. Trust. Managers(), null ); SSLSocket. Factory ssl. Fact = ssl. Context. get. Socket. Factory(); SSLSocket client = (SSLSocket)ssl. Fact. create. Socket("localhost", 4444); client. set. Enabled. Cipher. Suites( client. get. Supported. Cipher. Suites());