cryptography : Java Glossary

*0-9ABCDEFGHIJKLMNOPQRSTUVWXYZ (all)

cryptography
Techniques for foiling those who would intercept to read or alter your mail. Also techniques to prevent people from forging mail from you. These are particularly important in net money transfers. Also refers to techniques for scrambling files so that others cannot snoop on them. Java has as set of classes for doing cryptography.
Cryptography Terminology Overview
Term Meaning
AES (Advanced Encryption Standard) AES is a symmetric 128-bit, 192-bit or 256-bit block data encryption technique developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. It is the state of the art in secret key ciphers.
CA (Certificate Authority) CA. A company such as Thawte or Verisign that issues certificates. They check up your credentials and once they are convinced you are who you claim to be, they digitally sign a certificate attesting to your identity. There are dozens of different kinds of certificates, presumably so they can charge you extra for each kind after the identification process is complete — the only thing in issuing a certificate that takes work.
cipher A scheme for scrambling and unsrambling messages to make them unintelligible.
digest such as MD5 (Message Digest algorithm 5) or SHA-1 (Secure Hash Algorithm 1). It is a high quality checksum with almost no possibility any two documents would generate the same number. It becomes like an id for a document. If even one comma changes, the digest will be totally different.
encrypt to scramble a message to make it unintelligible for transport.
key A large number used in cryptography calculations, something like a password or passphrase, but deliberately random gibberish. They can be quite long, up to 4096 bits, which is equivalent to about 100 words or 1200 digits. You never even bother to look at them. They are selected for you my random processes. Sometime the number has to have some special property, e.g. be prime or relatively prime to some other number.
keystore A file containing your collection of public and private keys, both your own and other people’s. Your own will be certificates with a public/private key pair. Other people’s will be certificates with just a public key.
MAC (Message Authentication Code) MAC is a digest encrypted with a private key. It acts like a digital signature for the document. To verify the signature you, decrypt with the corresponding public key and recompute the digest. If they digests match, you know both the originator signed it and that the document was unchanged since it was signed.
MD5 A 128-bit digest. It faster to compute than a SHA-1, but is not as high quality.
One time pad A theoretically uncrackable cipher where you XOR your message with a one time binary key as long as the message made of purely random noise. Looking at the final result, you can presume the original message said absolutely anything given the matching random key. The encrypted message is pure random with no leverage for decryption. See my Pascal Implementation. To decrypt, you XOR (exclusive OR) again with the same key. In practice, you break the code by stealing or intercepting and copying the keys, or by peeking at the message before or after it is decrypted, or by distributing bogus software that spies.
plain text Not encrypted. In a form that can be read.
principal anything with a name, a person, company, etc.
private key A large secret number known only by one party. He uses this both to sign outgoing messages and to decrypt incoming ones.
public key A large number known by everyone, even enemies. People use it to encrypt messages to its owner and to validate signatures of messages coming from him.
JCE (Java Cryptography Extension) JCE. A set of classes designed to be easily replaced by better ones from other vendors to do a variety of cryptographic functions. The documentation is abysmal. Try reading Java Cryptography (see below) to understand what each class is for. It is much simpler than it looks.
secret key A large secret number known by both sender and receiver used to scramble and unscramble messages. Diffie-Hellman allow two parties who have never met to agree on a secret number between them, even while people are eavesdropping.
SHA-1 A digest. SHAs come in various strengths from 128 bits to 512 bits.
SPI (Service Provider Interface) A vendor who wants to provide cryptographic algorithms that plug into Oracle’s framework has to write to a set of interfaces. This way he can write either replacements or additions to Oracle’s implementations that all work with the familiar JCE interface. BouncyCastle provides PGP (Pretty Good Privacy) via the interface this way.
subject the person who buys a digital id certificate
token A fob you hold in your hand. An electronic key. It contains a small computer and a secret key and a program to do security calculations.
Cryptography Overview
Problem Solution
Secure conversations over the Internet Diffie-Hellman, SSL (Secure Sockets Layer), allows to parties who have never met to decide on secret key to use for encryption.
Proving you are who you claim to be. Digital Id certificate, containing a private key, digitally signed by a Certificate Authority.
Proving you are the author of some computer program. Code signing certificate, containing a private key, digitally signed by a Certificate Authority.
Proving nobody has tampered with some computer program. Code signing certificate, containing a private key, digitally signed by a Certificate Authority and digitally signed digest of the program.
Proving email truly came from whom it purports to. S/MIME (Secure Multipurpose Internet Mail Exchange) or PGP certificate.
Proving email was not tampered with. S/MIME or PGP certificate.
Sending email so that others cannot eaves drop. S/MIME or PGP certificate.
Sending communications over the Internet even the government can’t spy on. One time xor pad with true random keys. Nothing else is secure.
Logging into a computer in a way that other spying or spoofing can’t learn to do it to. Public/private key system.
High security door lock access where everyone has different areas of permission. Hardware token (password fob) with embedded private key it does not directly reveal.
distributing public keys in a way that people can be sure they truly are what they purport to be, e.g. public key to verify code signing, email signing, website identification etc. Public key certificates digitally signed by Certificate Signing authorities.
Doing a very accurate checksum to detect changes in a file. Digest such as MD5 or SHA-1
A digest that other people cannot compute A MAC, which is an ordinary digest salted with a private key to get it started.
Doing a very fast checksum to detect changes in a file. Adler 32-bit checksum, or a CRC-32.
FTP (File Transfer Protocol), only that people can’t snoop on. FTP piggybacked on SSH (Secure Shell) protocol. Private/Public key RSA/DSA encryption is thousands of time slower. That is why it is not used for bulk encryption.
Protecting your files from being snooped on when you are not at your desk. Encryption using the OS (Operating System) or PKZIP.

the Transporter

I have written some light weight commercial RSA-based public/private key cryptography classes. They are designed for high security and low volume, e.g. accepting credit card information over the Internet from an Applet. They don’t require the new bulky JCE classes, just BigInteger. These are a low cost alternative to SSL. I call them the Transporter.

Code Cracking

Average Time To Crack a Secret Key Using 1997 Technology
Key Length (bits) Individual Attacker Small Group Academic Network Large Company Military Intelligence Agency
40 Weeks Days Hours Milliseconds Microseconds
56 Centuries Decades Years Hours Seconds
64 Millennia Centuries Decades Days Minutes
80 Infeasible Infeasible Infeasible Centuries Centuries
128 Infeasible Infeasible Infeasible Infeasible Millennia
Code Cracking Capability with 1997 technology
Attacker Computer Resources Keys/Second
Individual attacker one high-end desktop machine and software 217.. 224
Small group 16 high-end machines and software 221.. 224
Academic network 256 high-end machines and software 225.. 228
Large company $1,000,000 hardware budget 243
Military intelligence agency $1,000,000 hardware budget and advanced technology 255
The two tables above came from page 51 of Digital Certificates.

The only encryption that is in theory uncrackable is the one time pad, which uses a key of true random numbers equally long as the message. The key is never reused.

The USA has complex laws on cryptography. The basic idea is the US government demands the right to snoop on all electronic messages. Other laws prevent US companies from exporting serious cryptographic software, even when the algorithms are public knowledge. This has closed the door to US software companies and opened them to Australian ones.

Books

book cover recommend book⇒Digital Certificates: Applied Internet Securityto book home
by Jalal Feghhi, Jalil Feghhi, Peter Williams 978-0-201-30980-5 paperback
publisher Addison-Wesley
published 1998-10-09
The main thing wrong with this book is its age. It is a surprisingly easy to follow book. The JCE itself is daunting, but this book tames it with lots of code examples and an informal style. Consider this book an introduction to the JCE, not the final authority on high security. The end of the book degenerates into a bit of sales pitch for the author’s employer, Verisign, showing you the Verisign way of doing business. The book, is inconsistent in its intended audience. For example, the S/MIME section seems aimed at the JCE for dummies crowd. Yet near the end of the book, the authors throw an alphabet soup of undefined terminology at you as if you were a roomful of Verisign techies.
Australian flag abe books anz abe books.co.uk UK flag
German flag abe books.de amazon.co.uk UK flag
German flag amazon.de abe books.ca Canadian flag
Spanish flag amazon.es amazon.ca Canadian flag
Spanish flag iberlibro.com Chapters Indigo Canadian flag
French flag abe books.fr abe books.com American flag
French flag amazon.fr amazon.com American flag
Italian flag abe books.it Barnes & Noble American flag
Italian flag amazon.it Nook at Barnes & Noble American flag
India flag junglee.com Kobo American flag
UN flag other stores Google play American flag
O’Reilly Safari American flag
Powells American flag
Greyed out stores probably do not have the item in stock. Try looking for it with a bookfinder.
book cover recommend book⇒Java Cryptographyto book home
by Jonathan Knudsen 978-1-56592-402-4 paperback
publisher O’Reilly recommended 978-1-4493-9061-7 eBook
published 1998-05-01 B0043M4ZC0 kindle
JCE has evolved considerably since this book was published. It teaches you how to write secure programs using Java’s cryptographic tools. It includes the java.security package and the Java Cryptography Extensions (JCE). It discusses authentication, key management, public and private key encryption. How to implement ciphers, keys and other data-obscuring techniques in Java. Includes source for a provider of the ElGamal algorithm.
Australian flag abe books anz abe books.co.uk UK flag
German flag abe books.de amazon.co.uk UK flag
German flag amazon.de abe books.ca Canadian flag
Spanish flag amazon.es amazon.ca Canadian flag
Spanish flag iberlibro.com Chapters Indigo Canadian flag
French flag abe books.fr abe books.com American flag
French flag amazon.fr amazon.com American flag
Italian flag abe books.it Barnes & Noble American flag
Italian flag amazon.it Nook at Barnes & Noble American flag
India flag junglee.com Kobo American flag
UN flag other stores Google play American flag
O’Reilly Safari American flag
Powells American flag

This page is posted
on the web at:

http://mindprod.com/jgloss/cryptography.html

Optional Replicator mirror
of mindprod.com
on local hard disk J:

J:\mindprod\jgloss\cryptography.html
logo
Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.

IP:[65.110.21.43]
Your face IP:[54.91.11.11]
You are visitor number