Active In SP
Joined: Nov 2009
21-11-2009, 07:43 AM
hello, i have 2 give a seminar and presentation can ugibe me detail explanation of this topic
computer science crazy|
Joined: Dec 2008
22-11-2009, 02:09 PM
please read http://topicideas.org/how-to-Java-Crypto...-JCA--3542
for java cryptography where about java cryptography added, if again wanted more reply there for more info
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Joined: Apr 2012
13-08-2012, 11:13 AM
1Java Cryptography.pdf (Size: 1.47 MB / Downloads: 20)
This book is about cryptographic programming in Java™. This chapter presents the "big picture" of
secure systems and quickly moves to the specifics of cryptography. I begin by describing secure
systems design. Next I explain what cryptography is and describe its role in secure systems
development. This chapter concludes with a pair of "teaser" examples: two short Java applications
that will whet your appetite for the rest of the book.
Computer applications enable people to do work. Applications are parts of a larger system (a business,
usually) that also involves people, fax machines, white boards, credit cards, paper forms, and anything
else that makes the whole system run. Secure systems make it hard for people to do things they are
not supposed to do. For example, a bank is designed as a secure system. You shouldn't be able to
withdraw money from someone else's account, whether you try at the teller window, or by using the
bank machine, or by telephone. Of course, you could bribe the teller or disassemble the bank machine,
but these things are usually not worth the cost.
Secure systems are designed so that the cost of breaking any component of the system outweighs the
rewards. Cost is usually measured in money, time, and risk, both legal and personal. The benefits of
breaking systems are generally control, money, or information that can be sold for money. The
security of the system should be proportional to the resources it protects; it should be a lot harder to
break into a brokerage than a magazine subscription list, for example.
The term "secure systems" is a little misleading; it implies that systems are either secure or insecure.
In truth, there is no absolute security. Every system can be broken, given enough time and money. Let
me say that again, every system can be broken. There are more secure and less secure systems, but no
totally secure systems. When people talk about secure systems, they mean systems where security is a
concern or was considered as part of the design.
Cryptography is the science of secret writing. It's a branch of mathematics, part of cryptology .
Cryptology has one other child, cryptanalysis , which is the science of breaking (analyzing)
The main security concerns of applications are addressed by cryptography. First, applications need
assurance that users are who they say they are. Proving identity is called authentication . In the
physical world, a driver's license is a kind of authentication. When you use a computer, you usually
use a name and password to authenticate yourself. Cryptography provides stronger methods of
authentication, called signatures and certificates. I'll talk about these in Chapter 6.
Computer applications need to protect their data from unauthorized access. You don't want people
snooping on your data (you want confidentiality), and you don't want someone changing data without
your knowledge (you want to be assured of your data's integrity). Data stored on a disk, for example,
may be vulnerable to being viewed or stolen. Data transmitted across a network is subject to all sorts
of nefarious attacks. Again, cryptography provides solutions; I'll discuss them in detail in Chapter 6
and Chapter 7.
One of the things that makes Java so interesting is the security features that are built in to the
platform itself. Java was designed to enable small programs, applets, to be downloaded and run
without danger. Applets are nifty, but without the right precautions they would be very dangerous.
Java's bytecode verifier, ClassLoader, and SecurityManager work in tandem to safely execute
The Java Development Kit (JDK™) 1.2 (in beta as this book goes to press) includes some interesting
security enhancements, including the concepts of protection domains, permissions, and policies. I
won't rehash Java's platform security features here. For a good summary, see Exploring Java by Pat
Niemeyer and Joshua Peck (O'Reilly). For a more thorough treatment, including the new JDK 1.2
features, see Java Security by Scott Oaks (O'Reilly). The security that the Java platform provides
comes "for free" to application developers. Application-level security, however, needs to be developed
into the application. This book is about programming application-level security through the use of
Application-level security can compensate for an insecure platform, in some cases. Internet Protocol
(IP) networks , for example, are insecure. It's impossible to prevent packet snooping, Domain Name
System (DNS) spoofing, or foul-ups like misdelivered email. A carefully crafted application, however,
can compensate for an insecure platform like the IP network. If the body of your email is encrypted,
for example, it won't do anyone any good to view a message. If you encrypt all data that you send
over the network, then a packet sniffer won't be able to pick up much useful information.
Most of us don't want other people to read our mail, which is why we use letters instead of postcards.
Almost all information on the Internet is transmitted on the equivalent of postcards. Even if nobody is
deliberately spying on you, electronic mail is frequently misdelivered. If you mistype a recipient's
address, your mail might get sent to a system administrator somewhere. It's surprisingly easy for
information you thought was confidential to be available to hundreds of thousands of people on the
Even data on your computer's hard disk is surprisingly available to your coworkers, the people who
clean your office, and anyone else who might have physical access to your computer. If you are
considering leaving your current job, you probably wouldn't feel comfortable leaving a copy of your
résumé on your office computer; someone might find it.
To protect your information from prying or curious eyes, you need to take extra precautions. A
common way to protect information is to encrypt it at the sending end and decrypt it at the receiving
end. Encryption is the process of taking data, called plaintext , and mathematically transforming it
into an unreadable mess, called ciphertext . Decryption takes the ciphertext and transforms it back
into plaintext. The mathematical algorithm that performs the transformations is called a cipher .
Figure 2.1 shows how this works.
The shortcomings of symmetric ciphers are addressed by asymmetric ciphers, also called public key
ciphers. These ciphers actually involve a public key, which can be freely distributed, and a private key,
which is secret. These keys are always generated in matching pairs. Public keys really are public; you
can publish them in a newspaper or write them in the sky. No one can violate your privacy or
impersonate you without your private key. The mechanism for distributing public keys, however, is a
big challenge. I'll talk more about this in the section on certificates, later in this chapter.