Hook David, Eaves Jon. Java Cryptography: Tools and Techniques

Leanpub, 2023. — 511 p. — ISBN-13 979-8372121782.Between the standard Java Runtime and the Bouncy Castle APIs, there is a rich tool set of APIs to help work with the maze of standards and protocols needed for secure communication, storage, and identity management. This book will help you navigate that maze and shine light into some of the darker corridors.Cryptography is about the security of communications. It provides mechanisms for hiding messages from outside observers, accurately identifying the originators of messages, determining that messages have been delivered safely without tampering, and making it possible to accurately identify both the entities receiving and sending messages when messages are being delivered between different parties.Over time, in our increasingly connected world, issues related to cryptography and security have increasingly become common in the development of applications and even other APIs. In this environment, Java still maintains its popularity as a language for the development and implementation of Internet applications. While Java has an established API for basic cryptography defined as part of the regular Java runtime, many things that developers generally need to do, such as producing and managing certificates, client credentials, time stamps, and secure messaging are not provided. The Legion of the Bouncy Castle Cryptography APIs were developed to fill a large part of this gap. That said, there is an awful lot to know, and many developers do not get the time to take a sabbatical to brush up on the right security API to use when a security-related application arrives on their desk. While falling into fear and panic is always an option, we felt it might be better to provide a book, drawing on our experience, that goes beyond what is commonly available in API documentation. A book that provides some basic real-world examples of how to use the APIs and addresses the questions developers most commonly ask and the issues developers most commonly have trouble with. One with a warm friendly cover, designed to avoid panic, and to help keep the reader focused on the idea of getting a job done. It is our aim that "Java Cryptography: Tools and Techniques" is that book.Chapter 1 introduces the architecture of the cryptography APIs used in Java as well as the architecture of the Bouncy Castle APIs for CMS/SMIME/OpenPGP that are built on top of the cryptography APIs. Basic installation instructions are given, as well as a discussion of the differences between the BC FIPS-certified APIs and the regular distribution. Some cautionary advice about the use of random numbers that apply across all the APIs will also be given and we will look at what “bits of security” mean for applications and algorithms.The Provider Architecture associated with the Java Cryptography Architecture (JCA) provides the foundation for a range of security services in the JVM. These now include the Java Secure Socket Extension (JSSE) which provides access to Secure Socket Layer (SSL) and Transport Layer Security (TLS) implementations, the Java Generic Security Services (JGSS) APIs, and the Simple Authentication and Security Layer (SASL) APIs. You will also see references to the Java Cryptography Extension (JCE), as originally (pre-Java 1.4) it was bundled separately from the JCA, however with a few exceptions it is generally now better, for the most part, to think of it as part of the JCA. One of the situations where this distinction between the JCA and the JCE is meaningful is in the case of provider signing, which we will look at further on.Getting Started, an Overview.
Block and Stream Ciphers.
Message Digests, MACs, HMACs, KDFs, and XOFs.
Authenticated Modes, Key Wrapping, and the SealedObject.
Password-Based Key Generation and Key Splitting.
Signatures.
Key Transport, Key Agreement, and Key Exchange.
X.509 Certificates and Attribute Certificates.
Certificate Revocation and Certificate Paths.
Key and Certificate Storage.
Cryptographic Message Syntax, S/MIME, and TSP.
Certification Requests and Certificate Management.
OpenPGP.
Transport Layer Security.
The Future.
Appendix A: ASN.1 and Bouncy Castle.
Appendix B: The Bouncy Castle Kotlin API.
Appendix C: Algorithms provided by the Bouncy Castle Providers.