Tải bản đầy đủ - 0 (trang)
Chapter 11. The Java 2 Platform and Cryptography

Chapter 11. The Java 2 Platform and Cryptography

Tải bản đầy đủ - 0trang

11.1TheJCAandJCEFrameworks

TheJ2EEandJ2SEAPIsandruntimeenvironmentsareshipped

withsecurity-relatedclasses.ThesetofcoreclassesintheJava

2platformcanbedividedintotwosubsets:

1. Security-relatedcoreclasses,whichcanbefurther

subdividedasthoserelatedtoaccesscontroland

cryptography,respectively

Othercoreclasses,whichcanbefurthersubdividedasthose

providingmessagedigest,digitalsignature,andcertificate

management;andthoseprovidingencryption,keyexchange,

andmessageauthenticationcode(seeSection10.2.2.4onpage

356).

Thefirstsetofcryptography-relatedcoreclassesispartofthe

JCA;thesecondset,partoftheJCE.Together,theJCAandthe

JCEprovideaplatform-independentcryptographyAPI.

Originally,theJCEwasreleasedseparatelyasastandard

extensiontotheJava2SDK,inaccordancewiththeU.S.export

controlregulations.StartingwiththeJava2SDKV1.4,theJCE

isshippedaspartofthecoreclassesinthepackage

javax.cryptoanditssubpackagesjavax.crypto.interfaces

andjava.crypto.spec.However,atthattime,onlyaweakencryptionversionoftheJCEcouldbeexportedoutsidethe

UnitedStates,whereasastrong-encryptionversioncannowbe

exportedtoo,aslongasproperprotectionmechanismsarein

place.[1]

[1]Cipherstrengthiscontrolledbythesizeofthekeyusedintheencryptionalgorithm.

Symmetricencryptionisdefinedtobeweakifthekeylengthis40bitsorless.Akeyofthissize

canbecrackedinamatterofhourswithquitemodestcomputingfacilities.Eachextrabitdoubles

thekeyspace,soakeysizeof64bitsis16milliontimestougherthan40bits.Asimilarrule

appliestopublic-keyencryption,wherea512-bitmodulusisinadequate,buta1,024-bitmodulus

isexpectedtoremaineffectiveforthenext10years,atleastforcommercialuse.



11.1.1TermsandDefinitions

Afewtermsneedtobeexplainedinordertobecomefamiliar

withtheJCAandJCE.Thesetermsareengine,algorithm,and

provider.

Engine.Thistermisusedtodepictanabstract

representationofacryptographicservicethatdoesnothave

aconcreteimplementation.Acryptographicserviceis

alwaysassociatedwithaparticularalgorithmandcanhave

oneofthefollowingfunctions:

Toprovidecryptographicoperations,suchasthosefor

digitalsignaturesormessagedigests

Togenerateorsupplythecryptographicmaterialkeysor

parametersrequiredforcryptographicoperations

Togenerateandmanagedataobjects,suchas

certificatesordatabasesofkeysandcertificates,called

keystores,thatencapsulatecryptographickeysina

securefashion

Messagedigests(seeSection10.2.2.4onpage356)and

digitalsignatures(seeSection10.3.3onpage370)are

examplesofengines.IntheJCAandJCE,enginesare

representedbyclassescalledengineclasses.Usersofthe

JCAandJCEAPIrequestanduseinstancesoftheengine

classestocarryoutcorrespondingoperations.

Algorithm.Analgorithmcanbelookedonasan

implementationofanengine.Forinstance,theMD5

algorithmisoneoftheimplementationsaccessiblethrough

thejava.security.MessageDigestengineclass,which

providesaccesstothefunctionalityofamessagedigest



regardlessoftheunderlyingalgorithm.Theinternal

implementationoftheMD5algorithmcanvarydepending

onthesourcethatprovidestheMD5algorithmclass.

Provider.Thetermcryptographicserviceprovider(CSP),

orsimplyprovider,referstoapackageorasetofpackages

thatsupplyaconcreteimplementationofasubsetofthe

cryptographicservicessupportedbytheJavasecurityAPI.

Thesepackagesmustimplementoneormorecryptographic

services,suchasdigitalsignature,messagedigest,andkey

conversion.Althougheveryprovidercanchoosehowto

implementaparticularcryptographicservice,theAPI

exposedmustbethesame.Eachsetofalgorithmclasses

fromaparticularsourceismanagedbyaninstanceofthe

java.security.Providerclass.Installedprovidersare

listedinthejava.securitypropertiesfilepresentinthe

lib/securitysubdirectoryoftheJavahomedirectory.

Fromthisbriefdiscussion,onecanseethattoformacomplete

providerpackage,cryptographicsolutionsrequireawhole

collectionoftoolsandfunctions,whichincludenotonlythe

encryptionalgorithmsthemselvesbutalsofunctionsfor

messagedigests,certificatemanagement,andkeygeneration.



11.1.2ThePrinciplesofJCAandJCE

TheJCAandtheJCEareframeworksforaccessingand

developingcryptographicfunctionalityfortheJavaplatform.

ThisfunctionalityencompassesthepartsoftheJava2security

APIrelatedtocryptography.TheJCAandtheJCEweredesigned

aroundfourprinciples:implementationindependence,

implementationinteroperability,algorithmindependence,and

algorithmextensibility.



11.1.2.1ImplementationIndependence

ImplementationindependenceallowsaJavaprogramtouse

cryptographicfunctionswithouthavingtodealwiththeir

implementation.Thisisachievedbyusingaprovider-based

architecture.TheJCAandtheJCEallowanynumberofvendors

toregistertheirownimplementationsofthealgorithms.For

example,ifaparticularapplicationusestheMD5

implementationsuppliedbyproviderAandifitislaterdecided

thattheimplementationsuppliedbyproviderBwouldbemore

appropriate,theapplicationcodedoesnotneedtobechanged.

Providerscanbeconfigureddeclaratively.Therefore,thechoice

ofoneprovideroveranotherdoesnotinfluencethecodeofan

application(seeFigure11.1).



Figure11.1.ImplementationIndependence



Theproviderinfrastructurepermitsimplementationsofvarious

algorithmstobefoundatruntime,withoutanychangestothe

code.Thankstotheprincipleofimplementationindependence,

providersmaybeupdatedtransparentlytotheapplication:for

example,whenfasterormoresecureversionsareavailable.



11.1.2.2ImplementationInteroperability

Implementationinteroperabilitymeansthatvarious

implementationscanworkwithoneanother,useoneanother's

keys,orverifyoneanother'ssignatures.Forexample,ifuser



AlicesignsadocumentusingaprogramthatreliesontheDSA

implementationsuppliedbyproviderA,userBobcanverifythe

authenticityofthatsignaturewithhisownprogram,evenifit

reliesontheDSAimplementationsuppliedbyproviderB(see

Figure11.2).Similarly,forthesamealgorithm,akeygenerated

byoneproviderwouldbeusablebyanother.



Figure11.2.ImplementationInteroperability



11.1.2.3AlgorithmIndependence

Algorithmindependenceisachievedbydefiningtypesof

cryptographicservicesandintroducingclassesthatprovidethe

functionalityofthesecryptographicservices.Theseclassesare

calledengineclasses.AnengineclassdefinesAPImethodsthat

allowapplicationstoaccessthespecifictypeofcryptographic

serviceitprovides.Theimplementationssuppliedbyproviders

implementthecorrespondingSPIclasses.Examplesofengine

classesaretheMessageDigest,Signature,andKeyFactory

classesinpackagejava.security;thecorrespondingSPI

classesareMessageDigestSpi,SignatureSpi,and

KeyFactorySpi,stillinpackagejava.security.Representing

allfunctionsofagiventypebyagenericengineclassmasksthe

idiosyncrasiesofthealgorithmbehindastandardizedJavaclass

behavior.Thankstotheprincipleofalgorithmindependence,

implementationsofvariousalgorithmsprovidingthesame

cryptographicfunctionsmustexposethesameAPI.

Forexample,animplementationoftheMD5algorithmandan

implementationofSHA-1needtoexposethesameAPI

because,eventhoughMD5andSHA-1aredifferentalgorithms,



theybothrepresentthesamecryptographicservice(seeFigure

11.3).ApplicationcodeinvokestheMessageDigestAPIclass,

specifyingthedesiredalgorithm.TheMessageDigestAPIclass

transparentlyinvokestheMessageDigestSpiclasssupplying

theimplementationforthespecifiedalgorithm.



Figure11.3.AlgorithmIndependence



AsFigure11.3shows,applicationcodeneedstointeractonly

withAPIengineclasses.Providerstransparentlysupplythe

variouscryptographicserviceimplementationsthroughtheSPI

providerclasses.

IfanapplicationneedstogenerateMD5messagedigests,the

getInstance()factorymethodintheMessageDigestAPIcan

beinvoked,specifying,forexample,thattheMD5algorithm

shouldbeused.Iftheapplicationdeveloperlaterdecidesthat

SHA-1shouldbeusedinplaceofMD5,thecallto

getInstance()shouldbechangedtoreflecttherequirement

forSHA-1,butalltheotherMessageDigestmethodcallscan



staythesame.



11.1.2.4AlgorithmExtensibility

Algorithmextensibility(Figure11.4)meansthatnewalgorithms

thatfitinoneofthesupportedengineclassescaneasilybe

added.Forexample,ifanewmessage-digestalgorithmis

inventedandanimplemenentationofthatalgorithmbecomes

available,thatimplementationcanbepluggedintotheJCAand

JCEframeworksaslongasitiscompliantwiththe

MessageDigestAPI.



Figure11.4.AlgorithmExtensibility



11.1.3JCAandJCEProviders

TheconceptofproviderisessentialintheJCAandtheJCE.In

thissection,welookatthedesignbehindtheconceptof

providerandstudyhowtomanageprovidersintheJava

language.



11.1.3.1Design



Aframeworkthatsupportsmultipleunderlyingimplementation

modulesneedstobecoupledwiththesupportedmodulesin

somefashion.Thecouplingcanbeveryrigidorveryflexible

andcapableofselectingmorethanonemoduleforuse.Atone

extremeisamonolithicframeworkthatissotightlyboundtoa

singlemoduleastoprecludetheuseofothermodulesoreven

differentimplementationsofthesamemodule.Attheotherend

ofthespectrumisahighlyextensibleandconfigurable

frameworkofferingseamlessandnear-effortlesspluggabilityof

differentmodulesandtheirimplementations.

TheJCAandtheJCEareexamplesofthelattertypeof

framework.TheyuseaCSPinfrastructuretosupportvarious

implementationsofcryptographicalgorithmsandothersecurity

mechanisms.TheCSParchitecturewasintroducedintheJava2

SDKV1.2.

Modulesinaframeworkprovideservicesthatareusedbythe

frameworkandultimatelybyapplicationsthatusethe

framework.Therefore,theframeworkhastointerfacewithits

pluggablemodules.Theframework/moduleinterfaceformsthe

basiccouplingbetweentheframeworkitselfandamodule.

Forpluggability,extensibility,andmoduleindependence,the

JCAandJCEproviderarchitecturesuseSPIs.AnSPIisasetof

Java-languageinterfacesandabstractclassesusedtoprovide

theimplementationofoneormorecryptographicservices.JCA

andJCEprovidersarepluggablemodules,andeachofthem

providesconcreteimplementationsofsomeSPImethods.

ThedesignoftheSPIdependsonthekindofframeworkbeing

developed.Thedesigndictateswhetheramoduleimplements

allorasubsetoftheSPI.Thedesignalsodeterminesthe

granularityofpluggablemodules.Object-orientedandJavalanguageclassandinterfacedesignprinciplesplayamajorrole

inthedesignoftheSPI.

ThesetofSPIsusedbytheJCAandJCEisverygranular.The



java.securitypackageanditssubpackagescontainmanySPI

interfacesthatpluggableJCAsecurityproviderscanimplement.

Similarly,thejavax.cryptopackageanditssubpackages

containmanySPIinterfacesthatpluggableJCEsecurity

providerscanimplement.



11.1.3.2Implementation

TheJCAProviderclassinthejava.securitypackagedefines

theconceptofaprovider.Thisabstractclassmustbe

subclassedbyspecificproviders.TheconstructorofaProvider

classsetsthevaluesofvariouspropertiesthatarerequiredfor

theJavasecurityAPItolookupthealgorithmsorotherfacilities

implementedbytheprovider.EachProviderclassinstancehas

acase-sensitivename,aversionnumber,andastring

descriptionoftheprovideranditsservices.Thesethreepieces

ofinformationcanbeobtainedbycallingthemethods

getName(),getVersion(),andgetInfo(),respectively.

Additionally,theProviderclasshasmethodsforaccessing

informationabouttheimplementationsofthealgorithms,such

askeygeneration,conversionandmanagementfacilities,

signaturegeneration,andmessagedigestcreation.

Aproviderissaidtobeamainproviderifitimplementsallthe

SPImethods.Everyprovidermustexhibitamasterclass,which

isasubclassofjava.security.Provider.Theonly

requirementofamasterclassisthatitmusthaveadefault

constructorsothatitcanbeloadedbytheJCAandJCE

infrastructurewhentheJVMstartsup.Theessentialfunctionof

amasterclassistodefineproperty/valuepairs,inwhicheach

propertyisanSPIlabelandthecorrespondingvalueisthe

nameofaclassthatimplementsthatSPI.

Foreachcryptographicservice,aparticularimplementationis

requestedandinstantiatedbycallingagetInstance()factory

staticmethodonthecorrespondingengineclass,specifyingthe



nameofthedesiredalgorithmand,optionally,thenameofthe

Providerwhoseimplementationisdesired.Ifnoneisspecified,

getInstance()reliesonthejava.security.Securityclassto

searchtheregisteredprovidersforanimplementationofthe

requestedcryptographicserviceassociatedwiththenamed

algorithm.InanyJVM,providersareinstalledinagiven

preferenceorderspecifiedinthejava.securityfile.Listing

11.1showsthefragmentofajava.securityfileenumerating

alltheprovidersinstalledinaJava2RuntimeEnvironment

(J2RE)V1.4.



Listing11.1.Fragmentofajava.securityFile

ListingtheProvidersInstalledonaJ2RE



security.provider.1=com.ibm.jsse.IBMJSSEProvider

security.provider.2=com.ibm.crypto.provider.IBMJCE

security.provider.3=com.ibm.security.jgss.IBMJGSSProvider

security.provider.4=com.ibm.security.cert.IBMCertPath

Thisjava.securityfilefragmentenablesthefollowingfour

IBMproviders:

1. IBMJSSEProvider,supplyingtheJavaimplementation

oftheSecureSocketsLayerandTransportLayer

Securityprotocolsforusebyapplicationsimporting

theJavaSecureSocketExtensionAPI(seeChapter

13onpage449)

IBMJCE,supplyingtheimplementationforthecryptographic

servicessupportedbytheJCAandJCE



IBMJGSSProvider,supplyingtheimplementationforGeneric

SecurityServices(seeSection9.5onpage340)

IBMCertPath,supplyingtheimplementationforCertPath

(seeSection1.1.4onpage8)

Theorderinwhichtheprovidersareenumeratedinthe

java.securityfileisalsotheoneinwhichtheSecurityclass

searchesthemwhennospecificproviderisrequested.Ifthe

implementationisfoundinthefirstprovider,that

implementationisused.Ifitisnotfound,animplementationis

searchedforinthesecondprovider,andsoon.Ifan

implementationisnotfoundinanyprovider,a

java.security.NoSuchAlgorithmExceptionisraised.Callsto

getInstance()methodsthatincludeaProviderargument

enabledeveloperstospecifyfromwhichprovidertheywantan

algorithm.Aprogramcanalsoobtainanarrayofallthe

installedProvidersusingthe

java.security.Security.getProviders()staticmethod;the

programcanthenchooseaProviderfromthereturnedarray.

Alternatively,itispossibletoinvokethe

Security.getProvider()staticmethod,whichreturnsthe

Providerwiththenamespecifiedintheargumentornullif

thespecifiedProviderisnotfound.

Listing11.2enumeratesalltheprovidersinstalledonyourJava

2SDKsystemandshowsforeachofthemthename,version

number,andgeneralinformationonthecryptographicservices

supportedandthealgorithmsimplemented.



Listing11.2.GetProviderInfo.java



importjava.security.Provider;



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 11. The Java 2 Platform and Cryptography

Tải bản đầy đủ ngay(0 tr)

×