Security is the most concerning factor of any application. Security is crucial where internet technology works. Java programing environment supports many security implementations in different ways. Java SDK 1.4 released with a core part called Java Cryptography Extension ( JCE ), provides various implementations and APIs for performing cryptographic operations in Java programming ,including encryption, key generation and agreement, and Message Authentication Code (MAC) algorithms etc. its also support different cryptographic technique including symmetric ,asymmetric ,block cypher etc. It is optional in earlier version , from JDK 1.4 it is integrated with JDK.
JCE Architecture
JCE Architecture
The Java Cryptography Extension ( JCE ) gives generic and vendor independent collection of APIs. So that each Vendor can then write their own different implementation (provider) of those APIs ,with different feature sets, performance characteristics, and costs. It is based on a provider basic architecture. The JCE basically has following components
Abstract classes defined the functionalities of JCE , it is independent of different algorithms like symmetric , asymmetric etc.
High level abstract of service provided by different provided implementation.
Class which provide different implementations.
The class which manipulate all the providers.
Provider
A provider is referred as the underlying implementation of a particular security mechanism in JCE . There are different companies which offer providers like IBM, Bouncy Castle, RSA etc. Implementations are available in the form of both free and as paid service. It is typically a package that provides the concrete implementation of cryptographic elements, including message digest algorithms, key store creation and management etc. Each provider has a name (e.g SUN) and developer can use the same name to request a particular object will gives the required service for the encryption process ( e.g DSA algorithm). The JCE framework authenticate the providers .
A provider is referred as the underlying implementation of a particular security mechanism in JCE . There are different companies which offer providers like IBM, Bouncy Castle, RSA etc. Implementations are available in the form of both free and as paid service. It is typically a package that provides the concrete implementation of cryptographic elements, including message digest algorithms, key store creation and management etc. Each provider has a name (e.g SUN) and developer can use the same name to request a particular object will gives the required service for the encryption process ( e.g DSA algorithm). The JCE framework authenticate the providers .
Implementation
JCE consists of different classes and interfaces to provide different features to java encryption
programing. Developers can plug different providers to JCE and can use the features of each.
Consider an example with Data Encryption Standard (DES) mechanism..
JCE consists of different classes and interfaces to provide different features to java encryption
programing. Developers can plug different providers to JCE and can use the features of each.
Consider an example with Data Encryption Standard (DES) mechanism..
For creating key, we need an instance of KeyGenerator ,which has getInstance() method for it. You can pass the provider name as argument,specifying which implementation to use.
KeyGenerator kgn = KeyGenerator.getInstance(“DES”);
SecretKey ky = kgn.generateKey();
KeyGenerator kgn = KeyGenerator.getInstance(“DES”);
SecretKey ky = kgn.generateKey();
For creating key, we need an instance of KeyGenerator ,which has getInstance() method for it. You can pass the provider name as argument,specifying which implementation to use.
KeyGenerator kgn = KeyGenerator.getInstance(“DES”);
SecretKey ky = kgn.generateKey();
KeyGenerator kgn = KeyGenerator.getInstance(“DES”);
SecretKey ky = kgn.generateKey();
Generation of cipher is same as key ,here we can use getInstance() method of Cipher class. The method accept following parameter as argument separated by ‘/’.
- Algorithm name
- Mode (optional)
- Padding scheme (optional)
Cipher cip =Cipher.getInstance(“DES/ECB/PKCS5Padding”); this will provides a DES algorithm, with the Electronic Codebook (ECB) mode with PKCS#5 style padding.
byte[] text = “my message”.getBytes();
cip.init(Cipher.ENCRYPT_MODE, ky);
byte[] textEncrypted = cip.doFinal(text);
the textEncrypted now contains the encrypted data now the data is ready to send over the network
byte[] textEncrypted = cip.doFinal(text);
the textEncrypted now contains the encrypted data now the data is ready to send over the network
The same key must be used to decrypt the data
cip.init(Cipher.DECRYPT_MODE, ky);
byte[] textDecrypted = cipher.doFinal(textEncrypted);
now textDecrypted contains the decrypted (original) data.
cip.init(Cipher.DECRYPT_MODE, ky);
byte[] textDecrypted = cipher.doFinal(textEncrypted);
now textDecrypted contains the decrypted (original) data.
Secure Streams
JCE also provide secure input and out functionalities . Using CipherInputStream/ CipherOutputStream – Using this classes we can read/write a stream of data and encrypt/decrypt it before reading and writing by any other resources in your application. It is resemble to file stream classes.
Open source implementation
There are many companies offering opensource JCE implementation.
The JCI has many advantages
JCE is one of the powerful APIs in JAVA programming language, providing different encryption features there by solving security related issues.