developer.com
Search EarthWeb
CodeGuru | Gamelan | Jars | Wireless | Discussions
Navigate developer.com
Architecture & Design  
Database  
Java
Languages & Tools
Microsoft & .NET
Open Source  
Project Management  
Security  
Techniques  
Voice  
Web Services  
Wireless/Mobile
XML  
Technology Jobs  

   Developer.com Webcasts:
  The Impact of Coding Standards and Code Reviews

  Project Management for the Developer

  Defining Your Own Software Development Methodology

  more Webcasts...




See the Winners!


Linked Data Planet Conference & Expo

Developer Jobs

Be a Commerce Partner
Disney World Tickets
KVM over IP
Corporate Awards
Laptop Batteries
GPS
Web Design
Free Business Cards
Best Price
Computer Hardware
Dental Insurance
Car Donations
Memory Upgrades
Baby Photo Contest
Home Improvement

 

Click Here
 Silverlight 2 SDK for Visual Studio 2008
This package is an add-on to the RTM release of Visual Studio 2008 to provide tooling for Microsoft Silverlight 2 Beta 1. It provides a Silverlight project system for developing Silverlight applications using C# or Visual Basic. »
 
 Article: What Does it Take to Build the Best RIA?
With the proliferation of Rich Interactive Application (RIA) platform choices out there, you no longer have to take a one-size-fits-all approach to developing your next RIA application. Knowing the strengths (and weaknesses) of each platform can help you to decide the best RIA for your next application. »
 
 Expression Blend 2.5 Preview
 Use Expression Blend 2.5 to create and modify managed Silverlight 2-based applications. Expression Blend for Silverlight 2 includes all of the features in Expression Blend 2 but has not reached the quality level of Expression Blend 2 for WPF or Silverlight 1 development. »
 
 The Hottest Mobile Platform Meets the Hottest RIA Platform
With the Symbian OS now supporting Microsoft Silverlight, mobile developers can bring new and exciting capabilities to handsets all over the globe. Find out why developers now need to make mobile devices a core part of their RIA development strategy. »
 
 Article: Leveraging Your Flash Development with Silverlight
You're not giving up Flash any time soon (and we don't blame you.) But if you could get your Flash application working in Silverlight, why wouldn't you? We show you the tools and techniques required to have your rockin' Flash application rolled for Silverlight. »
 
Developer News -
SaaS Tool Offers Custom Database Development    May 9, 2008
Microsoft’s Automated Agent: Can We Talk?    May 7, 2008
Borland Finally Sells CodeGear    May 7, 2008
Red Hat Heads For The JON 2.0    May 7, 2008
Free Tech Newsletter -

Best Practices for Developing a Web Site: Checklists, Tips, Strategies & More. Download Exclusive eBook Now.

Using Digital Signatures and Certificates in Java
By Svetlin Nakov

Go to page: 1  2  Next  

Java Cryptography Architecture

For the purposes of digital signing of documents, verification of digital signatures, and handling digital certificates in the Java platform, the Java Cryptography Architecture (JCA) is used. JCA is a specification that gives the programmers a standard way to access cryptographic services, digital signatures, and digital certificates.

From an architectural point of view, JCA is designed to allow different implementations of various services from different software vendors. Such implementations of cryptographic services are called cryptographic service providers. Different software vendors implement different cryptographic service providers that support different sets of cryptographic algorithms. When working with JCA, the programmer specifies the names of the cryptographic service providers and the names of the cryptographic algorithms to be used. Algorithms are accessed by names and it is possible one and the same algorithm to have several implementations available in several different service providers.

The JCA specification establishes standards for the different types of cryptographic services and specifies the way to access the cryptographic algorithms. The implementation of the algorithms is not part of JCA and is left for the software vendors. Along with JDK 1.4 and any new version, Sun Microsystems distributes a standard implementation of JCA that is used as default if the programmer does not explicitly specify any other to use.

The JCA provides classes and interfaces for working with public and private keys, digital certificates, message signing, digital signatures verification, accessing protected keystores, and some other processes. These classes and interfaces are located in the standard packages java.security and java.security.cert. We will give a short description of the most important of them:

The Most Important Classes in JCA

java.security.KeyStore—gives access to protected keystores for certificates and passwords. The keystores are represented as set of entries and each entry has a unique name, called an alias. The KeyStore class has methods for loading keystore from a stream, storing a keystore to a stream, enumerating the entries in the keystore, extracting keys, certificates and certification chains, modifying entries in the keystore, and so forth. Two major formats for storing keystores are supported—PFX (according to the PKCS#12 standard) and JKS (Java Key Store format used by JDK internally). When we create objects of the class KeyStore, the format of the keystore should be given as a parameter. The possible values are "JKS" and "PKCS12". Objects stored in a keystore can be accessed by the alias but for accessing keys a password also is required.

java.security.PublicKey—represents a public key. It holds the key itself, its encoding format, and the algorithm destined to be used with this key.

java.security.PrivateKey—represents a private key. It holds the key itself, its encoding format, and the algorithm destined to be used with this key.

java.security.cert.Certificate—it is an abstract class for all classes that represent digital certificates. It contains a public key and information for its owner. For representing each particular type of certificates (for example X.509, PGP, and so forth), an appropriate derived class is used.

java.security.cert.X509Certificate—represents an X.509 v.3 certificate. It provides methods for accessing its attributes—owner (Subject), issuer, public key of the owner, period of validity, version, serial number, digital signature algorithm, digital signature, additional extensions, and so forth. All the information in an X509Certificate object is available for reading only.

java.security.Signature—provides functionality for digitally signing and verifying digital signatures. When we create an instance of the Signature class, we specify the name of the algorithm for digital signatures that will be used. Several different algorithms, such as SHA1withRSA, SHA1withDSA, MD5withRSA, and so on are supported. The algorithm name is usually obtained by combining the name of some hashing algorithm with the name of some encrypting algorithm. When signing messages, we use the initSign() methods that take the private key, update() that takes the message for signing, and sign() that signs the message and returns the calculated signature. When we verify digital signatures, we use the initVerify() methods that take the public key for the verification, update() that takes the signed message, and verify() that takes the signature for verification and returns if the signature verification is successful (if the signature corresponds to the given message and public key).

java.security.cert.CertificateFactory—provides functionality for loading certificates, certification chains, and CRL lists from a stream. The generateCertificate() method that is purposed for reading a certificate from a stream expects the certificate to be DER-encoded (according to the PKCS#7 standard) and to be in a binary or text format (Base64-encoded). For reading a certification chain, the generateCertPath() method can be used and the encoding for the chain can be specified. Acceptable are encodings such as PkiPath, that corresponds to the ASN.1 DER sequence of certificates, and PKCS7 that corresponds to the PKCS#7 SignedData object (usually, such objects are stored in files with the standard extension .P7B). It is important to take into account the fact that PKCS7 encoding does not preserve the order of the certificates and, due to this particularity, we cannot use it for storing and reading certification chains. In Java, the only standard encoding for staring certification chains is PkiPath.

java.security.GeneralSecurityException & java.security.cert.CertificateException are classes for exceptions that can be thrown when working with digital signatures and certificates.

Go to page: 1  2  Next  

Previous article: How Digital Signatures Work: Digitally Signing Messages
Next article: Problems with Digital Signing of Documents in Web-based Systems


Tools:
Add www.developer.com to your favorites
Add www.developer.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed


Security Archives

Whitepaper: Enterprise Information Integration--Deployment Best Practices for Low-Cost Implementation
Is it time to make your move to the multi-threaded and parallel processing world? Find out!
Five Trends for Application Development & Program Management. Download Complimentary Report Now.
Data Sheet: IBM Information Server Blade
Guide to Developing a Web Site. Best Practices, Tips and Strategies. Download Exclusive eBook Now.



JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
 Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
 Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES