The javax.crypto
package defines classes and interfaces for various cryptographic
operations. The central class is Cipher, which is
used to encrypt and decrypt data.
CipherInputStream and
CipherOutputStream are utility classes that use a
Cipher object to encrypt or decrypt streaming
data. SealedObject is another important utility
class that uses a Cipher object to encrypt an
arbitrary serializable Java object.
The
KeyGenerator class creates the
SecretKey objects used by
Cipher for encryption and decryption.
SecretKeyFactory encodes and decodes
SecretKey objects. The
KeyAgreement class enables two or more parties to
agree on a SecretKey in such a way that an
eavesdropper cannot determine the key. The Mac
class computes a message authentication code (MAC) that can ensure
the integrity of a transmission between two parties who share a
SecretKey. A MAC is akin to a digital signature,
except that it is based on a secret key instead of a public/private
key pair.
Like the
java.security package, the
javax.crypto package is provider-based, so that
arbitrary cryptographic implementations may be plugged into any Java
installation. Various classes in this package have names that end in
Spi. These classes define a service-provider interface and must be
implemented by each cryptographic provider that wishes to provide an
implementation of a particular cryptographic service or algorithm.
This package was
originally shipped as part of the Java Cryptography Extension ( JCE),
but it has been added to the core platform in Java 1.4. A version of
the JCE is still available (see http://java.sun.com/security) as a standard
extension for Java 1.2 and Java 1.3. This package is distributed with
a cryptographic provider named
"SunJCE" that includes a robust set
of implementations for Cipher,
KeyAgreement, Mac, and other
classes. This provider is installed by the default
java.security properties in Java 1.4
distributions.
A full tutorial on
cryptography is beyond the scope of this chapter and of this book. In
order to use this package, you need to have a basic understanding of
cryptographic algorithms such as DES. In order to take full advantage
of this package, you also need to have a detailed understanding of
things like feedback modes, padding schemes, the Diffie-Hellman
key-agreement protocol, and so on. For a good introduction to modern
cryptography in Java, see Java Cryptography by
Jonathan Knudsen (O'Reilly). For more in-depth
coverage, not specific to Java, see Applied
Cryptography by Bruce Schneier (Wiley).
