Birgit Henhapl, - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Birgit Henhapl,

Description:

Java C Assembler no chance to do the same tricks slower implementations ... http://www.informatik.tu-darmstadt.de/TI/Forschung/CA-DEMO/FlexiKomponenten .html (German) ... – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 19
Provided by: bhen2
Category:
Tags: birgit | henhapl | html | tricks

less

Transcript and Presenter's Notes

Title: Birgit Henhapl,


1
FlexiProviderA Crypto Providerfor theJava
Cryptography Architecture
  • Birgit Henhapl,
  • Theoretische Informatik, TU-Darmstadt

2
FlexiPKI
bhenhapl Online Certificate Status Protocol
Netscape
SAP
SSL-Tunnel
registration (RA)
GSS-API
PKCS11
(distributed)Timestamping
SSL/TLS (JSSE)
CSP
Outlook
FlexiTRUST
Clients
OCSP
S/MIMEHandler
Java Cryptography Architecture
LDAP
bhenhapl Lightweight Directory Access Protocol
Provider
EC (Elliptic Curve)
Pseudo Random NumberGeneration
Distributed Key-Generation RSA
PSE
NF (Number Fields)
TCOS
StandardProvider
Gemplus
KeyStore
PKCS11
3
Why Java?
Java suits our purposes, because
What is the JCA and the JCE?
4
JCA and JCE
The Java Cryptography Architecture (JCA) refers
to a
  • framework for accessing and developing
    cryptographic functionality for the Java platform
  • includes Application Programmers Interfaces (API)
    for digital signatures, message digests and X.509
    v3 certificates

and it
The Java Cryptography Extension (JCE) includes
APIs for encryption, key exchange, and Message
Authentication Code (MAC)
5
Goals and Concepts
Goals
  • implementation independence and interoperability
  • algorithm independence and extensibility

API cryptographic concepts
Provider implementation
Signature, MessageDigest, KeyAgreement, Cipher,
6
Installing a provider-package
  • Download provider-package of your choice, e.g.
    CDCECProvider.zip
  • Include its directory in your CLASSPATH
  • Add this provider to your list of approved
    providers

Add the line to the file
security.provider.nmasterClassName
java/lib/security/java.security
For example
security.provider.1cdc.ec.CDCECProvider
7
Example Generating and Verifying a Signature
//getting ECPrivateKey ecpriv, ECPublicKey ecpub,
byte msg, byte sig Signature ecsig
Signature.getInstance("ECDSA", "CDCEC") ecsig.ini
tSign(ecpriv) ecsig.update(msg, 0, 3) //the
message digest is updated sig ecsig.sign()
//the messages digest is finished and the
signature done ecsig.initVerify(ecpub)
ecsig.update(msg, 0, 3)
//the message digest is updated boolean isOk
ecsig.verify(sig) //the messages digest is
finished and the //signature checked
8
Example how to implement a provider
For each API-class implement the corresponding
SPI-class and add them to your provider-package
Example Signature
9
Example Signature
To provide Signature-facilities implement
following Provider-classes
The Provider-class implements
the SPI-class
ECDSASignature ECDSAKeyPairGenerator
ECDSAPublicKey ECDSAPrivateKey ECDSAKeyFactory
ECDomainParameters
SignatureSPI KeyPairGeneratorSPI PublicKeySPI
PrivateKeySPI KeyFactorySPI AlgorithmParametersSPI
10
Now, how do we read each others messages ???
???
10000.10101111.101100100101.11010101.0111011111111
01
Solution Common language
common syntax and common semantic!
Standards !!!
11
What must be standardized?
12
CDCProvider
cdc
cdcnf
standard
cdcec
dsa
iq-dsa
rsa
iq-rsa
hmac
desede
ecnr
sha-1
ecdsa
iq-elgamal
iq-gq
ripemd
ecdh
elgamal
rijndael
many more
gf(2n)
gf(p)
onb
polynomial
13
The algorithms are standard conform
standard algorithms FIPS 186-2, 46-3 (DSA,
TripleDES) RFC 2104 (Hmac), PKCS 5, 2,
and many more
elliptic curve cryptography (ecc) X9.62
(ECDSA), X9.63 (ECDH), P1363 (ECDSA, ECNR, ECDH)
Different packages, different object-representatio
ns! (e.g. Java int ? C int)
Objects-Encoding ASN.1 for standard-objects
AND ec-objects
need of KeyFactories!!!
14
KeyFactories
convert keys into key specifications and vice
versa
PrivateKeySpec, PublicKeySpec, PKCS8EncodedKeySpec
, X509EncodedKeyspec
PrivateKey, PublicKey
15
Example
PKCS8 01010111010010001110001
KeyFactory kf KeyFactory.getInstance(ECDSA,
CDCEC) PKCS8EncodedKeySpec ks new
PKCS8EncodedKeySpec(01010111010010001110001) Priv
ateKey ecPriv kf.generatePrivate(ks)
16
Problems
  • Java C Assembler no chance to do the
    same tricks slower implementations
  • EC bit-by-bit-standardization of algorithms
  • EC still few named curves
  • EC few test vectors for arithmetic of GF(2n)
  • NF no standardized algorithms

17
Achievements
  • symmetric, asymmetric ciphers and hash-functions
  • key exchange, digital signatures, PRGs
  • easy exchange of techniques ? fast recoveries
    after a crash
  • KeyFactories ? interoperability with other
    providers
  • a flexible, expandable PKI
  • Client-plug-ins to use JCA-based providers even
    with Microsoft

18
Please visit us on our sites!
http//www.informatik.tu-darmstadt.de/TI/Forschung
/CA-DEMO/FlexiKomponenten.html (German) http//www
.informatik.tu-darmstadt.de/TI/Forschung/cdcProvid
er/overview.html (English) http//www.informatik.t
u-darmstadt.de/TI/Forschung/ECC (English)
Thank you for paying attention!
birgit_at_cdc.informatik.tu-darmstadt.de
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Birgit Henhapl," is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!