Lecture 31 Computer Security - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Lecture 31 Computer Security

Description:

Serilizable interface means can be written to/from object stream ... Deprecated Certificates may give conflicts with. import java.security. ... – PowerPoint PPT presentation

Number of Views:20
Avg rating:3.0/5.0
Slides: 17
Provided by: csUa
Category:

less

Transcript and Presenter's Notes

Title: Lecture 31 Computer Security


1
Lecture 31Computer Security
  • Phillip G. Bradford
  • Computer Science Department
  • The University of Alabama

2
Credits
  • Scott Oaks Java Security, OReilly, 2001.
  • David Flanagan Java in a Nutshell, 4th Edition,
    OReilly, 2002.

3
Outline
  • General overview
  • Java Security
  • X.509 Certificates
  • For SSL

4
Architecture of Java Security Providers, Oaks.
  • Engine Classes
  • Useful core API classes
  • Algorithm Classes
  • Encryption Algorithms
  • Provider Class
  • Maps algorithms to users
  • Security Class
  • Tracks providers and their operation

5
Java Keys symmetric
  • Class java.security.Key
  • public interface Key extends Serializable
  • Serilizable interface means can be written
    to/from object stream
  • Gives keys necessary flexibility
  • Keys should have
  • public string getAlgorithm()
  • Who built this key?

6
Java Keys symmetric
  • public String getFormat()
  • How is the key stored?
  • public byte getEncoded()
  • Actual key, in bytes

7
Java Keys asymmetric
  • public interface PublicKey extends Key
  • public interface PrivateKey extends Key
  • Each stand-alone
  • Example RSA
  • public interface RSAPrivateKey extends PrivateKey
  • public interface RSAPublicKey extends PublicKey

8
Java Keys asymmetric, RSA
  • RSA interfaces, cont.
  • public interface RSAPrivateKeyCrt extends
    PrivateKey
  • Recall, npq, this returns p and q for
    certification

9
X.509 Certificates
  • Part of Internet
  • X.509, see RFC 2459
  • Public Key Infrastructure (PKI)
  • Used by Certificate Authority
  • Even small ones
  • Verification of Public Keys
  • In implementations of SSL, RFC 2246

10
X.509 Certificates
  • Class java.security.cert.Certificate
  • For general certificates
  • Class javax.security.cert.Certificate
  • For SSL
  • Deprecated Certificates may give conflicts with
  • import java.security.
  • import java.security.cert.

11
java.security.cert.Certificate
  • Abstract Class
  • java.security.cert.X509Certificate
  • Major Components
  • tbsCertificate TBSCertificate
  • signatureAlgorithm AlgorithmIdentifier
  • signature BIT STRING

12
java.security.cert.X509Certificate
  • TBSCertificate
  • version EXPLICIT Version
  • serialNumber CertificateSerialNumber
  • signature AlgorithmIdentifier
  • issuer Name
  • validity Validity
  • subject Name
  • subjectPublicKeyInfo SubjectPublicKeyInfo
  • UniqueIssuerID
  • UniqueSubjectID
  • Extensions

13
java.security.cert.X509Certificate
  • Main Methods
  • public abstract byte getEncoded()
  • Bytes of the encoded certificate
  • public abstract void verify(PublicKey pk)
  • Use the certificate to verify the public key pk
  • Throws CertificateException if certificate
    invalid

14
java.security.cert.X509Certificate
  • Main Methods
  • public abstract void verify(PublicKey pk, String
    provider)
  • The provider is the Certificate Authority (CA)
  • Invalid certificate throws CertificateException
  • Other exceptions as needed
  • public abstract PublicKey getPublicKey()

15
Building a java.security.cert.X509Certificate
  • Java keytool
  • keytool genkey alias pgb keyalg RSA
  • Gives the CA the key for pgb using RSA
  • Home directory .javakeys
  • Get a Certificate Signed Request (CSR)
  • keytool certreq alias pgb file pgbCSR.cer
  • Check current directory for file pgbCSR.cer
  • This is your X509 Certificate

16
java.security.cert.X509Certificate
  • Example from Scott Oaks Book
  • To be posted soon!
Write a Comment
User Comments (0)
About PowerShow.com