A Look at Java Cryptography
A Look at Java Cryptography
A discussion of some key concepts from the Java Cryptographic Architecture (JCA) API that developers can use to add encryption to their Java-based applications.
Join the DZone community and get the full member experience.Join For Free
Protect your applications against today's increasingly sophisticated threat landscape.
Java Cryptographic Architecture (JCA) has been designed to allow for the creation of protocols such as encryption, hashing, cryptography, digital signature, key-generation, and many more.
Here we will look at few concepts using the JCA API.
Hackers pre-generate hashes for common passwords and create lookup tables so that they can easily crack hashes. Since hashes will always be the same, a best practice is to increase the level of randomness for the hash alone. A best practice is to employ the use of secure random number generators to create the random salt value for storage.
Hashing a message with SHA512:
String message = "cantGuessIt@1"; MessageDigest md = MessageDigest.getInstance("SHA-512"); md.update(message.getBytes()); byte hash = md.digest();
The above code could be hacked since we are passing the exact same password to get the hash, and storing the hash in a database.
To avoid this, we use Salts which add randomness to the hash. Hash cracking is often based on reverse lookups where folks generate hashes for popular passwords. The more random, the less likely it is to show up in a lookup tool.
Salt(Random) s = Az234 sd
We can use the
SecureRandom Java class to generate the Salt value.
byte salt = new byte; SecureRandom sc = new SecureRandom(); sc.nextBytes(salt); md.update(message.getBytes()); md.update(salt); byte hash = md.digest();
i) Cipher Block-Chaining With Block Mode:
Cipher Block-Chaining breaks up the original message into individual chunks and then uses a key to encrypt these chunks individually instead of encrypting the entire message at once. So if we use repeated data, the encrypted result would be the same. Block mode ciphers can disclose information to attackers because the plain text always results in the same encrypted text. This is not a good idea and can be hacked easily.
When asked to select a block cipher, avoid the use of block ciphers known to be weak, like electronic code block (ECB).
//generate a key KeyGenerator kg = KeyGenerator.hetInstance("DES"); SecretKey key = kg.generateKey(); //Create a new Cipher Cipher c = Cipher.getInstance("DES/ECB/PKCS5Padding"); c.init(Cipher.ENCRYPT_MODE, key); //Encrypt the huge set of data line by line String strLine = //new Line encLine = Base64.encodeBase64String()c.doFinal(strLine.getBytes());
ii) Cipher Block-Chaining With Feedback Mode:
Strong block ciphers, such as cipher block chaining (CBC) or output feedback (OFB), will require an initialization vector (IV) to begin the encryption process.
In feedback mode, the previously encrypted blocks are used to encrypt the new blocks. Randomness is added to the first block with a random block called an initialization vector (IV). The next block will use the previously encrypted result with the current block text to generate the next block encryption result.
//generate a key KeyGenerator kg = KeyGenerator.hetInstance("DES"); SecretKey key = kg.generateKey(); //Create a new Cipher Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding"); c.init(Cipher.ENCRYPT_MODE, key); //Encrypt the huge set of data line by line String strLine = //new Line encLine = Base64.encodeBase64String(); c.doFinal(strLine.getBytes());
Hope this gives you a better understanding of Java-based cryptography. Happy learning!
Opinions expressed by DZone contributors are their own.