Upload
phanleson
View
3.317
Download
1
Embed Size (px)
Citation preview
csci5931 Web Security 1
GS Chapter 4
Symmetric Encryption in Java
csci5931 Web Security 2
Topics
A Blowfish
B Password-based encryption (PBE)
C Key storage
D Modes
E Cipher streams and IV (initialization vector)
F Sealed objects
csci5931 Web Security 3
Applications of symmetric encryptions
File encryption
Network encryption
Database encryption
Applications that require encryption of large
amount of data
csci5931 Web Security 4
JavaxcryptoKeyGenerator httpjavasuncomj2se141docsapijavaxcryptoKeyGeneratorhtml
Provides the functionality of a (symmetric) key generator
Key generators are constructed using one of the getInstance class
methods
KeyGenerator objects are reusable ie after a key has been generated
the same KeyGenerator object can be re-used to generate further keys
There are two ways to generate a key in an algorithm-independent
manner and in an algorithm-specific manner The only difference
between the two is the initialization of the object
csci5931 Web Security 5
JavaxcryptoKeyGenerator Using KeyGeneratorA Create a new key generator
KeyGenerator keyGenerator = KeyGeneratorgetInstance (ldquoDESederdquo)
Note DESede is a triple DES variant with three DES keys k1 k2 k3 The message is encrypted with k1 first then decrypted with k2 and finally encrypted again with k3 This increases the key space and prevents brute force attacks
B Initialize the key generator with the size of the key
keyGeneratorinit (168) initialized to 168 bits
C Generate the key object
Key myKey = keyGeneratorgenerateKey ( )
csci5931 Web Security 6
JavasecurityKey httpjavasuncomj2se141docsapijavasecurityKeyhtml javasecurity
Interface Key
All Superinterfaces Serializable
All Known Subinterfaces DHPrivateKey DHPublicKey DSAPrivateKey DSAPublicKey
PBEKey PrivateKey PublicKey RSAMultiPrimePrivateCrtKey RSAPrivateCrtKey RSAPrivateKey RSAPublicKey SecretKey
All Known Implementing Classes KerberosKey SecretKeySpec
csci5931 Web Security 7
JavasecurityKey The Key interface is the top-level interface for all keys It
defines the functionality shared by all key objects
All keys have three characteristics 1 The key algorithm for that key2 An external encoded form for the key used when a standard
representation of the key is needed outside the Java Virtual Machine as when transmitting the key to some other party
3 The name of the format of the encoded key
Keys are generally obtained through key generators key factory certificates or various Identity classes used to manage keys
Examples javaxcryptoKeyGenerator( ) javasecurityKeyFactory( )
csci5931 Web Security 8
JavaxcryptoCipher
httpjavasuncomj2se141docsapi
public class Cipher
extends Object
This class provides the functionality of a cryptographic cipher for
encryption and decryption It forms the core of the Java
Cryptographic Extension (JCE) framework
To use a Cipher getInstance( ) init( ) update( ) doFinal( )
csci5931 Web Security 9
JavaxcryptoCiphergetInstance( )A In order to create a Cipher object the application calls the Ciphers
getInstance method and passes the name of the requested
transformation to it
static Cipher getInstance(String transformation)
Generates a Cipher object that implements the specified transformation
static Cipher getInstance(String transformation Provider
provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
static Cipher getInstance(String transformation String provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
csci5931 Web Security 10
JavaxcryptoCiphergetInstance( ) Examples
Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)
Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 2
Topics
A Blowfish
B Password-based encryption (PBE)
C Key storage
D Modes
E Cipher streams and IV (initialization vector)
F Sealed objects
csci5931 Web Security 3
Applications of symmetric encryptions
File encryption
Network encryption
Database encryption
Applications that require encryption of large
amount of data
csci5931 Web Security 4
JavaxcryptoKeyGenerator httpjavasuncomj2se141docsapijavaxcryptoKeyGeneratorhtml
Provides the functionality of a (symmetric) key generator
Key generators are constructed using one of the getInstance class
methods
KeyGenerator objects are reusable ie after a key has been generated
the same KeyGenerator object can be re-used to generate further keys
There are two ways to generate a key in an algorithm-independent
manner and in an algorithm-specific manner The only difference
between the two is the initialization of the object
csci5931 Web Security 5
JavaxcryptoKeyGenerator Using KeyGeneratorA Create a new key generator
KeyGenerator keyGenerator = KeyGeneratorgetInstance (ldquoDESederdquo)
Note DESede is a triple DES variant with three DES keys k1 k2 k3 The message is encrypted with k1 first then decrypted with k2 and finally encrypted again with k3 This increases the key space and prevents brute force attacks
B Initialize the key generator with the size of the key
keyGeneratorinit (168) initialized to 168 bits
C Generate the key object
Key myKey = keyGeneratorgenerateKey ( )
csci5931 Web Security 6
JavasecurityKey httpjavasuncomj2se141docsapijavasecurityKeyhtml javasecurity
Interface Key
All Superinterfaces Serializable
All Known Subinterfaces DHPrivateKey DHPublicKey DSAPrivateKey DSAPublicKey
PBEKey PrivateKey PublicKey RSAMultiPrimePrivateCrtKey RSAPrivateCrtKey RSAPrivateKey RSAPublicKey SecretKey
All Known Implementing Classes KerberosKey SecretKeySpec
csci5931 Web Security 7
JavasecurityKey The Key interface is the top-level interface for all keys It
defines the functionality shared by all key objects
All keys have three characteristics 1 The key algorithm for that key2 An external encoded form for the key used when a standard
representation of the key is needed outside the Java Virtual Machine as when transmitting the key to some other party
3 The name of the format of the encoded key
Keys are generally obtained through key generators key factory certificates or various Identity classes used to manage keys
Examples javaxcryptoKeyGenerator( ) javasecurityKeyFactory( )
csci5931 Web Security 8
JavaxcryptoCipher
httpjavasuncomj2se141docsapi
public class Cipher
extends Object
This class provides the functionality of a cryptographic cipher for
encryption and decryption It forms the core of the Java
Cryptographic Extension (JCE) framework
To use a Cipher getInstance( ) init( ) update( ) doFinal( )
csci5931 Web Security 9
JavaxcryptoCiphergetInstance( )A In order to create a Cipher object the application calls the Ciphers
getInstance method and passes the name of the requested
transformation to it
static Cipher getInstance(String transformation)
Generates a Cipher object that implements the specified transformation
static Cipher getInstance(String transformation Provider
provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
static Cipher getInstance(String transformation String provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
csci5931 Web Security 10
JavaxcryptoCiphergetInstance( ) Examples
Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)
Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 3
Applications of symmetric encryptions
File encryption
Network encryption
Database encryption
Applications that require encryption of large
amount of data
csci5931 Web Security 4
JavaxcryptoKeyGenerator httpjavasuncomj2se141docsapijavaxcryptoKeyGeneratorhtml
Provides the functionality of a (symmetric) key generator
Key generators are constructed using one of the getInstance class
methods
KeyGenerator objects are reusable ie after a key has been generated
the same KeyGenerator object can be re-used to generate further keys
There are two ways to generate a key in an algorithm-independent
manner and in an algorithm-specific manner The only difference
between the two is the initialization of the object
csci5931 Web Security 5
JavaxcryptoKeyGenerator Using KeyGeneratorA Create a new key generator
KeyGenerator keyGenerator = KeyGeneratorgetInstance (ldquoDESederdquo)
Note DESede is a triple DES variant with three DES keys k1 k2 k3 The message is encrypted with k1 first then decrypted with k2 and finally encrypted again with k3 This increases the key space and prevents brute force attacks
B Initialize the key generator with the size of the key
keyGeneratorinit (168) initialized to 168 bits
C Generate the key object
Key myKey = keyGeneratorgenerateKey ( )
csci5931 Web Security 6
JavasecurityKey httpjavasuncomj2se141docsapijavasecurityKeyhtml javasecurity
Interface Key
All Superinterfaces Serializable
All Known Subinterfaces DHPrivateKey DHPublicKey DSAPrivateKey DSAPublicKey
PBEKey PrivateKey PublicKey RSAMultiPrimePrivateCrtKey RSAPrivateCrtKey RSAPrivateKey RSAPublicKey SecretKey
All Known Implementing Classes KerberosKey SecretKeySpec
csci5931 Web Security 7
JavasecurityKey The Key interface is the top-level interface for all keys It
defines the functionality shared by all key objects
All keys have three characteristics 1 The key algorithm for that key2 An external encoded form for the key used when a standard
representation of the key is needed outside the Java Virtual Machine as when transmitting the key to some other party
3 The name of the format of the encoded key
Keys are generally obtained through key generators key factory certificates or various Identity classes used to manage keys
Examples javaxcryptoKeyGenerator( ) javasecurityKeyFactory( )
csci5931 Web Security 8
JavaxcryptoCipher
httpjavasuncomj2se141docsapi
public class Cipher
extends Object
This class provides the functionality of a cryptographic cipher for
encryption and decryption It forms the core of the Java
Cryptographic Extension (JCE) framework
To use a Cipher getInstance( ) init( ) update( ) doFinal( )
csci5931 Web Security 9
JavaxcryptoCiphergetInstance( )A In order to create a Cipher object the application calls the Ciphers
getInstance method and passes the name of the requested
transformation to it
static Cipher getInstance(String transformation)
Generates a Cipher object that implements the specified transformation
static Cipher getInstance(String transformation Provider
provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
static Cipher getInstance(String transformation String provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
csci5931 Web Security 10
JavaxcryptoCiphergetInstance( ) Examples
Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)
Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 4
JavaxcryptoKeyGenerator httpjavasuncomj2se141docsapijavaxcryptoKeyGeneratorhtml
Provides the functionality of a (symmetric) key generator
Key generators are constructed using one of the getInstance class
methods
KeyGenerator objects are reusable ie after a key has been generated
the same KeyGenerator object can be re-used to generate further keys
There are two ways to generate a key in an algorithm-independent
manner and in an algorithm-specific manner The only difference
between the two is the initialization of the object
csci5931 Web Security 5
JavaxcryptoKeyGenerator Using KeyGeneratorA Create a new key generator
KeyGenerator keyGenerator = KeyGeneratorgetInstance (ldquoDESederdquo)
Note DESede is a triple DES variant with three DES keys k1 k2 k3 The message is encrypted with k1 first then decrypted with k2 and finally encrypted again with k3 This increases the key space and prevents brute force attacks
B Initialize the key generator with the size of the key
keyGeneratorinit (168) initialized to 168 bits
C Generate the key object
Key myKey = keyGeneratorgenerateKey ( )
csci5931 Web Security 6
JavasecurityKey httpjavasuncomj2se141docsapijavasecurityKeyhtml javasecurity
Interface Key
All Superinterfaces Serializable
All Known Subinterfaces DHPrivateKey DHPublicKey DSAPrivateKey DSAPublicKey
PBEKey PrivateKey PublicKey RSAMultiPrimePrivateCrtKey RSAPrivateCrtKey RSAPrivateKey RSAPublicKey SecretKey
All Known Implementing Classes KerberosKey SecretKeySpec
csci5931 Web Security 7
JavasecurityKey The Key interface is the top-level interface for all keys It
defines the functionality shared by all key objects
All keys have three characteristics 1 The key algorithm for that key2 An external encoded form for the key used when a standard
representation of the key is needed outside the Java Virtual Machine as when transmitting the key to some other party
3 The name of the format of the encoded key
Keys are generally obtained through key generators key factory certificates or various Identity classes used to manage keys
Examples javaxcryptoKeyGenerator( ) javasecurityKeyFactory( )
csci5931 Web Security 8
JavaxcryptoCipher
httpjavasuncomj2se141docsapi
public class Cipher
extends Object
This class provides the functionality of a cryptographic cipher for
encryption and decryption It forms the core of the Java
Cryptographic Extension (JCE) framework
To use a Cipher getInstance( ) init( ) update( ) doFinal( )
csci5931 Web Security 9
JavaxcryptoCiphergetInstance( )A In order to create a Cipher object the application calls the Ciphers
getInstance method and passes the name of the requested
transformation to it
static Cipher getInstance(String transformation)
Generates a Cipher object that implements the specified transformation
static Cipher getInstance(String transformation Provider
provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
static Cipher getInstance(String transformation String provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
csci5931 Web Security 10
JavaxcryptoCiphergetInstance( ) Examples
Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)
Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 5
JavaxcryptoKeyGenerator Using KeyGeneratorA Create a new key generator
KeyGenerator keyGenerator = KeyGeneratorgetInstance (ldquoDESederdquo)
Note DESede is a triple DES variant with three DES keys k1 k2 k3 The message is encrypted with k1 first then decrypted with k2 and finally encrypted again with k3 This increases the key space and prevents brute force attacks
B Initialize the key generator with the size of the key
keyGeneratorinit (168) initialized to 168 bits
C Generate the key object
Key myKey = keyGeneratorgenerateKey ( )
csci5931 Web Security 6
JavasecurityKey httpjavasuncomj2se141docsapijavasecurityKeyhtml javasecurity
Interface Key
All Superinterfaces Serializable
All Known Subinterfaces DHPrivateKey DHPublicKey DSAPrivateKey DSAPublicKey
PBEKey PrivateKey PublicKey RSAMultiPrimePrivateCrtKey RSAPrivateCrtKey RSAPrivateKey RSAPublicKey SecretKey
All Known Implementing Classes KerberosKey SecretKeySpec
csci5931 Web Security 7
JavasecurityKey The Key interface is the top-level interface for all keys It
defines the functionality shared by all key objects
All keys have three characteristics 1 The key algorithm for that key2 An external encoded form for the key used when a standard
representation of the key is needed outside the Java Virtual Machine as when transmitting the key to some other party
3 The name of the format of the encoded key
Keys are generally obtained through key generators key factory certificates or various Identity classes used to manage keys
Examples javaxcryptoKeyGenerator( ) javasecurityKeyFactory( )
csci5931 Web Security 8
JavaxcryptoCipher
httpjavasuncomj2se141docsapi
public class Cipher
extends Object
This class provides the functionality of a cryptographic cipher for
encryption and decryption It forms the core of the Java
Cryptographic Extension (JCE) framework
To use a Cipher getInstance( ) init( ) update( ) doFinal( )
csci5931 Web Security 9
JavaxcryptoCiphergetInstance( )A In order to create a Cipher object the application calls the Ciphers
getInstance method and passes the name of the requested
transformation to it
static Cipher getInstance(String transformation)
Generates a Cipher object that implements the specified transformation
static Cipher getInstance(String transformation Provider
provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
static Cipher getInstance(String transformation String provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
csci5931 Web Security 10
JavaxcryptoCiphergetInstance( ) Examples
Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)
Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 6
JavasecurityKey httpjavasuncomj2se141docsapijavasecurityKeyhtml javasecurity
Interface Key
All Superinterfaces Serializable
All Known Subinterfaces DHPrivateKey DHPublicKey DSAPrivateKey DSAPublicKey
PBEKey PrivateKey PublicKey RSAMultiPrimePrivateCrtKey RSAPrivateCrtKey RSAPrivateKey RSAPublicKey SecretKey
All Known Implementing Classes KerberosKey SecretKeySpec
csci5931 Web Security 7
JavasecurityKey The Key interface is the top-level interface for all keys It
defines the functionality shared by all key objects
All keys have three characteristics 1 The key algorithm for that key2 An external encoded form for the key used when a standard
representation of the key is needed outside the Java Virtual Machine as when transmitting the key to some other party
3 The name of the format of the encoded key
Keys are generally obtained through key generators key factory certificates or various Identity classes used to manage keys
Examples javaxcryptoKeyGenerator( ) javasecurityKeyFactory( )
csci5931 Web Security 8
JavaxcryptoCipher
httpjavasuncomj2se141docsapi
public class Cipher
extends Object
This class provides the functionality of a cryptographic cipher for
encryption and decryption It forms the core of the Java
Cryptographic Extension (JCE) framework
To use a Cipher getInstance( ) init( ) update( ) doFinal( )
csci5931 Web Security 9
JavaxcryptoCiphergetInstance( )A In order to create a Cipher object the application calls the Ciphers
getInstance method and passes the name of the requested
transformation to it
static Cipher getInstance(String transformation)
Generates a Cipher object that implements the specified transformation
static Cipher getInstance(String transformation Provider
provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
static Cipher getInstance(String transformation String provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
csci5931 Web Security 10
JavaxcryptoCiphergetInstance( ) Examples
Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)
Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 7
JavasecurityKey The Key interface is the top-level interface for all keys It
defines the functionality shared by all key objects
All keys have three characteristics 1 The key algorithm for that key2 An external encoded form for the key used when a standard
representation of the key is needed outside the Java Virtual Machine as when transmitting the key to some other party
3 The name of the format of the encoded key
Keys are generally obtained through key generators key factory certificates or various Identity classes used to manage keys
Examples javaxcryptoKeyGenerator( ) javasecurityKeyFactory( )
csci5931 Web Security 8
JavaxcryptoCipher
httpjavasuncomj2se141docsapi
public class Cipher
extends Object
This class provides the functionality of a cryptographic cipher for
encryption and decryption It forms the core of the Java
Cryptographic Extension (JCE) framework
To use a Cipher getInstance( ) init( ) update( ) doFinal( )
csci5931 Web Security 9
JavaxcryptoCiphergetInstance( )A In order to create a Cipher object the application calls the Ciphers
getInstance method and passes the name of the requested
transformation to it
static Cipher getInstance(String transformation)
Generates a Cipher object that implements the specified transformation
static Cipher getInstance(String transformation Provider
provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
static Cipher getInstance(String transformation String provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
csci5931 Web Security 10
JavaxcryptoCiphergetInstance( ) Examples
Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)
Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 8
JavaxcryptoCipher
httpjavasuncomj2se141docsapi
public class Cipher
extends Object
This class provides the functionality of a cryptographic cipher for
encryption and decryption It forms the core of the Java
Cryptographic Extension (JCE) framework
To use a Cipher getInstance( ) init( ) update( ) doFinal( )
csci5931 Web Security 9
JavaxcryptoCiphergetInstance( )A In order to create a Cipher object the application calls the Ciphers
getInstance method and passes the name of the requested
transformation to it
static Cipher getInstance(String transformation)
Generates a Cipher object that implements the specified transformation
static Cipher getInstance(String transformation Provider
provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
static Cipher getInstance(String transformation String provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
csci5931 Web Security 10
JavaxcryptoCiphergetInstance( ) Examples
Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)
Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 9
JavaxcryptoCiphergetInstance( )A In order to create a Cipher object the application calls the Ciphers
getInstance method and passes the name of the requested
transformation to it
static Cipher getInstance(String transformation)
Generates a Cipher object that implements the specified transformation
static Cipher getInstance(String transformation Provider
provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
static Cipher getInstance(String transformation String provider)
Creates a Cipher object that implements the specified transformation as
supplied by the specified provider
csci5931 Web Security 10
JavaxcryptoCiphergetInstance( ) Examples
Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)
Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 10
JavaxcryptoCiphergetInstance( ) Examples
Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)
Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 11
JavaxcryptoCipherinit( )B Initialize an instance of Cipher
1 Declares the operating mode (ENCRYPT_MODE
DECRYPT_MODE WRAP_MODE UNWRAP_MODE)
2 Pass a key (javasecurityKey) to the cipher
Example
Cipherinit (CipherENCRYPT_MODE myKey)
Note When a Cipher object is initialized it loses all
previously-acquired state In other words initializing a
Cipher is equivalent to creating a new instance of that
Cipher and initializing it
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 12
JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher
1 The information must be in the form of a byte array
2 Note Ciphers typically buffer their output If the buffer has not been filled
null will be returned
Alternative update( ) methods
byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)
int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 13
JavaxcryptoCipherdoFinal( )D Finish the operation
byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on
how this cipher was initialized
byte[ ] doFinal(byte[] input)
Encrypts or decrypts data in a single-part operation or finishes a multiple-
part operation
Example
Byte[ ] ciphertext = cipherdoFinal ( )
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 14
SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching
proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing
Plain Message=How are you doing
Generating a TripleDES keyDone generating the key
Now encrypting the messageMessage Encrypted
Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855
Now decrypting the messageMessage decrypted
Decrypted text How are you doing
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 15
BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the
number if divisible by 8 p69 BlowfishExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output
gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key
Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33
Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125
Decrypted text Its a wonderful day
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 16
Password-based encryption (PBE) hashing + symmetric encryption
The user-provided password is hashed by a message digest algorithm such as SHA
The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish
The plaintext is then encrypted by the symmetric encryption algorithm
Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which
would create two identical entries in the password file
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 17
Password-based encryption (PBE)
PBE + salt + iteration count A salt is a randomly generated piece of data say 64
bits that is added to each password The combined salt+password is used to generate the
key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as
part of the ciphertext See figures on page 74
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 18
Password-based encryption (PBE)
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 19
Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit
per character)
Widely used in networking transmissions of data eg in MIME
emails amp other Internet-related applications
Input N bytes
Number of output characters
(N 8 24) 4 if N8 24 is zero
(N 8 24 + 1) 4 otherwise
Example N = 8 bytes
(64 24 + 1) 4 12 characters
See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 20
Password-based encryption (PBE)
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 21
Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)
Generates random bytes and places them into a user-supplied byte array
public class PBEKeySpecextends Object
implements KeySpec
A user-chosen password that can be used with password-based encryption
(PBE)
The password can be viewed as some kind of raw key material from which
the encryption mechanism that uses it derives a cryptographic key
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 22
Password-based encryption (PBE) public class SecretKeyFactory extends Object
This class represents a factory for secret keys
Key factories are used to convert keys (opaque cryptographic keys of type
Key) into key specifications (transparent representations of the
underlying key material) and vice versa Secret key factories operate
only on secret (symmetric) keys
Key factories are bi-directional ie they allow to build an opaque key
object from a given key specification (key material) or to retrieve the
underlying key material of a key object in a suitable format
Application developers should refer to their providers documentation to find
out which key specifications are supported by the generateSecret
and getKeySpec methods
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 23
Password-based encryption
Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256
bits
Among the new encryption algorithms being considered by the National
Institute of Science and Technology (NIST) as a replacement for
the DES algorithm
Highly secure and flexible
Works extremely well with large microprocessors 8-bit smart card
microprocessors and dedicated hardware
(Source httpwwwwileycomcdaproduct0047135381700html)
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 24
Password-based encryption
An example program PBEjava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World
yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==
gtjava PBE -e sasquatch Hello World
lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==
Hello World
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 25
Key storage
Storage of keys in a persistent media (file
database) for later retrieval or transportation
Objectives The stored keys must be protected
Problems
- If the key storage is compromised the data protected by
the keys become unprotected
Solutions
Use PBE to encrypt the keys Problems
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 26
Key storage Key Wrapping
The wrap( ) method defined in javaxcryptoCipher takes a key as an
argument and returns the encrypted value of the key as a byte array
Example
cipherinit (CipherWRAP_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherwrap (secretKey)
To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)
Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 27
Key storage Key Encryption
Use the getEncoded( ) method as defined in javasecurityKey to encrypt the
key
Example
byte[ ] keyBytes = myKeygetEncoded( )
cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)
byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)
To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)
byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)
SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 28
Padding Padding is needed to make the size of the plaintext to be a
multiple of the block size
Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly
PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)
Suppose there are N bytes in a block that need to be padded
Fill each of the N bytes with the value N
If the data end on a multiple of the block size add an entire block of
padding
(See the illustration on p81)
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 29
Modes of DES
ECB CBC
CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for
example)
OFB (Output FeedBack) Similar to CFB but provides better protection against data loss
during transmission
That is a single-bit error will not cause the whole block to be lost
as in the cases of ECB CBC and CFB
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 30
Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream
They provide convenient wrappers around standard input and
output streams for them to be automatically encrypted or
decrypted
Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext
before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext
eliminates the possibility of having the initial ciphertext block the
same for any two messages How to determine the size of a IV given a cipher Example A
256-bit Rijndael cipher needs a 16-byte IV
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 31
IV in Java public class IvParameterSpec
extends Object
implements AlgorithmParameterSpec
This class specifies an initialization vector (IV) Examples
which use IVs are ciphers in feedback mode eg DES
in CBC mode and RSA ciphers with OAEP encoding
operation
(NOTE See page 434 for RSA-OAEP padding)
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 32
Rijndael
What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)
ldquoRijndael is a block cipher designed by Joan Daemen and Vincent
Rijmen as a candidate algorithm for the AES
The cipher has a variable block length and key length We currently
specified how to use keys with a length of 128 192 or 256 bits to
encrypt blocks with al length of 128 192 or 256 bitsrdquo
(Source httpwwwesatkuleuvenacbe~rijmenrijndael)
After nearly four years of evaluation in October 2000 Rijndael was
selected by the NIST as the `AES (Advanced Encryption Standard)
See the press release
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 33
FileEncryptorjava
FileEncryptorjava (see httpscecluheduyangteaching
proJavaSecurityCodehtml)
Four functions
createKey( password )
loadKey ( password )
encrypt ( password inputFile outputEncryptedFile )
decrypt ( password inputEncryptedFile outputfile)
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 34
Sealed objects Sealed object An object that is encrypted
The object must be serializable
Sealed objects can be useful for storing or transferring an
encrypted version of an object
The default JDK 12 prevents extensions from using the class
loader to create classes that are neither standard objects nor
extensions That is a custom object such as a CreditCard
object wonrsquot be able to be decrypted
See Appendix D ldquothe EncryptedObject classrdquo for a better sealed
object implementation
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 35
Sealed objects
SealedObjectExamplejava (see
httpscecluheduyangteachingproJavaSecurityCodehtml)
Sample output
gtjava SealedObjectExample
Creating a key
Encrypting the object
Unencrypting the object
Credit card number 1234567890
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms
csci5931 Web Security 36
Next
Asymmetric Encryption (GS 5)
Relevant links RFC 1829 - The ESP DES-CBC Transform - This document
describes the DES-CBC security transform for the IP Encapsulating Security Payload (ESP)
The GNU Crypto project ndash This project aims at providing free versatile high-quality and provably correct implementations of cryptographic primitives and tools in the Java programming language for use by programmers and end-users Itrsquos also got a comprehensive listing of crypto-related algorithms