Java security program

bhaumik1987 · #1 (**permalink**) 02-08-2010, 05:41 AM

I just have this assignment where i just have to run two .java programs viz.
SignatureAuthenticationClient.java and SignatureAuthenticationCServer.java
Just go to chapter 6. There you will find both these code.
Source Code File Structure

Problem 1 : The client program when run directly gives and error (exception)..

Problem 2 : The server program wants a public key to be entered when run . What is supposed to be entered there .???

Do we need any kind of key generator code to be run along side with that ...

Any kind of help is appreciated.
Thanks..

bhaumik1987 · #2 (**permalink**) 02-08-2010, 09:05 AM

someone please reply im not getting how to do this

[RaIdEn] · #3 (**permalink**) 02-08-2010, 10:22 AM

hey
i rarely programmed cryptography in java. but after some search i came across this interesting link

thought it might help you.

codeartisan: RSA Public Key Cryptography in Java

bhaumik1987 · #4 (**permalink**) 02-08-2010, 11:17 AM

^^^^ thnx

ill go through it and tell you what happend ...thnx again

FON · #5 (**permalink**) 02-08-2010, 06:16 PM

I will leaveve key creation to you

If this is your first time dealing with security TAKE YOUR TIME.
Be sure you read basic concepts:

Lesson: API and Tools Use for Secure Code and File Exchanges (The Java™ Tutorials > Security Features in Java SE)

After you do it here is your
auth. scenario explained.

SERVER

First you start server.
It will run on separate Thread on your local machine on port 8001.

It asks for...:
"Public Key of client"
...to be entered from Console.

Change this - save public key on file-system
and hardcode path in some String so your system can find the path specified.

After init, socketServer will be run and public key passed to it.

Server open 2 streams.
'outputToClient'is used to send some data to be signed to client
and
'inputFromClient' used to read bytes signed from client

at the end server does very imporant thing VERIFICATION
of what is signed.

CLIENT
When server is run on your localhost on port 8001 and
has public key to load, you can start your client.

Client
- Has a created private key somewhere in file system.
At start it reads from some private key filename
and write to byte array which is used then to decrypt pass
- Has a password

When server is up and running on the other side,
client connect to it and create 2 streams:
'inputFromServer'to receive data for signing
then client does signing and
'outputToServer' to send signed data back

hope this will give you quick start

good luck !

FON · #6 (**permalink**) 02-09-2010, 03:41 AM

Originally Posted by [RaIdEn]

hey
i rarely programmed cryptography in java. but after some search i came across this interesting link

thought it might help you.

codeartisan: RSA Public Key Cryptography in Java

Thanx very much for this link !

Here is a link that is needed in to start working with that Open SSL on windows:

Cryptography Tutorials - Herong's Tutorial Notes - OpenSSL - Installation on Windows

Notice other very useful links at bottom of page - it is short but neat
crypto tutorial

Using this two links i managed to create key pairs and
now i'm testing SignatureAuthenticationServer.

Server is up and running with public key provided, but when client tries to connect and enters path to his private key i got:

Code:

java.security.NoSuchAlgorithmException: PBEWithSHAAndTwofish-CBC SecretKeyFactory not available

I got tip, that i have to pay attention on which crypto algorithm i use
for key creation, because they are not all supported in my Java 1.6.

So i have to decide either to switch to algorithm that is supported and to do keys recreation,
or to provide additional libraries and everybody is pointing to 'bouncy castle' site and their libraries.

hope I will end this is short time and discuss solution with others

I would really like to hear from someone all differences in 2 approaches
of key pair creation: java keytool and openSSL

bhaumik1987 · #7 (**permalink**) 02-09-2010, 12:06 PM

woww this was verrry much helpful ...ill surely follow up on this ....thnx a lot ...this forum rocks

FON · #8 (**permalink**) 02-09-2010, 03:28 PM

Two important things about client creation:

Problem:

Code:

java.security.NoSuchAlgorithmException: PBEWithSHAAndTwofish-CBC SecretKeyFactory not available

BOUNCY CASTLE:
...can be solved using second approach - using external library.
So go to Bouncy Castle site and download this jar

http://downloads.bouncycastle.org/ja...-jdk16-145.jar

It is not enough just to place it in classpath
there are come security provider issues that has to be added to src code like:

Code:

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

...and more about how to configure security this BC's API is explained here:

JDK/JCE environment Configuration

I guess there is a way to completely avoid usage of BC API
but you posted SignatureAuthenticationClient class that use it...

Now before you make your client work,
be sure you can deal with that algorithm exception,
and easiest way to do this is by configuring and running
another class of your tutorial PBE.java

Be sure you add BC API *.jars,

Code:

'Security.addProvider(...)'

code
and this can be args[] to start example:

Code:

-e a dobardanzxzxzxzxzxzx

OTHER SOLUTION:
Probably many other problems will arise so ask yourself
do you have to deal with 'PBEWithSHAAndTwofish-CBC' thats in BC's API
or you want to change all of that in your client,
and recreate keys with another commands in openSSL than those in link,
but commands must include usage of algorithms that your java security
can accept with no external API.

Come on other forum members!

Take a part in this it's just matter of time when you will face this problems
and your face will look like