Results 1 to 8 of 8
  1. #1
    bhaumik1987 is offline Member
    Join Date
    Feb 2010
    Posts
    4
    Rep Power
    0

    Default Java security program

    I just have this assignment where i just have to run two .java programs viz.
    SignatureAuthenticationClient.java and SignatureAuthenticationCServer.java
    Just go to chapter 6. There you will find both these code.
    Source Code File Structure

    Problem 1 : The client program when run directly gives and error (exception)..

    Problem 2 : The server program wants a public key to be entered when run . What is supposed to be entered there .???

    Do we need any kind of key generator code to be run along side with that ...:confused:
    Any kind of help is appreciated.
    Thanks..

  2. #2
    bhaumik1987 is offline Member
    Join Date
    Feb 2010
    Posts
    4
    Rep Power
    0

    Default

    someone please reply im not getting how to do this :(

  3. #3
    [RaIdEn] is offline Senior Member
    Join Date
    Oct 2009
    Location
    California,US
    Posts
    201
    Rep Power
    5

    Default

    hey
    i rarely programmed cryptography in java. but after some search i came across this interesting link

    thought it might help you.

    codeartisan: RSA Public Key Cryptography in Java

  4. #4
    bhaumik1987 is offline Member
    Join Date
    Feb 2010
    Posts
    4
    Rep Power
    0

    Default

    ^^^^ thnx :) ill go through it and tell you what happend ...thnx again

  5. #5
    FON
    FON is offline Senior Member
    Join Date
    Dec 2009
    Location
    Belgrade, Serbia
    Posts
    368
    Rep Power
    5

    Default

    I will leaveve key creation to you :p

    If this is your first time dealing with security TAKE YOUR TIME.
    Be sure you read basic concepts:

    Lesson: API and Tools Use for Secure Code and File Exchanges (The Java™ Tutorials > Security Features in Java SE)

    After you do it here is your
    auth. scenario explained.


    SERVER

    First you start server.
    It will run on separate Thread on your local machine on port 8001.

    It asks for...:
    "Public Key of client"
    ...to be entered from Console.

    Change this - save public key on file-system
    and hardcode path in some String so your system can find the path specified.

    After init, socketServer will be run and public key passed to it.

    Server open 2 streams.
    'outputToClient'is used to send some data to be signed to client
    and
    'inputFromClient' used to read bytes signed from client

    at the end server does very imporant thing VERIFICATION
    of what is signed.


    CLIENT
    When server is run on your localhost on port 8001 and
    has public key to load, you can start your client.


    Client
    - Has a created private key somewhere in file system.
    At start it reads from some private key filename
    and write to byte array which is used then to decrypt pass
    - Has a password

    When server is up and running on the other side,
    client connect to it and create 2 streams:
    'inputFromServer'to receive data for signing
    then client does signing and
    'outputToServer' to send signed data back

    hope this will give you quick start

    good luck !

  6. #6
    FON
    FON is offline Senior Member
    Join Date
    Dec 2009
    Location
    Belgrade, Serbia
    Posts
    368
    Rep Power
    5

    Default

    Quote Originally Posted by [RaIdEn] View Post
    hey
    i rarely programmed cryptography in java. but after some search i came across this interesting link

    thought it might help you.

    codeartisan: RSA Public Key Cryptography in Java

    Thanx very much for this link !

    Here is a link that is needed in to start working with that Open SSL on windows:

    Cryptography Tutorials - Herong's Tutorial Notes - OpenSSL - Installation on Windows

    Notice other very useful links at bottom of page - it is short but neat
    crypto tutorial :)

    Using this two links i managed to create key pairs and
    now i'm testing SignatureAuthenticationServer.

    Server is up and running with public key provided, but when client tries to connect and enters path to his private key i got:

    Java Code:
    java.security.NoSuchAlgorithmException: PBEWithSHAAndTwofish-CBC SecretKeyFactory not available
    I got tip, that i have to pay attention on which crypto algorithm i use
    for key creation, because they are not all supported in my Java 1.6.

    So i have to decide either to switch to algorithm that is supported and to do keys recreation,
    or to provide additional libraries and everybody is pointing to 'bouncy castle' site and their libraries.

    hope I will end this is short time and discuss solution with others :)

    I would really like to hear from someone all differences in 2 approaches
    of key pair creation: java keytool and openSSL

  7. #7
    bhaumik1987 is offline Member
    Join Date
    Feb 2010
    Posts
    4
    Rep Power
    0

    Default

    woww this was verrry much helpful ...ill surely follow up on this ....thnx a lot ...this forum rocks :)

  8. #8
    FON
    FON is offline Senior Member
    Join Date
    Dec 2009
    Location
    Belgrade, Serbia
    Posts
    368
    Rep Power
    5

    Default

    Two important things about client creation:

    Problem:

    Java Code:
    java.security.NoSuchAlgorithmException: PBEWithSHAAndTwofish-CBC SecretKeyFactory not available
    BOUNCY CASTLE:
    ...can be solved using second approach - using external library.
    So go to Bouncy Castle site and download this jar

    http://downloads.bouncycastle.org/ja...-jdk16-145.jar

    It is not enough just to place it in classpath
    there are come security provider issues that has to be added to src code like:

    Java Code:
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    ...and more about how to configure security this BC's API is explained here:

    JDK/JCE environment Configuration

    I guess there is a way to completely avoid usage of BC API
    but you posted SignatureAuthenticationClient class that use it...

    Now before you make your client work,
    be sure you can deal with that algorithm exception,
    and easiest way to do this is by configuring and running
    another class of your tutorial PBE.java

    Be sure you add BC API *.jars,
    Java Code:
    'Security.addProvider(...)'
    code
    and this can be args[] to start example:
    Java Code:
    -e a dobardanzxzxzxzxzxzx

    OTHER SOLUTION:
    Probably many other problems will arise so ask yourself
    do you have to deal with 'PBEWithSHAAndTwofish-CBC' thats in BC's API
    or you want to change all of that in your client,
    and recreate keys with another commands in openSSL than those in link,
    but commands must include usage of algorithms that your java security
    can accept with no external API.

    Come on other forum members!

    Take a part in this it's just matter of time when you will face this problems
    and your face will look like :eek:

Similar Threads

  1. java Applet security
    By MarkWilson in forum Java Applets
    Replies: 0
    Last Post: 09-05-2008, 09:02 AM
  2. Java Security Warning
    By Neil in forum New To Java
    Replies: 3
    Last Post: 09-01-2008, 04:15 PM
  3. Java security
    By Zosden in forum Java Applets
    Replies: 43
    Last Post: 08-02-2008, 02:10 PM
  4. Replies: 1
    Last Post: 07-23-2007, 11:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •