Lecture 31 Computer Security

1
Lecture 31Computer Security

• Phillip G. Bradford
• Computer Science Department
• The University of Alabama

2
Credits

• Scott Oaks Java Security, OReilly, 2001.
• David Flanagan Java in a Nutshell, 4th Edition,
  OReilly, 2002.

3
Outline

• General overview
• Java Security
• X.509 Certificates
• For SSL

4
Architecture of Java Security Providers, Oaks.

• Engine Classes
• Useful core API classes
• Algorithm Classes
• Encryption Algorithms
• Provider Class
• Maps algorithms to users
• Security Class
• Tracks providers and their operation

5
Java Keys symmetric

• Class java.security.Key
• public interface Key extends Serializable
• Serilizable interface means can be written
  to/from object stream
• Gives keys necessary flexibility
• Keys should have
• public string getAlgorithm()
• Who built this key?

6
Java Keys symmetric

• public String getFormat()
• How is the key stored?
• public byte getEncoded()
• Actual key, in bytes

7
Java Keys asymmetric

• public interface PublicKey extends Key
• public interface PrivateKey extends Key
• Each stand-alone
• Example RSA
• public interface RSAPrivateKey extends PrivateKey
• public interface RSAPublicKey extends PublicKey

8
Java Keys asymmetric, RSA

• RSA interfaces, cont.
• public interface RSAPrivateKeyCrt extends
  PrivateKey
• Recall, npq, this returns p and q for
  certification

9
X.509 Certificates

• Part of Internet
• X.509, see RFC 2459
• Public Key Infrastructure (PKI)
• Used by Certificate Authority
• Even small ones
• Verification of Public Keys
• In implementations of SSL, RFC 2246

10
X.509 Certificates

• Class java.security.cert.Certificate
• For general certificates
• Class javax.security.cert.Certificate
• For SSL
• Deprecated Certificates may give conflicts with
• import java.security.
• import java.security.cert.

11
java.security.cert.Certificate

• Abstract Class
• java.security.cert.X509Certificate
• Major Components
• tbsCertificate TBSCertificate
• signatureAlgorithm AlgorithmIdentifier
• signature BIT STRING

12
java.security.cert.X509Certificate

• TBSCertificate
• version EXPLICIT Version
• serialNumber CertificateSerialNumber
• signature AlgorithmIdentifier
• issuer Name
• validity Validity
• subject Name
• subjectPublicKeyInfo SubjectPublicKeyInfo
• UniqueIssuerID
• UniqueSubjectID
• Extensions

13
java.security.cert.X509Certificate

• Main Methods
• public abstract byte getEncoded()
• Bytes of the encoded certificate
• public abstract void verify(PublicKey pk)
• Use the certificate to verify the public key pk
• Throws CertificateException if certificate
  invalid

14
java.security.cert.X509Certificate

• Main Methods
• public abstract void verify(PublicKey pk, String
  provider)
• The provider is the Certificate Authority (CA)
• Invalid certificate throws CertificateException
• Other exceptions as needed
• public abstract PublicKey getPublicKey()

15
Building a java.security.cert.X509Certificate

• Java keytool
• keytool genkey alias pgb keyalg RSA
• Gives the CA the key for pgb using RSA
• Home directory .javakeys
• Get a Certificate Signed Request (CSR)
• keytool certreq alias pgb file pgbCSR.cer
• Check current directory for file pgbCSR.cer
• This is your X509 Certificate

16
java.security.cert.X509Certificate

• Example from Scott Oaks Book
• To be posted soon!