APPLICATION SECURITY BOOK EXCERPTS
Beginning Cryptography with Java -- Chapter 2, Symmetric Key Cryptography
David Hook
06.15.2006
Rating: --- (out of 5)
As a registered member of SearchSoftwareQuality.com, you're entitled to a complimentary copy of Chapter 2 of Beginning Cryptography with Java written by David Hook and published by John Wiley & Sons Inc.
"Symmetric Key Cryptography" introduces the concept of symmetric key cryptography and how it is used in the Java Cryptography Extension (JCE).
David Hook explains how to create keys for symmetric key ciphers, how to create Cipher objects to be used for encryption, how modes and padding mechanisms are specified in Java, what other parameter objects can be used to initialize ciphers and what they mean, how password-based encryption is used, methods for doing key wrapping, and how to do cipher-based I/O.
Book description:
While cryptography can still be a controversial topic in the programming community, Java has weathered that storm and provides a rich set of APIs that allow you, the developer, to effectively include cryptography in applications -- if you know how.
This book teaches you how. Chapters one through five cover the architecture of the JCE and JCA, symmetric and asymmetric key encryption in Java, message authentication codes, and how to create Java implementations with the API provided by the Bouncy Castle ASN.1 packages, all with plenty of examples. Building on that foundation, the second half of the book takes you into higher-level topics, enabling you to create and implement secure Java applications and make use of standard protocols such as CMS, SSL, and S/MIME.
What you will learn from this book:
- How to understand and use JCE, JCA, and the JSSE for encryption and authentication
- The ways in which padding mechanisms work in ciphers and how to spot and fix typical errors
- An understanding of how authentication mechanisms are implemented in Java and why they are used
- Methods for describing cryptographic objects with ASN.1
- How to create certificate revocation lists and use the Online Certificate Status Protocol (OCSP)
- Real-world Web solutions using Bouncy Castle APIs
>> Read Chapter 2: Symmetric Key Cryptography.
>> Buy the book
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSoftwareQuality.com.
Register now
to start rating these tips. Log in if you are already a member.
|
 |
 |
| |
RELATED CONTENT
 |
Application Security Book Excerpts |
|
Fuzzing for Software Security Testing and Quality Assurance: Chapter 3, Testing for Quality
|
|
Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
|
|
InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory
|
|
Google Hacking for Penetration Testers, Volume 2: Chapter 6, Locating Exploits and Finding Targets
|
|
Ajax Security -- Chapter 6, Transparency in Ajax Applications
|
|
Fuzzing: Brute Force Vulnerability Discovery -- Chapter 12, Fuzzing Frameworks
|
|
Cross Site Scripting Attacks: XSS Exploits and Defense -- Chapter 5, Advanced XSS Attack Vectors
|
|
Static Analysis as Part of the Code Review Process -- Chapter 3, Secure Programming with Static Analysis
|
|
Security Metrics: Replacing Fear, Uncertainty, and Doubt -- Chapter 3, Application Security Metrics
|
|
Forms Authentication -- Chapter 5, Professional ASP.NET 2.0 Security, Membership, and Role Management
|
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
