24-04-2012, 04:22 PM
JavaTM Cryptography Extension
JavaTM Cryptography Extension.doc (Size: 351 KB / Downloads: 27)
Introduction
This document is intended as a companion to the JavaTM Cryptography Architecture (JCA) API Specification & Reference. References to chapters not present in this document are to chapters in the JCA Specification.
The JavaTM Cryptography Extension (JCE) provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. The software also supports secure streams and sealed objects.
JCE was previously an optional package (extension) to the JavaTM 2 SDK, Standard Edition (Java 2 SDK), versions 1.2.x and 1.3.x. JCE has now been integrated into the Java 2 SDK, v 1.4.
JCE is based on the same design principles found elsewhere in the JCA: implementation independence and, whenever possible, algorithm independence. It uses the same "provider" architecture. Providers signed by a trusted entity can be plugged into the JCE framework, and new algorithms can be added seamlessly.
A Note on Terminology
The JCE within the Java 2 SDK, v 1.4 includes two software components:
• the framework that defines and supports cryptographic services that providers can supply implementations for. This framework includes everything in the javax.crypto package.
• a provider named "SunJCE"
Throughout this document, the term "JCE" by itself refers to the JCE framework in the Java 2 SDK, v 1.4. Whenever the JCE provider supplied with the Java 2 SDK, v 1.4 is mentioned, it will be referred to explicitly as the "SunJCE" provider.
JCE Is Now in Java 2 SDK
JCE was previously an optional package (extension) to the JavaTM 2 SDK, Standard Edition (Java 2 SDK), versions 1.2.x and 1.3.x. JCE has now been integrated into the Java 2 SDK, v 1.4. The SunJCE provider is also included and is automatically registered in the java.security security properties file included with the Java 2 SDK, v 1.4.
Strong Cryptography Is the Default, Unlimited Is Available
Due to import control restrictions, the jurisdiction policy files shipped with the Java 2 SDK, v 1.4 allow "strong" but limited cryptography to be used. An "unlimited strength" version of these files indicating no restrictions on cryptographic strengths is available for those living in eligible countries (which is most countries). You can download this version and replace the strong cryptography versions supplied with the Java 2 SDK, v 1.4 with the unlimited ones. See
Encrypting and Decrypting Data
Data can be encrypted or decrypted in one step (single-part operation) or in multiple steps (multiple-part operation). A multiple-part operation is useful if you do not know in advance how long the data is going to be, or if the data is too long to be stored in memory all at once.
The CipherInputStream Class
This class is a FilterInputStream that encrypts or decrypts the data passing through it. It is composed of an InputStream, or one of its subclasses, and a Cipher. CipherInputStream represents a secure input stream into which a Cipher object has been interposed. The read methods of CipherInputStream return data that are read from the underlying InputStream but have additionally been processed by the embedded Cipher object. The Cipher object must be fully initialized before being used by a CipherInputStream.