Tutorial 4 Cryptography Algorithms

Tutorial 4 Cryptography Algorithms in JAVA

Objectives Getting started with Java Basic Java Programming Java Cryptography Extension Using Java to encrypt and decrypt text files Exercises

Tutorial for CS 5285 Information Security for E-commerce

Tutorial 4 Cryptography Algorithms

1 Getting started with Java

1.1 Something about Java A programming Microsystems Language developed by Sun

Object Oriented, platform-independent, interpreted, multithreading A Java source program is compiled to Java byte-code.

A Java virtual machine sitting on each platform, interpreting Java byte-code to local machine instructions and executing them

Two kinds of Java program: (1) java application Run on local machine, no need to embed it into HTML Have full access to all machine resources (disk!) (2) java program It is application on the Internet You must embed it into HTML pages to run it. Secure, no access outside virtual machine

Tutorial for CS 5285 Information Security for E-commerce

Tutorial 4 Cryptography Algorithms

1.2 Major steps for running java program Edit source program. You can use NotePad or other Editor program to write your source program compile your java program to byte code(e.g. your java program is program.java) javac program.java run your program (application or applet) a) Application java program b) Applet First, you should write a HTML file (e.g. program.html) to invoke this java apple, then you can use appletviewer program.html or use IE, Netscape to open this HTML file. Alternatively, you may use commercially available visual environment such as Jbuilder:
http://www.borland.com/jbuilder/

Java Source Code

Java Compiler

Java Byte Code

Java Virtual Machine

Native machine Instruction

Tutorial for CS 5285 Information Security for E-commerce

Tutorial 4 Cryptography Algorithms

Examples One simple java application

import java.io.*; public class HelloKitty { public static void main(String args[]) { System.out.println(HelloKitty); } }

One simple java applet

import java.applet.*; import java.awt.*; public class HelloKitty2 extends Applet { public void paint(Graphics g) { g.drawString("Hello Kitty",10,10); } }

write a html file to embed this applet

<HTML> <HEAD> <TITLE>A HTML to test applet</TITLE> </HEAD> <BODY> <applet code="HelloKitty2.class" Width="80" Height="100"> </applet> </BODY> </HTML>

Tutorial for CS 5285 Information Security for E-commerce

Tutorial 4 Cryptography Algorithms

Basic Java Programming

Because this course is not a program designing course, we dont teach the details of Java programming. You can check following URL to get useful materials.

Javasoft & Sun: http://www.javasoft.com & www.sun.com Developer.com: http://java.developer.com

Download the tutorial: http://web2.java.sun.com/docs/books/tutorial/information/do wnload.html

Furthermore, you can find a lot of books on java in the library. You should grasp a lot of basic knowledge about java programming, such as variables, constants, Arithmetic, Relational, Shift, Logical and Conditional operators, Control statements (including selection statements, repetition statements and Exception Handling Statements) , and some advanced techniques in java (such as AWT, multi-thread, socket).

Tutorial for CS 5285 Information Security for E-commerce

Tutorial 4 Cryptography Algorithms

Java Cryptography Extension

The standard Java Development Kit comes with a security framework called the Java Cryptography Architecture (JCA). To encrypt or decrypt data, you must use the Java Cryptography Extension (JCE) or a third-party encryption library. JCE has been integrated into the JavaTM2 SDK, Standard Edition, v 1.4, or you can download the JCE from Sun at http://java.sun.com/products/jce/index.html The Java Security API is a set of packages that are used for writing secure programs in Java. In particular, the classes and interfaces in the following packages are part of the Security API:
java.security.Key java.security.PrivateKey java.security.PublicKey javax.crypto.SecretKey java.crypto.Cipher java.security.MessageDigest java.security.Signature java.security.cert.Certificate java.security.KeyFactory javax.crypto.KeyAgreement javax.crypto.KeyGenerator javax.crypto.SecretKeyFactory java.security.SecureRandom Javax.crypto.Mac Use to encrypt and sign messages Cipher Message digest function Digital signature Authentication Symmetric Keys and Asymmetric Keys management Secure random number generator Message Authentication Code
6

Tutorial for CS 5285 Information Security for E-commerce

Tutorial 4 Cryptography Algorithms

Using Java to encrypt and decrypt text files

4.1 An application to encrypt text files

import java.io.*; import javax.crypto.*; import javax.crypto.spec.*; public class EncryptFile { public static void main(String args[]) { if (args.length < 1) { System.out.println("Usage: java EncryptFile <file name>"); System.exit(-1); } try { File desFile = new File("encrypt.des"); FileInputStream fis; FileOutputStream fos; CipherInputStream cis; // Creation of Secret key byte key[] = "abcdEFGH".getBytes(); SecretKeySpec secretKey = new SecretKeySpec(key,"DES"); // Creation of Cipher objects Cipher encrypt = Cipher.getInstance("DES/ECB/PKCS5Padding"); encrypt.init(Cipher.ENCRYPT_MODE, secretKey); // Open the Plaintext file try { fis = new FileInputStream(args[0]);
Tutorial for CS 5285 Information Security for E-commerce 7

Tutorial 4 Cryptography Algorithms

} catch(IOException err) { System.out.println("Cannot open file!"); System.exit(-1); } cis = new CipherInputStream(fis, encrypt); // Write to the Encrypted file fos = new FileOutputStream(desFile); byte[] b = new byte[8]; int i = cis.read(b); while (i != -1) { fos.write(b, 0, i); i = cis.read(b); } fos.flush(); fos.close(); cis.close(); fis.close(); } catch(Exception e){ e.printStackTrace(); } } }

4.2 An application to decrypt text files

import java.io.*; import javax.crypto.*; import javax.crypto.spec.*; public class DecryptFile { public static void main(String args[]) { try { File desFile = new File("encrypt.des");
Tutorial for CS 5285 Information Security for E-commerce 8

Tutorial 4 Cryptography Algorithms

File desFileBis = new File("decrypt.des"); FileInputStream fis; FileOutputStream fos; CipherInputStream cis; // Creation of Secret key byte key[] = "abcdEFGH".getBytes(); SecretKeySpec secretKey = new SecretKeySpec(key,"DES"); // Creation of Cipher objects Cipher decrypt = Cipher.getInstance("DES/ECB/PKCS5Padding"); decrypt.init(Cipher.DECRYPT_MODE, secretKey); // Open the Encrypted file fis = new FileInputStream(desFile); cis = new CipherInputStream(fis, decrypt); // Write to the Decrypted file fos = new FileOutputStream(desFileBis); byte[] b = new byte[8]; int i = cis.read(b); while (i != -1) { fos.write(b, 0, i); i = cis.read(b); } fos.flush(); fos.close(); cis.close(); fis.close(); } catch(Exception e){ e.printStackTrace(); } }
Tutorial for CS 5285 Information Security for E-commerce 9

Tutorial 4 Cryptography Algorithms

4.3 An application to retrieve web pages

import java.net.*; import java.io.*; public class UrlRetriever { public static void main(String[] args) { if (args.length!=1) { System.out.println("Usage: UrlRetriever <URL>"); System.exit(-1); } try { URL url=new URL(args[0]); BufferedInputStream buffer=new BufferedInputStream(url.openStream()); DataInputStream in= new DataInputStream(buffer); String line; while ((line=in.readLine())!=null) System.out.println(line); in.close(); } catch(MalformedURLException mue) { System.out.println(args[0]+"is an invalid URL:"+mue); } catch(IOException ioe) { System.out.println("IOException: "+ioe); } }

Tutorial for CS 5285 Information Security for E-commerce

10

Tutorial 4 Cryptography Algorithms

Exercises
Run the programs above Check if you can supply a key as user input? What other encryption algorithms you may use? And Try them. Write a java program to retrieve the HTML file at URL http://www.cs.cityu.edu.hk/~deng/ , encrypt the contents and store it into a local file deng.enc, then decrypt the file deng.enc and store it into a local file deng.dec. Try to encrypt your emails sent to your friends.

Tutorial for CS 5285 Information Security for E-commerce

11