Part 3 - Configuration of the cryptographic engine
In the Part 1 we setup and
tested the Java environment.
In the Part 2 we began using keystores, asymmetric encryption and digital
signature.
Review the previous parts if you are unsure on how to build and run
these programs.
Important: We are working in this folder
If you have not completed part 1 and 2, complete them
before doing this part!
TASK 1 - Understanding the configuration of the cryptographic engine
In order to set which cryptographic algorithms are used (and their
parameters) we use a configuration file.
The file will be
<projectname>.properties
and must be on the same folder of the main class.
- Download and save Tutorial_04.properties
- Open the file. Do you recognize any cryptographic algorithm name?
- Look at the documentation
Java Cryptography Architecture Standard Algorithm Name Documentation for JDK
and try to become familiar with the terminology. In particular look for "Cipher (Encryption) Algorithms " and their key sizes.
You might be also interested in "KeyAgreement Algorithms", "KeyGenerator Algorithms", "Mac Algorithms","MessageDigest Algorithms", etc.
Installation of Bouncy Castle library (optional)
- The Bouncy Castle library offers support form many ciphers not included in the standard JDK/JRE. It can be configured as a Java cryptographic provider via static registration by adding an entry to the java.security properties file.
- Download the "Provider" library file bcprov-jdk18on-.jar (or later) in the same folder containing the AnBxJ.jar file.
- The file is in $JAVA_HOME/jre/lib/security/java.security , where $JAVA_HOME is the location of your JDK/JRE distribution).
- You basically need to add a line:
security.provider.<n>=org.bouncycastle.jce.provider.BouncyCastleProvider
at the end of the list of other security providers and replace <n> with the next available integer.
TASK 2 - Run an application with a configuration
- Download Tutorial_04.java
- Build and run the application as usual (Client/Server)
- If the configuration file is in the correct location and is parsed by the program you should able to run the application without any error.
- This program behaves very similarly to a previous example. Which one?
- Look at the source code and understand the differences between this and the previous example.
- Note: we are using asymmetric encryption for transmitting a secret
message, but if you look at the log you will notice that symmetric ciphers
schemes are mentioned. Remember asymmetric encryption schemes are very slow.
Therefore we use such schemes just to encrypt a symmetric encryption key
that is sent to the intended recipient. This is done
transparently(automatically) by the encrypt() function, which implicitly
create a symmetric key. Example:
Alice: new K // a new symmetric key is created
Alice: new Msg // new message is created
Alice -> Bob: {K}pk(Bob),{|Msg|}K // K is encrypted with the public key of bob, then Msg is encrypted with K - What is the symmetric cipherScheme used by this program?
- What is the keySize?
TASK 3 - Setting the configuration
We want to run Tutorial_04 with different encryption scheme. Look at Tutorial_04.proprierties. Based on what you have learned so far, try to run Tutorial_04.java with the following settings - cipherScheme (keySize). If there is any error understand the error and try to fix the configuration (N.B. Every algorithm works only with keys of a specific size). There is no need to recompile the program. Just stop and restart the server after every change of configuration.
- AES (192)
- AES (256)
- DES (56)
- DES (64)
- DESese (168)
- AES (168)
- DESese (192)
- any RCx (try to find the appropriate key size)
- try something more "exotic" from here (you might be not able to run some of them).
- Consider different block modes and paddings (e.g AES/CBC/PKCS5Padding)
- Please report success to the instructor!
TASK 4 - Performance of different cipher schemes (optional)
Based on the experiments made in task 3, you should have noticed that some
schemes execute faster than other. Think about this and try to measure execution
times. You need to adapt your java program.
Write a short document and:
- report about performance of different schemes
- consider different key sizes
- think about security vs speed. A company asked you an advice on you to configure this program. Give and motivate your answer.
TASKS 5 - (optional)
- Adapt Tutorial_03.java to use a configuration file
TASK 6 - (optional)
- Adapt Task 5 of Part 2 to use a configuration file, and try different configurations
TASK 7 - (optional)
- Adapt Task 6 of Part 2 to use a configuration file, and try different configurations (generate RSA keys of different sizes)