Java Cryptography (en anglais) (Anglais) Broché – 1 juin 1998
Les clients ayant acheté cet article ont également acheté
Descriptions du produit
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.
Détails sur le produit
En savoir plus sur l'auteur
Dans ce livre(En savoir plus)
Commentaires en ligne
Commentaires client les plus utiles sur Amazon.com (beta)
Chapter one lists some fundamentals of encryption and the relationship to security. There are also a couple of programs right off the bat that will let you explore message digests, and encrypting and decrypting messages. The basics of confidentiality, authentication, and some major cryptographic algorithms are outlined in chapter two. The explanations are quite terse, but not out of line with the aim of the book. Java Security Architecture (JCA) is explained in chapter three, along with a quick overview of the API (Application Programming Interface) and SPI (Service Provider Interface). Chapter four introduces Java's own pseudo-random number generator, plus programming for key seeds from keyboard timing. Key management, in chapter five, is somewhat weak. The APIs only deal with hierarchical key certification, but this may simply be an example of Knudsen dealing strictly with the language, and leaving the concepts to others. I was, however, bemused at some passages that may have suffered from a lack of copy editing: for example, one section that seemed to confuse production of Message Authentication Codes with working on Macintosh computers. Authentication of various types is covered quite well in chapter six. Chapter seven's guide to encryption covers details not normally dealt with in cryptography texts because it must handle all matters related to getting an encryption algorithm to actually function in an application.
Chapter eight gives enough detail about signed applets to prove that they are going to be browser specific for a while. Security provider programming is covered in chapter nine, using the ElGamal algorithm as an example. A sample application is created using an encrypted version of the talk utility in chapter ten. An e-mail application is created in chapter eleven using th provider previously generated in chapter nine. Chapter twelve closes off by looking at security design for the system overall.
Appendices review BigInteger arithmetic in Java, the Base64 encoding scheme (an option for converting binary objects to text characters for e-mailing), Java archive files, Javakey, and a quick reference for the Java cryptography classes as covered in the book.
Knudsen states that the book is written, as far as possible, without assuming any prior knowledge of cryptography. In this aim he succeeds rather well. The programmer with no background in encryption can still add a reasonable layer of security to his or her application. Those who study further, of course, will be able to ensure a higher level of protection and reliability.
However, the author of this book designs his own key exchange protocol and uses ad-hoc padding schemes. This procedure sets a bad example for the reader. The result is what one has to expect from an ad-hoc design: The applications have serious design flaws. For example the ElGamal signature scheme in chapter 9 does not use a hash function besides other omissions. The padding scheme for the ElGamal encryption simply adds 0's and therefore does not prevent chosen message attacks. The key exchange protocol in chapter 10 constructs a session key from two halves that are sent seperately. Each half can be attacked seperately in a reply attack, etc.
To conclude, this book does certainly not show the proper use of cryptography, and hence is hardly worth reading.
The Java API is excellent--but the idea of cryptography is little odd to the everyday web or network application programmer. Having someone to kindly bridge the crypto-what-ja-ma-call-its to a world of how-do-i-wrap-it-around-my-web-or-mail-service is simply priceless. There's NO silly cryptomath (because only those cryptoexperts get the math anyway) but instead it's filled with no-nonsense coverage of how each and every common crypto engine and crypto-"protocol" takes your stream of data and converts them to cryptograms. If you always like to learn as MUCH as you could about a particular computational wonder tool before tackling a project without turning your brain to mush with research mathematics--you'll like this book.
It's just one of those books I wished I read a lot earlier so I won't have an excuse to avoid APIs that exposes applied cryptography to network applications all these years. I highly recommend this book before you head on to the math of it.
It's too bad the SSL/TLS API for Java never made it into this first edition (it did make it into O'Reilly's latest Java network programming book though).
Any one know of a book just like this one but for another language like C or Perl? With a book like this you don't need to explain it all over again--but illustration and snippets of code showing how to use the various APIs in other languages would be useful. I think if the author is willing to dabble into all of these issues and give away his findings on a book website it will be just AWESOME! A second edition of said book with all of these issues covered would be just grand too :-)
P.S. When I started learning Perl I first bought Mastering Regular Expression. Because I felt that with Perl--it really simplifies one's ability to play with streams of text. And what better way to learn the language (especially if you know some basics about it) than to learn what it is brilliant at right away?! That's how I felt about Java Cryptography. The way Java makes network programming not only easy.. but also fun to add in complexities like security and cryptography makes it a very enjoyable programming language to work with as a student or as a programmer. This is the sort of book you'll want to read ASAP once you get the basics of Java the language down! :-)