本文深入探讨了Java Cryptography Architecture (JCA),详细介绍了MessageDigest、Signature等核心组件的工作原理及其实现过程。此外,还讨论了如何通过Provider加载不同的加密算法实现,并提供了KeyStore和Certificate在密钥管理和认证中的应用案例。
JCA(Java Cryptography Architecture):
MessageDigest:
getInstance
update
digest
Signature:
getInstance
initVerify / initSign
update
verify / sign
Even though a signature seems similar to a message digest, they have very different purposes in the type of protection they provide. In fact, algorithms such as "SHA1WithRSA" use the message digest "SHA1" to initially "compress" the large data sets into a more manageable form, then sign the resulting 20 byte message digest with the "RSA" algorithm.
Key: getAlgorithm, getFormat, getEncoded
PrivateKey, Publickey 接口继承自Key,没区别,只是名字不同。
类KeyPair包含PrivateKey和PublicKey。
An engine class provides the interface to a specific type of cryptographic service, independent of a particular cryptographic algorithm or provider.
Provider:
For each engine class in the API, a implementation instance is requested and instantiated by calling one of the getInstance methods on the engine class, specifying the name of the desired algorithm and, optionally, the name of the provider whose implementation is desired.
install Providers:
1. 放在classpath或lib/ext下
2. 在lib/security/java.security中添加相应的条目。
Cipher类用于加密解密。
The KeyFactory class is an engine class designed to perform conversions between opaque cryptographic Keys and key specifications.
key的获取方式:各种KeyGenerator,Key交换算法,利用函数读取文件等等。
为了获取key中的属性,需要使用KeyFactory(非对称)或SecretKeyFactory(对称)在Key与KeySpec之间转换。
证书格式:常用的有X509(不能包含私钥),PKCSxxx
编码格式:DER, PEM。PEM == begin xxx base64encode(DER) end xxx。begin xxx之前的部分作为注释。
KeyStore:
KeyStore用于管理Key和Certificate。KeyStore读取.keystore文件,在内存中操作。两个类型,JKS, PKCS12。
Key中包含了加密用的敏感信息。Certificate是第三方提供的证书,一般用于判断是否信任。
MessageDigest:
getInstance
update
digest
Signature:
getInstance
initVerify / initSign
update
verify / sign
Even though a signature seems similar to a message digest, they have very different purposes in the type of protection they provide. In fact, algorithms such as "SHA1WithRSA" use the message digest "SHA1" to initially "compress" the large data sets into a more manageable form, then sign the resulting 20 byte message digest with the "RSA" algorithm.
Key: getAlgorithm, getFormat, getEncoded
PrivateKey, Publickey 接口继承自Key,没区别,只是名字不同。
类KeyPair包含PrivateKey和PublicKey。
An engine class provides the interface to a specific type of cryptographic service, independent of a particular cryptographic algorithm or provider.
Provider:
For each engine class in the API, a implementation instance is requested and instantiated by calling one of the getInstance methods on the engine class, specifying the name of the desired algorithm and, optionally, the name of the provider whose implementation is desired.
install Providers:
1. 放在classpath或lib/ext下
2. 在lib/security/java.security中添加相应的条目。
Cipher类用于加密解密。
The KeyFactory class is an engine class designed to perform conversions between opaque cryptographic Keys and key specifications.
key的获取方式:各种KeyGenerator,Key交换算法,利用函数读取文件等等。
为了获取key中的属性,需要使用KeyFactory(非对称)或SecretKeyFactory(对称)在Key与KeySpec之间转换。
证书格式:常用的有X509(不能包含私钥),PKCSxxx
编码格式:DER, PEM。PEM == begin xxx base64encode(DER) end xxx。begin xxx之前的部分作为注释。
KeyStore:
KeyStore用于管理Key和Certificate。KeyStore读取.keystore文件,在内存中操作。两个类型,JKS, PKCS12。
Key中包含了加密用的敏感信息。Certificate是第三方提供的证书,一般用于判断是否信任。
扫一扫
1240
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
