Java Industry News

In Java Code Stack #1, we developed a Cipher class and used Secret Key Engine for building an encryption algorithm. As a reader pointed out, encryption using Public/Private key pair is the most widely used standard Java Cryptography Implementation. (Note: Secret Key is part of JCE and not a standard Java Security Implementation). So, let us build a class, which generates Public Key/Private Key Pair and uses its Private Key to digitally sign an Object and later verify the Object with a Public Key. We can sign any object whose class implements Serializable Interface. For simplicity, I'm using a String Object. I take this an opportunity to introduce SignedObject class for creating authentic Runtime Objects, which are crucial for secure applications.

Code:

1. import java.security.*;
2. import java.security.spec.*;
3. import java.io.*;
4. import java.math.*;

5. public class encKeys{
6. public static void main
7. (String ar[])throws Exception{
8. /* We need a Private and Public Key */
9 . PublicKey publicKey = null;
10. PrivateKey privateKey = null;
11. try {
12. /* Let us Generate a 1024-bit DSA key pair */
13. KeyPairGenerator keyGen =
14. KeyPairGenerator.getInstance("DSA");
15. keyGen.initialize(1024);
16. KeyPair keypair =
17. keyGen.genKeyPair();
18. privateKey = keypair.getPrivate();
19. publicKey = keypair.getPublic();
20.
21. /* Saving my Public Key */
22. FileOutputStream fos=
23. new FileOutputStream("MyPublicKey");
24. ObjectOutputStream oos=
25. new ObjectOutputStream(fos);
26. Class al=Class.forName
27. ("java.security.spec.DSAPublicKeySpec");
28.
29. KeyFactory kf=
30. KeyFactory.getInstance("DSA");
31. DSAPublicKeySpec ks=
32. (DSAPublicKeySpec)
33. kf.getKeySpec(publicKey,al);
34.
35. /* Writing the Public Key
36. P->Prime, Q->Sub Prime
37. G->Base, Y->Public key param */
38. oos.writeObject(ks.getY());
39. oos.writeObject(ks.getP());
40. oos.writeObject(ks.getQ());
41. oos.writeObject(ks.getG());
42. fos.close();
43.
44. } catch(NoSuchAlgorithmException e){
45. }
46.
47. /* Signing a String Object with
48. our Private Key */
49. SignedObject so = null;
50. try {
51. String test=new String("Original");
52.
53. Signature sig =
54. Signature.getInstance
55. (privateKey.getAlgorithm());
56. so = new SignedObject
57. (test, privateKey, sig);
58. } catch (Exception e) {}
59.
60. /* Verify the Object authenticity */
61. try {
62. /* Read the Public Key from file */
63. FileInputStream fis=
64. new FileInputStream
65. ("MyPublicKey");
66. ObjectInputStream ois=
67. new ObjectInputStream(fis);
68.
69. /* Read Y,P,Q,G Params */
70. DSAPublicKeySpec ks=
71. new DSAPublicKeySpec(
72. (BigInteger) ois.readObject(),
73. (BigInteger) ois.readObject(),
74. (BigInteger) ois.readObject(),
75. (BigInteger) ois.readObject());
76.
77. /* Generate the Public Key */
78. KeyFactory kf=
79. KeyFactory.getInstance("DSA");
80. PublicKey pk=
81. kf.generatePublic(ks);
82.
83. fis.close();
84.
85. /* Verify the Object signature */
86. Signature sig = Signature.getInstance
87. (publicKey.getAlgorithm());
88. boolean done = so.verify(pk, sig);
89.
90. if(done){
91. System.out.println("Object verified!
92. "+(String)so.getObject());
93. }
94. } catch (Exception e) {}
95. }}

A SignedObject contains a serializable Object and its signature. The signed object is a "deep copy" of the original object. So, change in the original object has no effect on the copy, thus protecting the integrity of the object.

Assignment:
Try generating Key Object from a set of DSA Parameters.