An interesting and informative book covering very important issues. Essential reading for programmers (it assumes a working knowledge of Java) implementing Java based software where security is critical.
With the rapid growth of the commercial use of the Internet security has become critical and this book covers Java support for cryptography, i.e. the JCA (Java Cryptography Architecture) and the JCE, an Extension which only available for US/Canadian distribution (there are re-implementations developed outside the US).
It starts with a review of cryptography concepts sufficient to understand and use the APIs and an overview of the Java cryptography packages. There are then chapters describing random numbers (
java.security.SecureRandom), Key management (generators, translators, etc.), authentication (message digests, signatures, certificates, etc.) and encryption (symmetric, asymmetric and hybrid ciphers). Signed applets are then described with implementations for Hotjava, Netscape and Internet Explorer (each browser has different formats and procedures). Security providers (which provide algorithm classes) are then discussed showing how to implement a simple provider and moving on to a full set of tools. A pair of applications using the concepts and tools described in previous chapters are then implemented. First a secure network talk application which enables two users on different computers to type messages to each other. Second a cryptographically enabled email client (so one can send and receive encrypted and authenticated messages over the Internet).
An interesting and informative book covering very important issues. Essential reading for programmers (it assumes a working knowledge of Java) implementing Java based software where security is critical. Most of the example programs are available from the publishers web site; some may not be legally posted online because the US Government regards some encryption software as weapons! Highly recommended!