Wizard API updated!
Tim Boudreau has released a new version of the Swing Wizard library (version 0.997) that fixes the WizardException bug reported in JavaWorld's recent Open Source Java Project profile. The article's examples have been reworked to test out the new, improved WizardException. Thanks, Tim, for this helpful fix!
Open Source Java Projects: The Wizard API

Newsletter sign-up

Sign up for our technology specific newsletters.

Enterprise Java
View all newsletters
Email Address:
JavaWorld.com > Java Development Tools >

Construct secure networked applications with certificates, Part 1

Certificates add value to public-key cryptography

By Todd Sundsted, JavaWorld.com, 01/12/01

I am thankful that the security issue has been pushed out of obscurity and into the spotlight during the last few years. Due to well-publicized threats and attacks, almost everyone, from the development staff on the front line to members of the marketing team, understands (or at least pretends to understand) why good security is important.

Unfortunately, though interest in security has grown, a weak understanding persists on how to achieve strong security. Like any maturing industry, you must gain familiarity with a growing body of literature, research, technology, and terminology (How many readers have wondered just what PKI, PKCS, and PKIX are?) before realizing proficiency.

As Java programmers, we have it easier than most. Sun seems to recognize the importance of providing high-quality tools with which to build secure solutions, especially in the enterprise arena. Even so, judging by the questions on Sun's security mailing list (see Resources for a link) little introductory material is available on the topic.

This series, then, is an attempt to shed a little more light on some of the core tools used to build secure applications in Java -- not secure from the byte code perspective that was so popular in the past, but rather secure from a user, application, and network perspective. If you're not clear on the difference between the two, read on and you'll soon see where I'm heading.

I'll begin Part 1 by introducing public-key cryptography, and later explain how to add value with certificates.

You can read the whole series on certificates:



The foundation

Much of the mechanism underlying modern application and network security builds upon a type of cryptography known as public-key cryptography. You can understand the importance of public-key cryptography to security without understanding the technical details, so let's take a brief cruise through the neighborhood.

Public-key cryptography differs from traditional symmetric, or shared-key cryptography, in its use of two related, but slightly different, keys. One key, the private key, is kept secret by the owner of the key. The other key, known as the public key, may be distributed far and wide by its owner. The keys in the key pair are complementary. Only the private key can decrypt information encrypted with the public key, and vice versa. And only the public key verifies information signed with the private key, and vice versa.

There are several public-key algorithms in use today. The most popular is known as RSA (because it was invented by Rivest, Shamir, and Adleman), which was the subject of a patent that expired in September 1999.

Whatever the specific algorithm used, public-key cryptography avoids the complicated problem of key exchange -- the process by which communicating parties each exchange or otherwise obtain the keys necessary to secure a conversation between them -- and enables a number of desirable applications, including digital signatures.

1 | 2 | 3 |  Next >
Resources