Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to achieve key management in Java". Many people will encounter this dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Summary of various keys

In the previous article, we talked about four kinds of cryptography techniques: symmetric cryptography, public key cryptography, message authentication code and digital signature. Here, let's review again.

Symmetric cipher

Symmetric passwords use the same key to encrypt and decrypt plaintext.

Public key cryptography

Public key passwords use different keys to encrypt and decrypt messages.

Message authentication code

The message authentication code uses the same key to authenticate the message.

Digital signature

Digital signatures use different keys to sign and verify messages.

Symmetric cryptography and public key cryptography are used to encrypt plaintext directly, so as to ensure the confidentiality of messages.

The message authentication code and digital signature are used to authenticate the message, which are not used to encrypt the plaintext, but mainly to verify the legitimacy of the message.

Other key classifications

The above four are divided according to the encryption method and the purpose of use. in fact, the number of times to use the installation key can be divided into session key and master key.

A session key is a key that is used only in a session and is discarded after use, while the master key is a fixed key that is reused all the time.

Friends who are familiar with the SSL/TLS protocol must be familiar with this, in which a separate key is created for each session to encrypt the session message, that is, a session key is created for each session.

In addition, to install whether the encrypted object is a content or a key, we can be divided into the key of the encrypted message (CEK) and the key of the encryption key (KEK). The key to encrypting the message is easy to understand, and the previous symmetric key and public key was CEK. The main purpose of the encryption key is to reduce the number of keys saved.

Key management

We will mainly explain the key management from the following aspects:

Generate key

There are two ways to generate a key, using a random number and using a password.

Random numbers must have properties that cannot be inferred. Generally speaking, we need to use pseudorandom send generators to generate them.

We usually use the Random class in java code, but this class cannot be used to generate keys. We can use java.security.SecureRandom to generate password-secure random numbers.

Here are two common uses of SecureRandom:

SecureRandom random = new SecureRandom (); byte bytes [] = new byte [20]; random.nextBytes (bytes); byte seed [] = random.generateSeed (20)

In addition to random numbers, another way is the password.

Passwords are passwords that can be remembered by human beings. in order to ensure that the keys generated by passwords will not be violently cracked, passwords need to be salted.

To put it simply, add a random number to the password, and then hash the added number, and the calculated result can be used as a key.

Delivery key

In order to distribute the key, we can share the key in advance, use the key distribution center, use public key cryptography and so on. Of course, there are other ways to distribute.

Update key

Sometimes, in order to ensure the security of the key, we need to update the key from time to time. The general practice is to use the current key as a reference value and calculate the new key through a specific algorithm.

Save key

Anyone who has studied blockchain should know that there is a paper key, which is actually written on paper and saved.

When there are too many keys, keeping keys offline becomes a very difficult task. At this point, the key KEK of the key can be used. These keys are encrypted and saved.

In this way, we do not have to consider the security of the encrypted key, because the previous key cannot be restored even if it is stolen. We just need to save the keys that encrypt these keys.

Invalidate key

Invalidating a key is a very complicated thing, because a key is a key, and even if you delete it, other people may have a backup of it. Therefore, the invalidation of the key should be fully taken into account in the design.

We can save obsolete keys through the CRL list.

This is the end of the content of "how to manage keys in Java". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.