BKJAVCRP.RVW 981018
"Java Cryptography", Jonathan Knudsen, 1998, 1-56592-402-9,
U$29.95/C$42.95
%A Jonathan Knudsen
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%D 1998
%G 1-56592-402-9
%I O'Reilly & Associates, Inc.
%O U$29.95/C$42.95 800-998-9938 fax: 707-829-0104 nuts@ora.com
%P 372 p.
%T "Java Cryptography"
This book is intended to teach experienced Java programmers how to add
cryptographic elements to their applications. The text is not intended to
teach encryption algorithms, basic Java programming, or the overall Java
security model: there are other books that fulfill those functions. There
is one other limitation: much of the book relies on the Java Cryptography
Extensions (JCE) which are only available to those in the United States
and Canada (nudge, nudge, wink, wink).
Chapter one lists some fundamentals of encryption and the relationship to
security. There are also a couple of programs right off the bat that will
let you explore message digests, and encrypting and decrypting messages.
The basics of confidentiality, authentication, and some major
cryptographic algorithms are outlined in chapter two. The explanations are
quite terse, but not out of line with the aim of the book. Java Security
Architecture (JCA) is explained in chapter three, along with a quick
overview of the API (Application Programming Interface) and SPI (Service
Provider Interface). Chapter four introduces Java's own pseudo-random
number generator, plus programming for key seeds from keyboard timing.
Key management, in chapter five, is somewhat weak. The APIs only deal
with hierarchical key certification, but this may simply be an example of
Knudsen dealing strictly with the language, and leaving the concepts to
others. I was, however, bemused at some passages that may have suffered
from a lack of copy editing: for example, one section that seemed to
confuse production of Message Authentication Codes with working on
Macintosh computers. Authentication of various types is covered quite
well in chapter six. Chapter seven's guide to encryption covers details
not normally dealt with in cryptography texts because it must handle all
matters related to getting an encryption algorithm to actually function in
an application.
Chapter eight gives enough detail about signed applets to prove that they
are going to be browser specific for a while. Security provider
programming is covered in chapter nine, using the ElGamal algorithm as an
example. A sample application is created using an encrypted version of
the talk utility in chapter ten. An email application is created in
chapter eleven using th provider previously generated in chapter nine.
Chapter twelve closes off by looking at security design for the system
overall.
Appendices review BigInteger arithmetic in Java, the Base64 encoding
scheme (an option for converting binary objects to text characters for
emailing), Java archive files, Javakey, and a quick reference for the Java
cryptography classes as covered in the book.
Knudsen states that the book is written, as far as possible, without
assuming any prior knowledge of cryptography. In this aim he succeeds
rather well. The programmer with no background in encryption can still
add a reasonable layer of security to his or her application. Those who
study further, of course, will be able to ensure a higher level of
protection and reliability.
copyright Robert M. Slade, 1998 BKJAVCRP.RVW 981018
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Dec 8 09:00:02 1998