SlideShare uma empresa Scribd logo

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)

Transferir como PPTX, PDF
Svetlin Nakov
Svetlin Nakov

Cryptography for Java Developers Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA About the Speaker What is Cryptography? Cryptography in Java – APIs and Libraries Hashes, MAC Codes and Key Derivation (KDF) Encrypting Passwords: from Plaintext to Argon2 Symmetric Encryption: AES (KDF + Block Modes + IV + MAC) Digital Signatures, Elliptic Curves, ECDSA, EdDSA Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/

Educação
1 de 57
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA Cryptography for Java Developers Dr. Svetlin Nakov Co-Founder, Chief Training & Innovation @ Software University (SoftUni) https://nakov.com Software University (SoftUni) – http://softuni.org
Table of Contents 1. About the Speaker 2. What is Cryptography? 3. Cryptography in Java – APIs and Libraries 4. Hashes, MAC Codes and Key Derivation (KDF) 5. Encrypting Passwords: from Plaintext to Argon2 6. Symmetric Encryption: AES (KDF + Block Modes + IV + MAC) 7. Digital Signatures, Elliptic Curves, ECDSA, EdDSA 2
 Software engineer, trainer, entrepreneur, PhD, author of 15+ books, blockchain expert  3 successful tech educational initiatives (150,000+ students) About Dr. Svetlin Nakov 3
Book "Practical Cryptography for Developers" 4 GitHub: github.com/nakov/pra ctical-cryptography- for-developers-book Book site: https://cryptobook. nakov.com
What is Cryptography?
 Cryptography provides security and protection of information  Storing and transmitting data in a secure way  Hashing data (message digest) and MAC codes  Encrypting and decrypting data  Symmetric and asymmetric schemes  Key derivation functions (KDF)  Key agreement schemes, digital certificates  Digital signatures (sign / verify) What is Cryptography? 6
Cryptography in Java: JCA, Bouncy Castle, Other Libraries
 JDK defines security APIs based on pluggable security providers  Build-in providers (come with JDK) and 3rd party providers  Named algorithms, e.g.  MessageDigest: SHA-256, SHA3- 256, RipeMD160, Skein-1024  Cipher: AES, Blowfish, ECIES  Signature: SHA3-256withECDSA, SHA512withRSA, SHA384withDSA Java Security: Architecture 8
 Cryptography in Java is based on the Java Cryptography Architecture (JCA)  The built-in functionality is limited  Typical Java style: lot of boilerplate code  Bouncy Castle is a leading Java crypto library / API / provider  https://www.bouncycastle.org/java.html  Argon2 JVM – fast Argon2 native implementation for Java  https://github.com/phxql/argon2-jvm Cryptography APIs in Java 9
 Cava Crypto – excellent simple ECDSA library for secp256k1  https://github.com/ConsenSys/cava  https://github.com/ConsenSys/cava/tree/master/crypto  Web3j / Crypto – a simplified library for secp256k1 signatures  https://github.com/web3j  Ed25519-Java – simple EdDSA and Ed25519 implementation  https://github.com/str4d/ed25519-java Cryptography APIs in Java 10
 Use Maven / Gradle to install the Java crypto libraries  Installing the Bouncy Castle crypto provider / API Installing the Libraries 11 pom.xml <!-- Install the Bouncy Castle crypto provider for Java --> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.60</version> </dependency>
Cryptographic Hash Functions
What is Cryptographic Hash Function? 13  One-way transformation, infeasible to invert  Extremely little chance to find a collision Some text Some text Some text Some text Some text Some text Some text 20c9ad97c081d63397d 7b685a412227a40e23c 8bdc6688c6f37e97cfb c22d2b4d1db1510d8f6 1e6a8866ad7f0e17c02 b14182d37ea7c3c8b9c 2683aeb6b733a1 Text Hash (digest) Cryptographic hash function
 SHA-2 (SHA-256, SHA-384, SHA-512)  Secure crypto hash function, the most widely used today (RFC 4634)  Used in Bitcoin, IPFS, many others  SHA-3 (SHA3-256, SHA3-384, SHA3-512) / Keccak-256  Strong cryptographic hash function, more secure than SHA-2  Used in Ethereum and many modern apps Modern Hashes: SHA-2, SHA3 14 SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7 425e73043362938b9824 SHA3-256('hello') = 3338be694f50c5f338814986cdf0686453a888b84f4 24d792af4b9202398f392
 BLAKE2 (BLAKE2s – 256-bit, BLAKE2b – 512-bit)  Secure crypto hash function, very fast  RIPEMD-160 (160-bit crypto hash)  Considered weak, just 160-bits, still unbroken  Broken hash algorithms: MD5, SHA-1, MD4, SHA-0, MD2  Git and GitHub still use SHA-1 and suffer of collision attacks Modern Hashes: BLAKE2, RIPEMD-160 15 BLAKE2s('hello') = 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8 997eb00be456f140ca25 RIPEMD-160('hello') = 108f07b8382412612c048d07d13f814118445acd
 Calculate SHA-256 hash using the built-in JCA provider: SHA-256 in Java – Example 16 var digest = MessageDigest.getInstance("SHA-256"); digest.update("hello".getBytes()); byte[] hash = digest.digest(); System.out.println("SHA-256('hello') = " + Hex.toHexString(hash)); import java.security.MessageDigest; import org.bouncycastle.util.encoders.Hex; SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
 Calculate RIPEMD-160 hash using the Bouncy Castle provider: RIPEMD-160 in Java – Example 17 var digest = MessageDigest.getInstance("RIPEMD160"); digest.update("hello".getBytes()); byte[] hash = digest.digest(); System.out.println("RIPEMD-160('hello') = " + Hex.toHexString(hash)); import java.security.*; import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; // One-time registration of the "BouncyCastle" JCA provider Security.addProvider(new BouncyCastleProvider()); 108f07b8382412612c048d07d13f814118445acd
HMAC and Key Derivation (KDF) MAC, HMAC, PBKDF2, Scrypt, Argon2
 HMAC = Hash-based Message Authentication Code (RFC 2104)  HMAC(key, msg, hash_func)  hash  Message hash mixed with a secret shared key  Used for message integrity / authentication / key derivation MAC Codes and HMAC 19 HMAC('key', 'hello', SHA-256) = 9307b3b915efb5171ff14d8cb55fbc c798c6c0ef1456d66ded1a6aa723a58b7b HMAC('key', 'hello', RIPEMD-160) = 43ab51f803a68a8b894cb32ee19e6854e9f4e468
 Calculate HMAC-SHA-256 hash using the built-in JCA provider: HMAC in Java – Example 20 Mac mac = Mac.getInstance("HmacSHA256"); Key key = new SecretKeySpec("key".getBytes(), "HmacSHA256"); mac.init(key); byte[] hash = mac.doFinal("hello".getBytes()); System.out.println("HMAC-SHA-256: " + Hex.toHexString(hash)); import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import java.security.Key; import org.bouncycastle.util.encoders.Hex; HMAC-SHA-256: 9307b3b915efb5171ff14d8cb55fbcc798c6c0ef1456d66ded1a6aa723a58b7b
 Key derivation function (KDF) == function(password)  key  PBKDF2 (Password-Based Key Derivation Function 2, RFC 2898) Key Derivation Functions (KDF) 21 PBEKeySpec spec = new PBEKeySpec("password".toCharArray(), "salt".getBytes(), 1000, 128); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); byte[] derivedKey = keyFactory.generateSecret(spec).getEncoded(); System.out.println("PBKDF2 key: " + Hex.toHexString(derivedKey)); PBKDF2 derived key: 632c2812e46d4604102ba7618e9d6d7d
 Scrypt (RFC 7914) is a strong cryptographic key-derivation function  Memory intensive, designed to prevent ASIC and FPGA attacks  key = Scrypt(password, salt, N, r, p, derived-key-len)  N – iterations count (affects memory and CPU usage), e.g. 16384  r – block size (affects memory and CPU usage), e.g. 8  p – parallelism factor (threads to run in parallel), usually 1  Memory used = 128 * N * r * p bytes, e.g. 128 * 16384 * 8 = 16 MB  Parameters for interactive login: N=16384, r=8, p=1 (RAM=16MB)  Parameters for file encryption: N=1048576, r=8, p=1 (RAM=1GB) Key Derivation Functions: Scrypt 22
Scrypt in Java – Example 23 // One-time registration of the "BouncyCastle" JCA provider Security.addProvider(new BouncyCastleProvider()); ScryptKeySpec spec = new ScryptKeySpec( "password".toCharArray(), "salt".getBytes(), 16384, 8, 1, 128); var keyFact = SecretKeyFactory.getInstance("Scrypt"); byte[] derivedKey = keyFact.generateSecret(spec).getEncoded(); System.out.println("Scrypt: " + Hex.toHexString(derivedKey)); Scrypt: 745731af4484f323968969eda289aeee
 Argon2 is ASIC-resistant KDF, stronger than Scrypt and bcrypt  Recommended due to better ASIC-resistance Key Derivation: Argon2 24 pom.xml <!-- Install Argon2-JVM – fast native Argon2 library for Java --> <dependency> <groupId>de.mkammerer</groupId> <artifactId>argon2-jvm</artifactId> <version>2.5</version> </dependency>
Argon2 in Java – Example 25 import de.mkammerer.argon2.Argon2Advanced; import de.mkammerer.argon2.Argon2Factory; import org.bouncycastle.util.encoders.Hex; Argon2Advanced argon2 = Argon2Factory.createAdvanced( Argon2Factory.Argon2Types.ARGON2id); byte[] hash = argon2.rawHash(16, 1 << 15, 2, "password", "some salt".getBytes()); System.out.println("Argon2 hash: " + Hex.toHexString(hash)); Argon2 hash: 157f21dd3fdf7bafb76d2923ccaffa0b7be7cbae394709474d2bc66ee7b09d3e
 Clear-text passwords, e.g. store the password directly in the DB  Never do anti-pattern!  Simple password hash, e.g. store SHA256(password) in the DB  Highly insecure, still better than clear-text, dictionary attacks  Salted hashed passwords, e.g. store HMAC(pass, random_salt)  Almost secure, GPU / ASIC-crackable  ASIC-resistant KDF password hash, e.g. Argon2(password)  Recommended, secure (when the KDF settings are secure) Password Encryption (Register / Login) 26
 Argon2 is the recommended password-hashing for apps Encrypting Passwords: Argon2 27 String hash = argon2.hash(8, 1 << 16, 4, "password"); System.out.println("Argon2 hash (random salt): " + hash); System.out.println("Argon2 verify (correct password): " + argon2.verify(hash, "password")); System.out.println("Argon2 verify (wrong password): " + argon2.verify(hash, "wrong123")); Argon2 hash (random salt): $argon2id$v=19$m=65536,t=8,p=4$FW2kqbP+nidwHnT3Oc vSEg$oYlK3rXJvk0Be+od3To131Cnr8JksL39gjnbMlUCCTk Argon2 verify (correct password): true Argon2 verify (wrong password): false Register Login Invalid Login
Symmetric Encryption AES, Block Modes, Authenticated Encryption encrypt (secret key) I am a non- encrypted message … decrypt (secret key) I am a non- encrypted message …
 Symmetric key ciphers  Use the same key (or password) to encrypt and decrypt data  Popular symmetric algorithms  AES, ChaCha20, Twofish, Serpent, RC5, RC6  Broken algorithms (don't use them!)  DES, 3DES, RC2, RC4 Symmetric Key Ciphers 29
 Block ciphers  Split data on blocks (e.g. 128 bits), then encrypt each block separately, change the internal state, encrypt the next block, …  Stream ciphers  Work on sequences of data (encrypts / decrypts byte by byte)  Block ciphers can be transformed to stream ciphers  Using block mode of operation (e.g. CBC, CTR, GCM, CFB, …)  https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation Symmetric Key Ciphers 30
 AES – Advanced Encryption Standard (Rijndael)  Symmetric key block cipher (128-bit blocks)  Key lengths: 128, 160, 192, 224 and 256 bits  No significant practical attacks are known for AES  Modern CPU hardware implements AES instructions  This speeds-up AES and secure Internet communication  AES is used by most Internet Web sites for the https:// content The "AES" Cipher 31
 AES is a "block cipher" – encrypts block by block (e.g. 128 bits)  Supports several modes of operation (CBC, CTR, GCM, …)  Some modes of operation (like CBC / CTR) require initial vector (IV)  Non-secret random salt  used to get different result each time  Recommended modes: CTR (Counter) or GCM (Galois/Counter)  CBC may use a padding algorithm (typically PKCS7) to help splitting the input data into blocks of fixed block-size (e.g. 128 bits)  May use password to key derivation function, e.g. Argon2(passwd)  May use MAC to check the password validity, e.g. HMAC(text, key) AES Cipher Settings 32
The AES Encryption Process 33 input msg random IV+ AES key+ ciphertext input msg MAC key+ MAC code input msg key+ AES ciphertext MAC+IV+ KDF password key kdf-salt+
The AES Decryption Process 34 original msg MAC key+ MAC code AES ciphertext IV+ KDF password key original msg decrypt Decryption MAC code compare Encryption MAC code key+ kdf-salt+
AES-256-CTR-Argon2-HMAC – Encrypt 35 static Map<String, String> aes256CtrArgon2HMacEncrypt( String plainText, String password) throws Exception { // Derive a secret key from the encryption password SecureRandom rand = new SecureRandom(); byte[] argon2salt = new byte[16]; rand.nextBytes(argon2salt); // Generate 128-bit salt byte[] argon2hash = Argon2Factory.createAdvanced( Argon2Factory.Argon2Types.ARGON2id).rawHash(16, 1 << 15, 2, password, argon2salt); Key secretKey = new SecretKeySpec(argon2hash, "AES");
AES-256-CTR-Argon2-HMAC – Encrypt 36 // AES encryption: {plaintext + IV + secretKey} -> ciphertext byte[] aesIV = new byte[16]; rand.nextBytes(aesIV); // Generate 128-bit IV (salt) IvParameterSpec ivSpec = new IvParameterSpec(aesIV); Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec); byte[] plainTextBytes = plainText.getBytes("utf8"); byte[] cipherBytes = cipher.doFinal(plainTextBytes); // Calculate the MAC of the plaintext with the argon2hash Mac mac = Mac.getInstance("HmacSHA256"); Key macKey = new SecretKeySpec(argon2hash, "HmacSHA256"); mac.init(macKey); byte[] hmac = mac.doFinal(plainText.getBytes("utf8"));
AES-256-CTR-Argon2-HMAC – Encrypt 37 var encryptedMsg = Map.of( "kdf", "argon2", "kdfSalt", Hex.toHexString(argon2salt), "cipher", "aes-256-ctr", "cipherIV", Hex.toHexString(aesIV), "cipherText", Hex.toHexString(cipherBytes), "mac", Hex.toHexString(hmac) ); return encryptedMsg; Encrypted msg: {cipherIV=dd088070cf4f2f6c6560b8fa7fb43f49, kdf=argon2, cipherText=a847f3b2bc59278107, mac=6c143d139d0d7b29aaa 4e0dc5916908d3c27576f4856e3ef487be6eafb23b39a, kdfSalt=90c6fcc318f d273f4f661c019b39b8ed, cipher=aes-256-ctr}
AES-256-CTR-Argon2-HMAC – Decrypt 38 static String aes256CtrArgon2HMacDecrypt(Map<String, String> encryptedMsg, String password) throws Exception { // Derive the secret key from the encryption password with argon2salt byte[] argon2salt = Hex.decode(encryptedMsg.get("kdfSalt")); byte[] argon2hash = Argon2Factory.createAdvanced( Argon2Factory.Argon2Types.ARGON2id).rawHash(16, 1 << 15, 2, password, argon2salt);
AES-256-CTR-Argon2-HMAC – Decrypt 39 // AES decryption: {cipherText + IV + secretKey} -> plainText byte[] aesIV = Hex.decode(encryptedMsg.get("cipherIV")); IvParameterSpec ivSpec = new IvParameterSpec(aesIV); Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding"); Key secretKey = new SecretKeySpec(argon2hash, "AES"); cipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec); byte[] cipherTextBytes = Hex.decode(encryptedMsg.get("cipherText")); byte[] plainTextBytes = cipher.doFinal(cipherTextBytes); String plainText = new String(plainTextBytes, "utf8");
AES-256-CTR-Argon2-HMAC – Decrypt 40 // Calculate & check the MAC code: HMAC(plaintext, argon2hash) Mac mac = Mac.getInstance("HmacSHA256"); Key macKey = new SecretKeySpec(argon2hash, "HmacSHA256"); mac.init(macKey); byte[] hmac = mac.doFinal(plainText.getBytes("utf8")); String decodedMac = Hex.toHexString(hmac); String cipherTextMac = encryptedMsg.get("mac"); if (! decodedMac.equals(cipherTextMac)) throw new InvalidKeyException("MAC does not match: maybe wrong password"); return plainText; }
Digital Signatures ECDSA, EdDSA, Sign / Verify
 Digital signatures provide message signing / verification  Authentication (proof that known sender have signed the message)  Integrity (the message cannot be altered after signing)  Non-repudiation (signer cannot deny message signing)  Digital signatures are based on public key cryptography  Messages are signed by someone's private key  Signatures are verified by the corresponding public key  May use RSA, DSA, elliptic curves (ECC) like ECDSA / EdDSA Digital Signatures – Concepts 42
 Uses a pair of keys: public key + private key  Sign / decrypt by private key  Verify / encrypt by public key Public Key Cryptography 43
 Well-known public-key crypto-systems  RSA – based on discrete logarithms  ECC – based on elliptic curves  ECC cryptography is considered more secure  3072-bit RSA key ≈≈ 256-bit ECC key  ~ 128-bit security level  Most blockchains (like Bitcoin, Ethereum and EOS) use ECC  But be warned: ECC is not quantum-safe! Public Key Crypto Systems 44
 Digital signatures in Java are painful  use external libraries  Use the "Cava Crypto" library for secp256k1 ECDSA signatures ECDSA in Java – Example 45 pom.xml !-- Install Cava Crypto: simple secp256k1 ECDSA library --> <dependency> <groupId>net.consensys.cava</groupId> <artifactId>cava-crypto</artifactId> <version>0.5.0</version> </dependency>
ECDSA in Java – Example 46  Registering the Bouncy Castle crypto provider  Generating public + private key pair: Security.addProvider(new BouncyCastleProvider()); // Generate random key-pair SECP256K1.KeyPair keyPair = SECP256K1.KeyPair.random(); // Load key-pair from existing private key SECP256K1.KeyPair keyPair = SECP256K1.KeyPair.fromSecretKey( SECP256K1.SecretKey.fromInteger(new BigInteger( "207724f0eba0800350f579726c2a8bbd1ac6385f4168e493cfd91efe522959cf", 16)));
ECDSA in Java – Example 47 System.out.println("Private key (256 bits): " + Hex.toHexString(keyPair.secretKey().bytesArray())); System.out.println("Public key (512 bits): 04" + Hex.toHexString(keyPair.publicKey().bytesArray())); System.out.println("Public key (compressed): " + compressPubKey(keyPair.publicKey())); static String compressPubKey(SECP256K1.PublicKey pk) { BigInteger pubKey = new BigInteger(1, pk.bytesArray()); String pubKeyYPrefix = pubKey.testBit(0) ? "03" : "02"; String pubKeyHex = pubKey.toString(16); String pubKeyX = pubKeyHex.substring(0, 64); return pubKeyYPrefix + pubKeyX; }
 Signing a message with SHA256 + ECDSA with secp256k1 ECDSA in Java – Example 48 String msg = "Message for signing"; byte[] msgHash = Hash.sha2_256(msg.getBytes()); var signature = SECP256K1.signHashed(msgHash, keyPair); System.out.println("Msg: " + msg); System.out.println("Msg hash: " + Hex.toHexString(msgHash)); System.out.printf("Signature: [r = %s, s = %s, v = %d]n", signature.r().toString(16), signature.s().toString(16), signature.v()); Signature: [r = 3ce2c58b02a06f16c849d6ac1d05e9d6dc41b92929ed2733d3 ddf060e2035c20, s = 292d5d83ffd5a46befeef33a9c6e9fc562d412e0d90934 dfb4ed0a7d80caff61, v = 0]
 Verify ECDSA signature: ECDSA in Java – Example 49 boolean validSig = SECP256K1.verifyHashed( msgHash, signature, keyPair.publicKey()); System.out.println("Signature valid (correct key)? " + validSig); boolean validSigWrongKey = SECP256K1.verifyHashed( msgHash, signature, SECP256K1.KeyPair.random().publicKey()); System.out.println("Signature valid (wrong key)? " + validSigWrongKey); Signature valid (wrong key)? false Signature valid (correct key)? true
ECDSA + secp256k1: Recover Public Key 50 // Recover the public key from msg + signature SECP256K1.PublicKey recoveredPubKey = SECP256K1.PublicKey. recoverFromHashAndSignature(msgHash, signature); System.out.println("Recovered pubKey: 04" + Hex.toHexString(recoveredPubKey.bytesArray())); System.out.println("Signature valid ? " + recoveredPubKey.equals(keyPair.publicKey())); Recovered pubKey: 0425c919aa487e577cc361f43a9b81f3484286ac6132c9ef f047ec6eca6c1dcc89200c1bf5d6da42a8206a2f01b585d35ea05c2648050f3dd4 c98fc0b87f5191e5 Signature valid ? true
 EdDSA is elliptic curve-based digital signature scheme (based on Edwards curves)  Ed25519 is fast Edwards curve, used for EdDSA signatures  256-bit public key (252 + 5 fixed bits) and 256-bit private key  Supported by 3rd party libraries like  https://github.com/str4d/ed25519-java  EdDSA is preferred to ECDSA in most modern apps  Faster and easier to use EdDSA + Ed25519 Signatures 51
EdDSA in Java – Example 52  Installing the required library Ed25519-Java using Maven  Registering the EdDSA-Java crypto provider Security.addProvider(new EdDSASecurityProvider()); pom.xml <dependency> <groupId>net.i2p.crypto</groupId> <artifactId>eddsa</artifactId> <version>0.3.0</version> </dependency>
EdDSA in Java – Example 53  Generating a random EdDSA public + private key pair var keyGen = KeyPairGenerator.getInstance("EdDSA"); var keyPair = keyGen.generateKeyPair(); System.out.println("Private key: " + Hex.toHexString(keyPair.getPrivate().getEncoded())); System.out.println("Public key: " + Hex.toHexString(keyPair.getPublic().getEncoded())); Private key: 302e020100300506032b657004220420b57ea3f12b503be8e7c89 99dd9cb630ecb06cb68e10763fb40331e5131b2a1f0 Public key: 302a300506032b6570032100796295d26f7a69a2a573cf95f99bd5 becb906e757bb55424deb4ed00a99cc572
EdDSA in Java – Example 54  Signing a message with EdDSA String msg = "Message for signing"; Signature signer = new EdDSAEngine( MessageDigest.getInstance("SHA-512")); signer.initSign(keyPair.getPrivate()); signer.update(msg.getBytes()); byte[] signature = signer.sign(); System.out.println("Signature: " + Hex.toHexString(signature)); Signature: 1256d92d27b5b4e633494b86f5f55dc18155ae4eed35d5f596f1dbb 894acef0df7e2b756ef5e5681260d2f46dd1c26e180591e1ec3f9997f213ddf0ca 55c6703
EdDSA in Java – Example 55  Verifying EdDSA signature: {msg + signature + pubKey}  bool Signature verifier = new EdDSAEngine(MessageDigest.getInstance("SHA-512")); verifier.initVerify(keyPair.getPublic()); verifier.update(msg.getBytes()); boolean validSig = verifier.verify(signature); System.out.println("Signature valid (correct key)? " + validSig); Signature valid (correct key)? true
Live Demos and Code Examples https://github.com/nakov/Java-Cryptography-Examples
https://nakov.com Cryptography for Java Developers

Recomendados

Jwt Security
Jwt SecurityJwt Security
Jwt SecuritySeid Yassin
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWTPrashant Walke
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
JSON Web Tokens
JSON Web TokensJSON Web Tokens
JSON Web TokensIvan Rosolen
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
Spring JMS
Spring JMSSpring JMS
Spring JMSEmprovise
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 

Recomendados

Jwt Security
Jwt SecurityJwt Security
Jwt SecuritySeid Yassin
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWTPrashant Walke
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
JSON Web Tokens
JSON Web TokensJSON Web Tokens
JSON Web TokensIvan Rosolen
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
Spring JMS
Spring JMSSpring JMS
Spring JMSEmprovise
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
Testing an onion architecture - done right
Testing an onion architecture - done rightTesting an onion architecture - done right
Testing an onion architecture - done rightMichel Schudel
 
Spring boot Under Da Hood
Spring boot Under Da HoodSpring boot Under Da Hood
Spring boot Under Da HoodMichel Schudel
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerVMware Tanzu
 
Introduction to spring boot
Introduction to spring bootIntroduction to spring boot
Introduction to spring bootSantosh Kumar Kar
 
Spring boot
Spring bootSpring boot
Spring bootsdeeg
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
Fetch API Talk
Fetch API TalkFetch API Talk
Fetch API TalkChiamaka Nwolisa
 
Json web token
Json web tokenJson web token
Json web tokenMayank Patel
 
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappsMikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappshacktivity
 
Introduction Node.js
Introduction Node.jsIntroduction Node.js
Introduction Node.jsErik van Appeldoorn
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
 
EVM - The Heart of Ethereum
EVM - The Heart of EthereumEVM - The Heart of Ethereum
EVM - The Heart of EthereumTruong Nguyen
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesMichał Czeraszkiewicz
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Spring Boot in Action
Spring Boot in Action Spring Boot in Action
Spring Boot in Action Alex Movila
 
Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Jim Manico
 

Mais conteúdo relacionado

Mais procurados

Testing an onion architecture - done right
Testing an onion architecture - done rightTesting an onion architecture - done right
Testing an onion architecture - done rightMichel Schudel
 
Spring boot Under Da Hood
Spring boot Under Da HoodSpring boot Under Da Hood
Spring boot Under Da HoodMichel Schudel
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerVMware Tanzu
 
Spring boot
Spring bootSpring boot
Spring bootsdeeg
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappsMikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappshacktivity
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
 
EVM - The Heart of Ethereum
EVM - The Heart of EthereumEVM - The Heart of Ethereum
EVM - The Heart of EthereumTruong Nguyen
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Spring Boot in Action
Spring Boot in Action Spring Boot in Action
Spring Boot in Action Alex Movila
 
Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 

Mais procurados (20)

Testing an onion architecture - done right
Testing an onion architecture - done rightTesting an onion architecture - done right
Testing an onion architecture - done right
 
Spring boot Under Da Hood
Spring boot Under Da HoodSpring boot Under Da Hood
Spring boot Under Da Hood
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
Getting Started with Spring Authorization Server
Getting Started with Spring Authorization ServerGetting Started with Spring Authorization Server
Getting Started with Spring Authorization Server
 
Introduction to spring boot
Introduction to spring bootIntroduction to spring boot
Introduction to spring boot
 
Spring boot
Spring bootSpring boot
Spring boot
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Fetch API Talk
Fetch API TalkFetch API Talk
Fetch API Talk
 
Json web token
Json web tokenJson web token
Json web token
 
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webappsMikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps
Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps
 
Introduction Node.js
Introduction Node.jsIntroduction Node.js
Introduction Node.js
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)
 
EVM - The Heart of Ethereum
EVM - The Heart of EthereumEVM - The Heart of Ethereum
EVM - The Heart of Ethereum
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
Spring Boot in Action
Spring Boot in Action Spring Boot in Action
Spring Boot in Action
 
Spring Security
Spring SecuritySpring Security
Spring Security
 

Semelhante a Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)

[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Jim Manico
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersJavan Rasokat
 
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021StreamNative
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
introduction to jsrsasign
introduction to jsrsasignintroduction to jsrsasign
introduction to jsrsasignKenji Urushima
 
Java @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SPJava @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SPIlan Salviano
 
Jvm operation casual talks
Jvm operation casual talksJvm operation casual talks
Jvm operation casual talksYusaku Watanabe
 
Kraken Front-Trends
Kraken Front-TrendsKraken Front-Trends
Kraken Front-TrendsPayPal
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API LandminesErnie Turner
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Postgres the hardway
Postgres the hardwayPostgres the hardway
Postgres the hardwayDave Pitts
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APIKevin Hakanson
 
End-to-end HTML5 APIs - The Geek Gathering 2013
End-to-end HTML5 APIs - The Geek Gathering 2013End-to-end HTML5 APIs - The Geek Gathering 2013
End-to-end HTML5 APIs - The Geek Gathering 2013Alexandre Morgaut
 
Real World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS ApplicationReal World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS ApplicationBen Hall
 

Semelhante a Cryptography for Java Developers: Nakov jProfessionals (Jan 2019) (20)

[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Gimme Caching - The JCache Way
Gimme Caching - The JCache WayGimme Caching - The JCache Way
Gimme Caching - The JCache Way
 
Testing NodeJS Security
Testing NodeJS SecurityTesting NodeJS Security
Testing NodeJS Security
 
Excelian hyperledger walkthrough-feb17
Excelian hyperledger walkthrough-feb17Excelian hyperledger walkthrough-feb17
Excelian hyperledger walkthrough-feb17
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
 
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
introduction to jsrsasign
introduction to jsrsasignintroduction to jsrsasign
introduction to jsrsasign
 
Java @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SPJava @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SP
 
Jvm operation casual talks
Jvm operation casual talksJvm operation casual talks
Jvm operation casual talks
 
Kraken Front-Trends
Kraken Front-TrendsKraken Front-Trends
Kraken Front-Trends
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API Landmines
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Node.js vs Play Framework
Node.js vs Play FrameworkNode.js vs Play Framework
Node.js vs Play Framework
 
Postgres the hardway
Postgres the hardwayPostgres the hardway
Postgres the hardway
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
 
End-to-end HTML5 APIs - The Geek Gathering 2013
End-to-end HTML5 APIs - The Geek Gathering 2013End-to-end HTML5 APIs - The Geek Gathering 2013
End-to-end HTML5 APIs - The Geek Gathering 2013
 
Real World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS ApplicationReal World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS Application
 

Mais de Svetlin Nakov

BG-IT-Edu: отворено учебно съдържание за ИТ учители
BG-IT-Edu: отворено учебно съдържание за ИТ учителиBG-IT-Edu: отворено учебно съдържание за ИТ учители
BG-IT-Edu: отворено учебно съдържание за ИТ учителиSvetlin Nakov
 
Programming World in 2024
Programming World in 2024Programming World in 2024
Programming World in 2024Svetlin Nakov
 
AI Tools for Business and Startups
AI Tools for Business and StartupsAI Tools for Business and Startups
AI Tools for Business and StartupsSvetlin Nakov
 
AI Tools for Scientists - Nakov (Oct 2023)
AI Tools for Scientists - Nakov (Oct 2023)AI Tools for Scientists - Nakov (Oct 2023)
AI Tools for Scientists - Nakov (Oct 2023)Svetlin Nakov
 
AI Tools for Entrepreneurs
AI Tools for EntrepreneursAI Tools for Entrepreneurs
AI Tools for EntrepreneursSvetlin Nakov
 
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023Svetlin Nakov
 
AI Tools for Business and Personal Life
AI Tools for Business and Personal LifeAI Tools for Business and Personal Life
AI Tools for Business and Personal LifeSvetlin Nakov
 
Дипломна работа: учебно съдържание по ООП - Светлин Наков
Дипломна работа: учебно съдържание по ООП - Светлин НаковДипломна работа: учебно съдържание по ООП - Светлин Наков
Дипломна работа: учебно съдържание по ООП - Светлин НаковSvetlin Nakov
 
Дипломна работа: учебно съдържание по ООП
Дипломна работа: учебно съдържание по ООПДипломна работа: учебно съдържание по ООП
Дипломна работа: учебно съдържание по ООПSvetlin Nakov
 
Свободно ИТ учебно съдържание за учители по програмиране и ИТ
Свободно ИТ учебно съдържание за учители по програмиране и ИТСвободно ИТ учебно съдържание за учители по програмиране и ИТ
Свободно ИТ учебно съдържание за учители по програмиране и ИТSvetlin Nakov
 
AI and the Professions of the Future
AI and the Professions of the FutureAI and the Professions of the Future
AI and the Professions of the FutureSvetlin Nakov
 
Programming Languages Trends for 2023
Programming Languages Trends for 2023Programming Languages Trends for 2023
Programming Languages Trends for 2023Svetlin Nakov
 
IT Professions and How to Become a Developer
IT Professions and How to Become a DeveloperIT Professions and How to Become a Developer
IT Professions and How to Become a DeveloperSvetlin Nakov
 
GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)Svetlin Nakov
 
IT Professions and Their Future
IT Professions and Their FutureIT Professions and Their Future
IT Professions and Their FutureSvetlin Nakov
 
How to Become a QA Engineer and Start a Job
How to Become a QA Engineer and Start a JobHow to Become a QA Engineer and Start a Job
How to Become a QA Engineer and Start a JobSvetlin Nakov
 
Призвание и цели: моята рецепта
Призвание и цели: моята рецептаПризвание и цели: моята рецепта
Призвание и цели: моята рецептаSvetlin Nakov
 
What Mongolian IT Industry Can Learn from Bulgaria?
What Mongolian IT Industry Can Learn from Bulgaria?What Mongolian IT Industry Can Learn from Bulgaria?
What Mongolian IT Industry Can Learn from Bulgaria?Svetlin Nakov
 
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)How to Become a Software Developer - Nakov in Mongolia (Oct 2022)
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)Svetlin Nakov
 
Blockchain and DeFi Overview (Nakov, Sept 2021)
Blockchain and DeFi Overview (Nakov, Sept 2021)Blockchain and DeFi Overview (Nakov, Sept 2021)
Blockchain and DeFi Overview (Nakov, Sept 2021)Svetlin Nakov
 

Mais de Svetlin Nakov (20)

BG-IT-Edu: отворено учебно съдържание за ИТ учители
BG-IT-Edu: отворено учебно съдържание за ИТ учителиBG-IT-Edu: отворено учебно съдържание за ИТ учители
BG-IT-Edu: отворено учебно съдържание за ИТ учители
 
Programming World in 2024
Programming World in 2024Programming World in 2024
Programming World in 2024
 
AI Tools for Business and Startups
AI Tools for Business and StartupsAI Tools for Business and Startups
AI Tools for Business and Startups
 
AI Tools for Scientists - Nakov (Oct 2023)
AI Tools for Scientists - Nakov (Oct 2023)AI Tools for Scientists - Nakov (Oct 2023)
AI Tools for Scientists - Nakov (Oct 2023)
 
AI Tools for Entrepreneurs
AI Tools for EntrepreneursAI Tools for Entrepreneurs
AI Tools for Entrepreneurs
 
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023
 
AI Tools for Business and Personal Life
AI Tools for Business and Personal LifeAI Tools for Business and Personal Life
AI Tools for Business and Personal Life
 
Дипломна работа: учебно съдържание по ООП - Светлин Наков
Дипломна работа: учебно съдържание по ООП - Светлин НаковДипломна работа: учебно съдържание по ООП - Светлин Наков
Дипломна работа: учебно съдържание по ООП - Светлин Наков
 
Дипломна работа: учебно съдържание по ООП
Дипломна работа: учебно съдържание по ООПДипломна работа: учебно съдържание по ООП
Дипломна работа: учебно съдържание по ООП
 
Свободно ИТ учебно съдържание за учители по програмиране и ИТ
Свободно ИТ учебно съдържание за учители по програмиране и ИТСвободно ИТ учебно съдържание за учители по програмиране и ИТ
Свободно ИТ учебно съдържание за учители по програмиране и ИТ
 
AI and the Professions of the Future
AI and the Professions of the FutureAI and the Professions of the Future
AI and the Professions of the Future
 
Programming Languages Trends for 2023
Programming Languages Trends for 2023Programming Languages Trends for 2023
Programming Languages Trends for 2023
 
IT Professions and How to Become a Developer
IT Professions and How to Become a DeveloperIT Professions and How to Become a Developer
IT Professions and How to Become a Developer
 
GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)
 
IT Professions and Their Future
IT Professions and Their FutureIT Professions and Their Future
IT Professions and Their Future
 
How to Become a QA Engineer and Start a Job
How to Become a QA Engineer and Start a JobHow to Become a QA Engineer and Start a Job
How to Become a QA Engineer and Start a Job
 
Призвание и цели: моята рецепта
Призвание и цели: моята рецептаПризвание и цели: моята рецепта
Призвание и цели: моята рецепта
 
What Mongolian IT Industry Can Learn from Bulgaria?
What Mongolian IT Industry Can Learn from Bulgaria?What Mongolian IT Industry Can Learn from Bulgaria?
What Mongolian IT Industry Can Learn from Bulgaria?
 
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)How to Become a Software Developer - Nakov in Mongolia (Oct 2022)
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)
 
Blockchain and DeFi Overview (Nakov, Sept 2021)
Blockchain and DeFi Overview (Nakov, Sept 2021)Blockchain and DeFi Overview (Nakov, Sept 2021)
Blockchain and DeFi Overview (Nakov, Sept 2021)
 

Último

Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 

Último (20)

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)

  • 1. Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA Cryptography for Java Developers Dr. Svetlin Nakov Co-Founder, Chief Training & Innovation @ Software University (SoftUni) https://nakov.com Software University (SoftUni) – http://softuni.org
  • 2. Table of Contents 1. About the Speaker 2. What is Cryptography? 3. Cryptography in Java – APIs and Libraries 4. Hashes, MAC Codes and Key Derivation (KDF) 5. Encrypting Passwords: from Plaintext to Argon2 6. Symmetric Encryption: AES (KDF + Block Modes + IV + MAC) 7. Digital Signatures, Elliptic Curves, ECDSA, EdDSA 2
  • 3.  Software engineer, trainer, entrepreneur, PhD, author of 15+ books, blockchain expert  3 successful tech educational initiatives (150,000+ students) About Dr. Svetlin Nakov 3
  • 4. Book "Practical Cryptography for Developers" 4 GitHub: github.com/nakov/pra ctical-cryptography- for-developers-book Book site: https://cryptobook. nakov.com
  • 6.  Cryptography provides security and protection of information  Storing and transmitting data in a secure way  Hashing data (message digest) and MAC codes  Encrypting and decrypting data  Symmetric and asymmetric schemes  Key derivation functions (KDF)  Key agreement schemes, digital certificates  Digital signatures (sign / verify) What is Cryptography? 6
  • 7. Cryptography in Java: JCA, Bouncy Castle, Other Libraries
  • 8.  JDK defines security APIs based on pluggable security providers  Build-in providers (come with JDK) and 3rd party providers  Named algorithms, e.g.  MessageDigest: SHA-256, SHA3- 256, RipeMD160, Skein-1024  Cipher: AES, Blowfish, ECIES  Signature: SHA3-256withECDSA, SHA512withRSA, SHA384withDSA Java Security: Architecture 8
  • 9.  Cryptography in Java is based on the Java Cryptography Architecture (JCA)  The built-in functionality is limited  Typical Java style: lot of boilerplate code  Bouncy Castle is a leading Java crypto library / API / provider  https://www.bouncycastle.org/java.html  Argon2 JVM – fast Argon2 native implementation for Java  https://github.com/phxql/argon2-jvm Cryptography APIs in Java 9
  • 10.  Cava Crypto – excellent simple ECDSA library for secp256k1  https://github.com/ConsenSys/cava  https://github.com/ConsenSys/cava/tree/master/crypto  Web3j / Crypto – a simplified library for secp256k1 signatures  https://github.com/web3j  Ed25519-Java – simple EdDSA and Ed25519 implementation  https://github.com/str4d/ed25519-java Cryptography APIs in Java 10
  • 11.  Use Maven / Gradle to install the Java crypto libraries  Installing the Bouncy Castle crypto provider / API Installing the Libraries 11 pom.xml <!-- Install the Bouncy Castle crypto provider for Java --> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.60</version> </dependency>
  • 13. What is Cryptographic Hash Function? 13  One-way transformation, infeasible to invert  Extremely little chance to find a collision Some text Some text Some text Some text Some text Some text Some text 20c9ad97c081d63397d 7b685a412227a40e23c 8bdc6688c6f37e97cfb c22d2b4d1db1510d8f6 1e6a8866ad7f0e17c02 b14182d37ea7c3c8b9c 2683aeb6b733a1 Text Hash (digest) Cryptographic hash function
  • 14.  SHA-2 (SHA-256, SHA-384, SHA-512)  Secure crypto hash function, the most widely used today (RFC 4634)  Used in Bitcoin, IPFS, many others  SHA-3 (SHA3-256, SHA3-384, SHA3-512) / Keccak-256  Strong cryptographic hash function, more secure than SHA-2  Used in Ethereum and many modern apps Modern Hashes: SHA-2, SHA3 14 SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7 425e73043362938b9824 SHA3-256('hello') = 3338be694f50c5f338814986cdf0686453a888b84f4 24d792af4b9202398f392
  • 15.  BLAKE2 (BLAKE2s – 256-bit, BLAKE2b – 512-bit)  Secure crypto hash function, very fast  RIPEMD-160 (160-bit crypto hash)  Considered weak, just 160-bits, still unbroken  Broken hash algorithms: MD5, SHA-1, MD4, SHA-0, MD2  Git and GitHub still use SHA-1 and suffer of collision attacks Modern Hashes: BLAKE2, RIPEMD-160 15 BLAKE2s('hello') = 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8 997eb00be456f140ca25 RIPEMD-160('hello') = 108f07b8382412612c048d07d13f814118445acd
  • 16.  Calculate SHA-256 hash using the built-in JCA provider: SHA-256 in Java – Example 16 var digest = MessageDigest.getInstance("SHA-256"); digest.update("hello".getBytes()); byte[] hash = digest.digest(); System.out.println("SHA-256('hello') = " + Hex.toHexString(hash)); import java.security.MessageDigest; import org.bouncycastle.util.encoders.Hex; SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
  • 17.  Calculate RIPEMD-160 hash using the Bouncy Castle provider: RIPEMD-160 in Java – Example 17 var digest = MessageDigest.getInstance("RIPEMD160"); digest.update("hello".getBytes()); byte[] hash = digest.digest(); System.out.println("RIPEMD-160('hello') = " + Hex.toHexString(hash)); import java.security.*; import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; // One-time registration of the "BouncyCastle" JCA provider Security.addProvider(new BouncyCastleProvider()); 108f07b8382412612c048d07d13f814118445acd
  • 18. HMAC and Key Derivation (KDF) MAC, HMAC, PBKDF2, Scrypt, Argon2
  • 19.  HMAC = Hash-based Message Authentication Code (RFC 2104)  HMAC(key, msg, hash_func)  hash  Message hash mixed with a secret shared key  Used for message integrity / authentication / key derivation MAC Codes and HMAC 19 HMAC('key', 'hello', SHA-256) = 9307b3b915efb5171ff14d8cb55fbc c798c6c0ef1456d66ded1a6aa723a58b7b HMAC('key', 'hello', RIPEMD-160) = 43ab51f803a68a8b894cb32ee19e6854e9f4e468
  • 20.  Calculate HMAC-SHA-256 hash using the built-in JCA provider: HMAC in Java – Example 20 Mac mac = Mac.getInstance("HmacSHA256"); Key key = new SecretKeySpec("key".getBytes(), "HmacSHA256"); mac.init(key); byte[] hash = mac.doFinal("hello".getBytes()); System.out.println("HMAC-SHA-256: " + Hex.toHexString(hash)); import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import java.security.Key; import org.bouncycastle.util.encoders.Hex; HMAC-SHA-256: 9307b3b915efb5171ff14d8cb55fbcc798c6c0ef1456d66ded1a6aa723a58b7b
  • 21.  Key derivation function (KDF) == function(password)  key  PBKDF2 (Password-Based Key Derivation Function 2, RFC 2898) Key Derivation Functions (KDF) 21 PBEKeySpec spec = new PBEKeySpec("password".toCharArray(), "salt".getBytes(), 1000, 128); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); byte[] derivedKey = keyFactory.generateSecret(spec).getEncoded(); System.out.println("PBKDF2 key: " + Hex.toHexString(derivedKey)); PBKDF2 derived key: 632c2812e46d4604102ba7618e9d6d7d
  • 22.  Scrypt (RFC 7914) is a strong cryptographic key-derivation function  Memory intensive, designed to prevent ASIC and FPGA attacks  key = Scrypt(password, salt, N, r, p, derived-key-len)  N – iterations count (affects memory and CPU usage), e.g. 16384  r – block size (affects memory and CPU usage), e.g. 8  p – parallelism factor (threads to run in parallel), usually 1  Memory used = 128 * N * r * p bytes, e.g. 128 * 16384 * 8 = 16 MB  Parameters for interactive login: N=16384, r=8, p=1 (RAM=16MB)  Parameters for file encryption: N=1048576, r=8, p=1 (RAM=1GB) Key Derivation Functions: Scrypt 22
  • 23. Scrypt in Java – Example 23 // One-time registration of the "BouncyCastle" JCA provider Security.addProvider(new BouncyCastleProvider()); ScryptKeySpec spec = new ScryptKeySpec( "password".toCharArray(), "salt".getBytes(), 16384, 8, 1, 128); var keyFact = SecretKeyFactory.getInstance("Scrypt"); byte[] derivedKey = keyFact.generateSecret(spec).getEncoded(); System.out.println("Scrypt: " + Hex.toHexString(derivedKey)); Scrypt: 745731af4484f323968969eda289aeee
  • 24.  Argon2 is ASIC-resistant KDF, stronger than Scrypt and bcrypt  Recommended due to better ASIC-resistance Key Derivation: Argon2 24 pom.xml <!-- Install Argon2-JVM – fast native Argon2 library for Java --> <dependency> <groupId>de.mkammerer</groupId> <artifactId>argon2-jvm</artifactId> <version>2.5</version> </dependency>
  • 25. Argon2 in Java – Example 25 import de.mkammerer.argon2.Argon2Advanced; import de.mkammerer.argon2.Argon2Factory; import org.bouncycastle.util.encoders.Hex; Argon2Advanced argon2 = Argon2Factory.createAdvanced( Argon2Factory.Argon2Types.ARGON2id); byte[] hash = argon2.rawHash(16, 1 << 15, 2, "password", "some salt".getBytes()); System.out.println("Argon2 hash: " + Hex.toHexString(hash)); Argon2 hash: 157f21dd3fdf7bafb76d2923ccaffa0b7be7cbae394709474d2bc66ee7b09d3e
  • 26.  Clear-text passwords, e.g. store the password directly in the DB  Never do anti-pattern!  Simple password hash, e.g. store SHA256(password) in the DB  Highly insecure, still better than clear-text, dictionary attacks  Salted hashed passwords, e.g. store HMAC(pass, random_salt)  Almost secure, GPU / ASIC-crackable  ASIC-resistant KDF password hash, e.g. Argon2(password)  Recommended, secure (when the KDF settings are secure) Password Encryption (Register / Login) 26
  • 27.  Argon2 is the recommended password-hashing for apps Encrypting Passwords: Argon2 27 String hash = argon2.hash(8, 1 << 16, 4, "password"); System.out.println("Argon2 hash (random salt): " + hash); System.out.println("Argon2 verify (correct password): " + argon2.verify(hash, "password")); System.out.println("Argon2 verify (wrong password): " + argon2.verify(hash, "wrong123")); Argon2 hash (random salt): $argon2id$v=19$m=65536,t=8,p=4$FW2kqbP+nidwHnT3Oc vSEg$oYlK3rXJvk0Be+od3To131Cnr8JksL39gjnbMlUCCTk Argon2 verify (correct password): true Argon2 verify (wrong password): false Register Login Invalid Login
  • 28. Symmetric Encryption AES, Block Modes, Authenticated Encryption encrypt (secret key) I am a non- encrypted message … decrypt (secret key) I am a non- encrypted message …
  • 29.  Symmetric key ciphers  Use the same key (or password) to encrypt and decrypt data  Popular symmetric algorithms  AES, ChaCha20, Twofish, Serpent, RC5, RC6  Broken algorithms (don't use them!)  DES, 3DES, RC2, RC4 Symmetric Key Ciphers 29
  • 30.  Block ciphers  Split data on blocks (e.g. 128 bits), then encrypt each block separately, change the internal state, encrypt the next block, …  Stream ciphers  Work on sequences of data (encrypts / decrypts byte by byte)  Block ciphers can be transformed to stream ciphers  Using block mode of operation (e.g. CBC, CTR, GCM, CFB, …)  https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation Symmetric Key Ciphers 30
  • 31.  AES – Advanced Encryption Standard (Rijndael)  Symmetric key block cipher (128-bit blocks)  Key lengths: 128, 160, 192, 224 and 256 bits  No significant practical attacks are known for AES  Modern CPU hardware implements AES instructions  This speeds-up AES and secure Internet communication  AES is used by most Internet Web sites for the https:// content The "AES" Cipher 31
  • 32.  AES is a "block cipher" – encrypts block by block (e.g. 128 bits)  Supports several modes of operation (CBC, CTR, GCM, …)  Some modes of operation (like CBC / CTR) require initial vector (IV)  Non-secret random salt  used to get different result each time  Recommended modes: CTR (Counter) or GCM (Galois/Counter)  CBC may use a padding algorithm (typically PKCS7) to help splitting the input data into blocks of fixed block-size (e.g. 128 bits)  May use password to key derivation function, e.g. Argon2(passwd)  May use MAC to check the password validity, e.g. HMAC(text, key) AES Cipher Settings 32
  • 33. The AES Encryption Process 33 input msg random IV+ AES key+ ciphertext input msg MAC key+ MAC code input msg key+ AES ciphertext MAC+IV+ KDF password key kdf-salt+
  • 34. The AES Decryption Process 34 original msg MAC key+ MAC code AES ciphertext IV+ KDF password key original msg decrypt Decryption MAC code compare Encryption MAC code key+ kdf-salt+
  • 35. AES-256-CTR-Argon2-HMAC – Encrypt 35 static Map<String, String> aes256CtrArgon2HMacEncrypt( String plainText, String password) throws Exception { // Derive a secret key from the encryption password SecureRandom rand = new SecureRandom(); byte[] argon2salt = new byte[16]; rand.nextBytes(argon2salt); // Generate 128-bit salt byte[] argon2hash = Argon2Factory.createAdvanced( Argon2Factory.Argon2Types.ARGON2id).rawHash(16, 1 << 15, 2, password, argon2salt); Key secretKey = new SecretKeySpec(argon2hash, "AES");
  • 36. AES-256-CTR-Argon2-HMAC – Encrypt 36 // AES encryption: {plaintext + IV + secretKey} -> ciphertext byte[] aesIV = new byte[16]; rand.nextBytes(aesIV); // Generate 128-bit IV (salt) IvParameterSpec ivSpec = new IvParameterSpec(aesIV); Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec); byte[] plainTextBytes = plainText.getBytes("utf8"); byte[] cipherBytes = cipher.doFinal(plainTextBytes); // Calculate the MAC of the plaintext with the argon2hash Mac mac = Mac.getInstance("HmacSHA256"); Key macKey = new SecretKeySpec(argon2hash, "HmacSHA256"); mac.init(macKey); byte[] hmac = mac.doFinal(plainText.getBytes("utf8"));
  • 37. AES-256-CTR-Argon2-HMAC – Encrypt 37 var encryptedMsg = Map.of( "kdf", "argon2", "kdfSalt", Hex.toHexString(argon2salt), "cipher", "aes-256-ctr", "cipherIV", Hex.toHexString(aesIV), "cipherText", Hex.toHexString(cipherBytes), "mac", Hex.toHexString(hmac) ); return encryptedMsg; Encrypted msg: {cipherIV=dd088070cf4f2f6c6560b8fa7fb43f49, kdf=argon2, cipherText=a847f3b2bc59278107, mac=6c143d139d0d7b29aaa 4e0dc5916908d3c27576f4856e3ef487be6eafb23b39a, kdfSalt=90c6fcc318f d273f4f661c019b39b8ed, cipher=aes-256-ctr}
  • 38. AES-256-CTR-Argon2-HMAC – Decrypt 38 static String aes256CtrArgon2HMacDecrypt(Map<String, String> encryptedMsg, String password) throws Exception { // Derive the secret key from the encryption password with argon2salt byte[] argon2salt = Hex.decode(encryptedMsg.get("kdfSalt")); byte[] argon2hash = Argon2Factory.createAdvanced( Argon2Factory.Argon2Types.ARGON2id).rawHash(16, 1 << 15, 2, password, argon2salt);
  • 39. AES-256-CTR-Argon2-HMAC – Decrypt 39 // AES decryption: {cipherText + IV + secretKey} -> plainText byte[] aesIV = Hex.decode(encryptedMsg.get("cipherIV")); IvParameterSpec ivSpec = new IvParameterSpec(aesIV); Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding"); Key secretKey = new SecretKeySpec(argon2hash, "AES"); cipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec); byte[] cipherTextBytes = Hex.decode(encryptedMsg.get("cipherText")); byte[] plainTextBytes = cipher.doFinal(cipherTextBytes); String plainText = new String(plainTextBytes, "utf8");
  • 40. AES-256-CTR-Argon2-HMAC – Decrypt 40 // Calculate & check the MAC code: HMAC(plaintext, argon2hash) Mac mac = Mac.getInstance("HmacSHA256"); Key macKey = new SecretKeySpec(argon2hash, "HmacSHA256"); mac.init(macKey); byte[] hmac = mac.doFinal(plainText.getBytes("utf8")); String decodedMac = Hex.toHexString(hmac); String cipherTextMac = encryptedMsg.get("mac"); if (! decodedMac.equals(cipherTextMac)) throw new InvalidKeyException("MAC does not match: maybe wrong password"); return plainText; }
  • 42.  Digital signatures provide message signing / verification  Authentication (proof that known sender have signed the message)  Integrity (the message cannot be altered after signing)  Non-repudiation (signer cannot deny message signing)  Digital signatures are based on public key cryptography  Messages are signed by someone's private key  Signatures are verified by the corresponding public key  May use RSA, DSA, elliptic curves (ECC) like ECDSA / EdDSA Digital Signatures – Concepts 42
  • 43.  Uses a pair of keys: public key + private key  Sign / decrypt by private key  Verify / encrypt by public key Public Key Cryptography 43
  • 44.  Well-known public-key crypto-systems  RSA – based on discrete logarithms  ECC – based on elliptic curves  ECC cryptography is considered more secure  3072-bit RSA key ≈≈ 256-bit ECC key  ~ 128-bit security level  Most blockchains (like Bitcoin, Ethereum and EOS) use ECC  But be warned: ECC is not quantum-safe! Public Key Crypto Systems 44
  • 45.  Digital signatures in Java are painful  use external libraries  Use the "Cava Crypto" library for secp256k1 ECDSA signatures ECDSA in Java – Example 45 pom.xml !-- Install Cava Crypto: simple secp256k1 ECDSA library --> <dependency> <groupId>net.consensys.cava</groupId> <artifactId>cava-crypto</artifactId> <version>0.5.0</version> </dependency>
  • 46. ECDSA in Java – Example 46  Registering the Bouncy Castle crypto provider  Generating public + private key pair: Security.addProvider(new BouncyCastleProvider()); // Generate random key-pair SECP256K1.KeyPair keyPair = SECP256K1.KeyPair.random(); // Load key-pair from existing private key SECP256K1.KeyPair keyPair = SECP256K1.KeyPair.fromSecretKey( SECP256K1.SecretKey.fromInteger(new BigInteger( "207724f0eba0800350f579726c2a8bbd1ac6385f4168e493cfd91efe522959cf", 16)));
  • 47. ECDSA in Java – Example 47 System.out.println("Private key (256 bits): " + Hex.toHexString(keyPair.secretKey().bytesArray())); System.out.println("Public key (512 bits): 04" + Hex.toHexString(keyPair.publicKey().bytesArray())); System.out.println("Public key (compressed): " + compressPubKey(keyPair.publicKey())); static String compressPubKey(SECP256K1.PublicKey pk) { BigInteger pubKey = new BigInteger(1, pk.bytesArray()); String pubKeyYPrefix = pubKey.testBit(0) ? "03" : "02"; String pubKeyHex = pubKey.toString(16); String pubKeyX = pubKeyHex.substring(0, 64); return pubKeyYPrefix + pubKeyX; }
  • 48.  Signing a message with SHA256 + ECDSA with secp256k1 ECDSA in Java – Example 48 String msg = "Message for signing"; byte[] msgHash = Hash.sha2_256(msg.getBytes()); var signature = SECP256K1.signHashed(msgHash, keyPair); System.out.println("Msg: " + msg); System.out.println("Msg hash: " + Hex.toHexString(msgHash)); System.out.printf("Signature: [r = %s, s = %s, v = %d]n", signature.r().toString(16), signature.s().toString(16), signature.v()); Signature: [r = 3ce2c58b02a06f16c849d6ac1d05e9d6dc41b92929ed2733d3 ddf060e2035c20, s = 292d5d83ffd5a46befeef33a9c6e9fc562d412e0d90934 dfb4ed0a7d80caff61, v = 0]
  • 49.  Verify ECDSA signature: ECDSA in Java – Example 49 boolean validSig = SECP256K1.verifyHashed( msgHash, signature, keyPair.publicKey()); System.out.println("Signature valid (correct key)? " + validSig); boolean validSigWrongKey = SECP256K1.verifyHashed( msgHash, signature, SECP256K1.KeyPair.random().publicKey()); System.out.println("Signature valid (wrong key)? " + validSigWrongKey); Signature valid (wrong key)? false Signature valid (correct key)? true
  • 50. ECDSA + secp256k1: Recover Public Key 50 // Recover the public key from msg + signature SECP256K1.PublicKey recoveredPubKey = SECP256K1.PublicKey. recoverFromHashAndSignature(msgHash, signature); System.out.println("Recovered pubKey: 04" + Hex.toHexString(recoveredPubKey.bytesArray())); System.out.println("Signature valid ? " + recoveredPubKey.equals(keyPair.publicKey())); Recovered pubKey: 0425c919aa487e577cc361f43a9b81f3484286ac6132c9ef f047ec6eca6c1dcc89200c1bf5d6da42a8206a2f01b585d35ea05c2648050f3dd4 c98fc0b87f5191e5 Signature valid ? true
  • 51.  EdDSA is elliptic curve-based digital signature scheme (based on Edwards curves)  Ed25519 is fast Edwards curve, used for EdDSA signatures  256-bit public key (252 + 5 fixed bits) and 256-bit private key  Supported by 3rd party libraries like  https://github.com/str4d/ed25519-java  EdDSA is preferred to ECDSA in most modern apps  Faster and easier to use EdDSA + Ed25519 Signatures 51
  • 52. EdDSA in Java – Example 52  Installing the required library Ed25519-Java using Maven  Registering the EdDSA-Java crypto provider Security.addProvider(new EdDSASecurityProvider()); pom.xml <dependency> <groupId>net.i2p.crypto</groupId> <artifactId>eddsa</artifactId> <version>0.3.0</version> </dependency>
  • 53. EdDSA in Java – Example 53  Generating a random EdDSA public + private key pair var keyGen = KeyPairGenerator.getInstance("EdDSA"); var keyPair = keyGen.generateKeyPair(); System.out.println("Private key: " + Hex.toHexString(keyPair.getPrivate().getEncoded())); System.out.println("Public key: " + Hex.toHexString(keyPair.getPublic().getEncoded())); Private key: 302e020100300506032b657004220420b57ea3f12b503be8e7c89 99dd9cb630ecb06cb68e10763fb40331e5131b2a1f0 Public key: 302a300506032b6570032100796295d26f7a69a2a573cf95f99bd5 becb906e757bb55424deb4ed00a99cc572
  • 54. EdDSA in Java – Example 54  Signing a message with EdDSA String msg = "Message for signing"; Signature signer = new EdDSAEngine( MessageDigest.getInstance("SHA-512")); signer.initSign(keyPair.getPrivate()); signer.update(msg.getBytes()); byte[] signature = signer.sign(); System.out.println("Signature: " + Hex.toHexString(signature)); Signature: 1256d92d27b5b4e633494b86f5f55dc18155ae4eed35d5f596f1dbb 894acef0df7e2b756ef5e5681260d2f46dd1c26e180591e1ec3f9997f213ddf0ca 55c6703
  • 55. EdDSA in Java – Example 55  Verifying EdDSA signature: {msg + signature + pubKey}  bool Signature verifier = new EdDSAEngine(MessageDigest.getInstance("SHA-512")); verifier.initVerify(keyPair.getPublic()); verifier.update(msg.getBytes()); boolean validSig = verifier.verify(signature); System.out.println("Signature valid (correct key)? " + validSig); Signature valid (correct key)? true
  • 56. Live Demos and Code Examples https://github.com/nakov/Java-Cryptography-Examples