# Lesson 3: Cryptography

Lesson 3: Cryptography

[ <<BACK] [ CONTENTS] [ NEXT>>]

Many people are protective of their credit card numbers, and for good reason. A stolen credit card number with other personal information can give a thief all he or she needs to create serious mayhem in someone's life. One way to keep credit card and other proprietary information secure when sending it over the net is to encrypt it.

Encryption is the process of applying a key to plain text that transforms that plain text into unintelligible (cipher) text. Only programs with the key to turn the cipher text back to original text can decrypt the protected information.

This lesson adapts the Part 2, Lesson 2: User Interfaces Revisited example to encrypt the credit card number before sending it over the net, and decrypt it on the other side.

Note: Because cryptography software is not exportable outside the United States and Canada, the example in this lesson is in pseudo code rather than source code.

To safely send the credit card number over the net, the example program gets the plain text credit card number entered by the end user and passes the credit card number to its `encrypt` method.

The `encrypt` method creates a cipher and session key, and uses the session key with the cipher to encrypt the credit card number.

A session key is a secret key that is generated new each time the `Purchase` button is clicked. Changing the session key protects against an unauthorized program getting the key and decrypting hundreds and thousands of credit card numbers with it.

The credit card number is encrypted and decrypted with the same session key. This type of cryptography is called symmetric key encryption, and in our example, requires the session key and encrypted credit card number be sent over the ret to the receiving program. Because the session key is sent over the net, it too should be protected against unauthorized access.

To protect the session key, it is encrypted with or wrapped under the public key of the recipient. Even if an unauthorized program gets the wrapped session key and credit card number, he or she would have to recover the session key with the intended recipient's private key to be able to decrypt the credit card number with the session key.

Anything encrypted with a public key, can only be decrypted with the private key corresponding to the public key that originally encrypted it. This type of cryptography is called asymmetric key encryption. In the example, the public key is made readily available to any client program that requests it, and the private key is kept secret and made available to specific, trusted clients only.

As shown in the diagram, this example uses a separate program to generate the public and private key pair. The public key is stored in one file, and the private key is stored in another. The file with the private key must be kept in a very secure place. Many companies keep the private key file on an external storage medium such as tape or disk to prevent an unauthorized person or program from breaking into the system and getting the private key.

The server program loads the public key from the public key file, and makes it available to order clients for encrypting the session key. Order processing clients get the encrypted session key and credit card number, load the private key, use the private key to decrypt the session key, and use the session key to decrypt the credit card number.

### Running the Example

If you are within the United States or Canada, you can download the `javax.crypto` package from the Products & APIs page. It contains documentation and a Java Archive (JAR) file with the cryptographic APIs and a cryptographic service provider. A cryptographic service provider is a package or set of packages that supplies a concrete implementation of a cryptographic algorithm.

Copy the JAR file to the `jdk1.2/jre/lib/ext` directory of your Java 2 SDK, Standard Edition, installation or to the `jre1.2/lib/security` directory of your Java Runtime Environment (JRE) 1.2 installation.

Make sure you have the following entries in the `jdk1.2/jre/lib/security/java.security` or `jre1.2/lib/security/java.security` file:

```#
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.crypto.provider.SunJCE
```

You also need to install a package with an asymmetric algorithm such as the Rivest, Shamir, and Adleman (RSA) Asymmetric-Cipher algorithm.

The asymmetric algorithm is needed to create the asymmetric cipher for the public and private key encryption. Add the asymmetric algorithm package to `jdk1.2/jre/lib/security/java.security` or `jre1.2/lib/security/java.security` as `security.provider.3=` and put it in the `jdk1.2/jre/lib/ext` or `jre1.2/lib/ext` directory with the other JAR files.

Using the documentation in the download, convert the pseudo code to source code.

Compile and run the example as usual.

### Pseudo Code

A cipher object is used in the encryption and decryption process. The cipher object is created with a specific cryptographic algorithm depending on the type of encryption in use. In this example, two types of encryption are used: symmetric and asymmetric.

Symmetric key encryption uses a symmetric algorithm such as Data Encryption Standard (DES). The asymmetric key encryption uses an asymmetric algorithm such as Rives, Shamir, and Adleman (RSA) Asymmetric-Cipher algorithm.

The `javax.crypto` package defines the framework for both symmetric and asymmetric encryption into which concrete cipher implementations can be plugged. The SunJCE provider that comes standard with JCE 1.2 supplies only implementations of symmetric encryption algorithms such as DES. For an implementation of an asymmetric encryption algorithm such as RSA, you need to install a different provider.

The pseudo code shows two ways to do the asymmetric encryption of the session key. One way uses an RSA key to encrypt the symmetric key. The other way uses another asymmetric algorithm to seal (encrypt) the symmetric key. Sealing is the preferred way, but presents a problem when you use the RSA key because the RSA algorithm imposes a size restriction (discussed below) on the object being encrypted and sealing makes the object too large for RSA encryption.

After the cipher is created with the correct symmetric or asymmetric algorithm, it is initialized for encryption or decryption with a key. In the case of symmetric encryption, the key is a secret key, and in the case of asymmetric encryption, the key is either the public or private key.

#### Server

The `Send` interface declares and the `RemoteServer` class implements methods to handle the encrypted credit card number and the encrypted secret key. It also defines a method to return the public key when a client requests it. In pseudo code, this is what the server interface and class need to declare and implement:

 ``` A method to get the public key A method to send the encryped credit card number A method to get the encrypted credit card number A method to send the encrypted symmetric key A method to get the encrypted symmetric key ```

#### Generating the Public and Private Key Pair

You need a program to generate a public and private key pair and store them to separate files. The public key is read from its file when a client calls the method to get the public key. The private key is read from its file when `RMIClient2` needs it to decrypt the secret key.

```  Generate public and private key pair
using asymmetric algorithm
Store private Key in very safe place
Store public key in accessible place
```

#### Sealing the Symmetric Key

Sealing the symmetric key involves creating a sealed object that uses an asymmetric cipher to seal (encrypt) the session key. The RSA asymmetric algorithm cannot be used because it has the size restrictions described in the next section, and the sealing process makes the session key too large to use with the RSA algorithm.

RMIClient1Sealed.java: The RMIClient1.java code has an `encrypt` method to encrypt the credit card number, seal the symmetric key, and send the encrypted credit card number and sealed key to the server. Here is the pseudo code to do it:

 ``` private void encrypt(credit card number){ Create cipher for symmetric key encryption (DES) Create a key generator Create a secret (session) key with key generator Initialize cipher for encryption with session key Encrypt credit card number with cipher Get public key from server Create cipher for asymmetric encryption (do not use RSA) Initialize cipher for encryption with public key Seal session key using asymmetric Cipher Send encrypted credit card number and sealed session key to server } ```

RMIClient2Sealed.java: The RMIClient2.java code has a `decrypt` method to unseal the symmetric key and decrypt the credit card number. Here is the pseudo code to do it:

 ```public byte[] decrypt(encrypted key, encrypted credit card number){ Get private key from file Create asymmetric cipher (do not use RSA) Initialize cipher for decryption with private key Unseal wrapped session key using asymmetric cipher Create symmetric cipher Initialize cipher for decryption with session key Decrypt credit card number with symmetric cipher } ```

#### Encrypting the Symmetric Key with the RSA Algorithm

The RSA algorithm imposes size restrictions on the object being encrypted. RSA encryption uses the PKCS#1 standard with PKCS#1 block type 2 padding. The PKCS RSA encryption padding scheme needs 11 spare bytes to work. So, if you generate an RSA key pair with a key size of 512 bits, you cannot use the keys to encrypt more than 53 bytes (53 = 64 - 11).

So, if you have a session key that is only 8 bytes long, sealing expands it to 3644 bytes, which is way over the size restriction imposed by the RSA algorithm. In the process of sealing, the object to be sealed (the session key, in this case) is first serialized, and then the serialized contents are encrypted. Serialization adds more information to the session key such as the class of the session key, the class signature, and any objects referenced by the session key. The additional information makes the session key too large to be encrypted with an RSA key, and the result is a `javax.crypto.IllegalBlockSizeException` run time error.

RMIClient1.java: The RMIClient1.java code has an `encrypt` method to encrypt the credit card number, seal (encrypt) the session key, and send the encrypted credit card number and sealed session key to the server. Here is the pseudo code to do it:

 ```private void encrypt(credit card number){ Create cipher for symmetric key encryption (DES) Create a key generator Create a secret (session) key with key generator Initialize cipher for encryption with session key Encrypt credit card number with cipher Get public key from server Create cipher for asymmetric encryption (RSA) Initialize cipher for encryption with public key Encrypt session key Send encrypted credit card number and session key to server } ```

RMIClient2.java: The RMIClient2.java code has a `decrypt` method to unseal (decrypt) the symmetric key and decrypt the credit card number. Here is the pseudo code to do it:

 ``` public String decrypt(encrypted key, encrypted credit card number){ Decrypt credit card number Get private key from file Create asymmetric cipher (RSA) Initialize cipher for decryption with private key Decrypt symmetric key Instantiate symmetric key Create symmetric cipher Initialize Cipher for decryption with session key Decrypt credit card number with symmetric Cipher } ```