SlideShare une entreprise Scribd logo
1  sur  57
Télécharger pour lire hors ligne
Hashes, MAC, Key Derivation, Encrypting Passwords,
Symmetric Ciphers & AES, Digital Signatures & ECDSA
Cryptography for Java Developers
Dr. Svetlin Nakov
Co-Founder, Chief Training & Innovation
@ Software University (SoftUni)
https://nakov.com
Software University (SoftUni) – http://softuni.org
Table of Contents
1. About the Speaker
2. What is Cryptography?
3. Cryptography in Java – APIs and Libraries
4. Hashes, MAC Codes and Key Derivation (KDF)
5. Encrypting Passwords: from Plaintext to Argon2
6. Symmetric Encryption:
AES (KDF + Block Modes + IV + MAC)
7. Digital Signatures, Elliptic Curves, ECDSA, EdDSA 2
 Software engineer, trainer, entrepreneur,
PhD, author of 15+ books, blockchain expert
 3 successful tech educational initiatives (150,000+ students)
About Dr. Svetlin Nakov
3
Book "Practical Cryptography for Developers"
4
GitHub:
github.com/nakov/pra
ctical-cryptography-
for-developers-book
Book site:
https://cryptobook.
nakov.com
What is Cryptography?
 Cryptography provides security and protection of information
 Storing and transmitting data in a secure way
 Hashing data (message digest) and MAC codes
 Encrypting and decrypting data
 Symmetric and asymmetric schemes
 Key derivation functions (KDF)
 Key agreement schemes, digital certificates
 Digital signatures (sign / verify)
What is Cryptography?
6
Cryptography in Java:
JCA, Bouncy Castle, Other Libraries
 JDK defines security APIs based on
pluggable security providers
 Build-in providers (come with JDK)
and 3rd party providers
 Named algorithms, e.g.
 MessageDigest: SHA-256, SHA3-
256, RipeMD160, Skein-1024
 Cipher: AES, Blowfish, ECIES
 Signature: SHA3-256withECDSA,
SHA512withRSA, SHA384withDSA
Java Security: Architecture
8
 Cryptography in Java is based on the Java Cryptography
Architecture (JCA)
 The built-in functionality is limited
 Typical Java style: lot of boilerplate code
 Bouncy Castle is a leading Java crypto library / API / provider
 https://www.bouncycastle.org/java.html
 Argon2 JVM – fast Argon2 native implementation for Java
 https://github.com/phxql/argon2-jvm
Cryptography APIs in Java
9
 Cava Crypto – excellent simple ECDSA library for secp256k1
 https://github.com/ConsenSys/cava
 https://github.com/ConsenSys/cava/tree/master/crypto
 Web3j / Crypto – a simplified library for secp256k1 signatures
 https://github.com/web3j
 Ed25519-Java – simple EdDSA and Ed25519 implementation
 https://github.com/str4d/ed25519-java
Cryptography APIs in Java
10
 Use Maven / Gradle to install the Java crypto libraries
 Installing the Bouncy Castle crypto provider / API
Installing the Libraries
11
pom.xml
<!-- Install the Bouncy Castle crypto provider for Java -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.60</version>
</dependency>
Cryptographic Hash Functions
What is Cryptographic Hash Function?
13
 One-way transformation, infeasible to invert
 Extremely little chance to find a collision
Some text
Some text
Some text
Some text
Some text
Some text
Some text
20c9ad97c081d63397d
7b685a412227a40e23c
8bdc6688c6f37e97cfb
c22d2b4d1db1510d8f6
1e6a8866ad7f0e17c02
b14182d37ea7c3c8b9c
2683aeb6b733a1
Text Hash (digest)
Cryptographic
hash function
 SHA-2 (SHA-256, SHA-384, SHA-512)
 Secure crypto hash function, the most widely used today (RFC 4634)
 Used in Bitcoin, IPFS, many others
 SHA-3 (SHA3-256, SHA3-384, SHA3-512) / Keccak-256
 Strong cryptographic hash function, more secure than SHA-2
 Used in Ethereum and many modern apps
Modern Hashes: SHA-2, SHA3
14
SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7
425e73043362938b9824
SHA3-256('hello') = 3338be694f50c5f338814986cdf0686453a888b84f4
24d792af4b9202398f392
 BLAKE2 (BLAKE2s – 256-bit, BLAKE2b – 512-bit)
 Secure crypto hash function, very fast
 RIPEMD-160 (160-bit crypto hash)
 Considered weak, just 160-bits, still unbroken
 Broken hash algorithms: MD5, SHA-1, MD4, SHA-0, MD2
 Git and GitHub still use SHA-1 and suffer of collision attacks
Modern Hashes: BLAKE2, RIPEMD-160
15
BLAKE2s('hello') = 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8
997eb00be456f140ca25
RIPEMD-160('hello') = 108f07b8382412612c048d07d13f814118445acd
 Calculate SHA-256 hash using the built-in JCA provider:
SHA-256 in Java – Example
16
var digest = MessageDigest.getInstance("SHA-256");
digest.update("hello".getBytes());
byte[] hash = digest.digest();
System.out.println("SHA-256('hello') = " +
Hex.toHexString(hash));
import java.security.MessageDigest;
import org.bouncycastle.util.encoders.Hex;
SHA-256('hello') =
2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
 Calculate RIPEMD-160 hash using the Bouncy Castle provider:
RIPEMD-160 in Java – Example
17
var digest = MessageDigest.getInstance("RIPEMD160");
digest.update("hello".getBytes());
byte[] hash = digest.digest();
System.out.println("RIPEMD-160('hello') = " +
Hex.toHexString(hash));
import java.security.*;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
// One-time registration of the "BouncyCastle" JCA provider
Security.addProvider(new BouncyCastleProvider());
108f07b8382412612c048d07d13f814118445acd
HMAC and Key Derivation (KDF)
MAC, HMAC, PBKDF2, Scrypt, Argon2
 HMAC = Hash-based Message Authentication Code (RFC 2104)
 HMAC(key, msg, hash_func)  hash
 Message hash mixed with a secret shared key
 Used for message integrity / authentication / key derivation
MAC Codes and HMAC
19
HMAC('key', 'hello', SHA-256) = 9307b3b915efb5171ff14d8cb55fbc
c798c6c0ef1456d66ded1a6aa723a58b7b
HMAC('key', 'hello', RIPEMD-160) =
43ab51f803a68a8b894cb32ee19e6854e9f4e468
 Calculate HMAC-SHA-256 hash using the built-in JCA provider:
HMAC in Java – Example
20
Mac mac = Mac.getInstance("HmacSHA256");
Key key = new SecretKeySpec("key".getBytes(), "HmacSHA256");
mac.init(key);
byte[] hash = mac.doFinal("hello".getBytes());
System.out.println("HMAC-SHA-256: " + Hex.toHexString(hash));
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;
import org.bouncycastle.util.encoders.Hex;
HMAC-SHA-256: 9307b3b915efb5171ff14d8cb55fbcc798c6c0ef1456d66ded1a6aa723a58b7b
 Key derivation function (KDF) == function(password)  key
 PBKDF2 (Password-Based Key Derivation Function 2, RFC 2898)
Key Derivation Functions (KDF)
21
PBEKeySpec spec = new PBEKeySpec("password".toCharArray(),
"salt".getBytes(), 1000, 128);
SecretKeyFactory keyFactory =
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
byte[] derivedKey = keyFactory.generateSecret(spec).getEncoded();
System.out.println("PBKDF2 key: " + Hex.toHexString(derivedKey));
PBKDF2 derived key: 632c2812e46d4604102ba7618e9d6d7d
 Scrypt (RFC 7914) is a strong cryptographic key-derivation function
 Memory intensive, designed to prevent ASIC and FPGA attacks
 key = Scrypt(password, salt, N, r, p, derived-key-len)
 N – iterations count (affects memory and CPU usage), e.g. 16384
 r – block size (affects memory and CPU usage), e.g. 8
 p – parallelism factor (threads to run in parallel), usually 1
 Memory used = 128 * N * r * p bytes, e.g. 128 * 16384 * 8 = 16 MB
 Parameters for interactive login: N=16384, r=8, p=1 (RAM=16MB)
 Parameters for file encryption: N=1048576, r=8, p=1 (RAM=1GB)
Key Derivation Functions: Scrypt
22
Scrypt in Java – Example
23
// One-time registration of the "BouncyCastle" JCA provider
Security.addProvider(new BouncyCastleProvider());
ScryptKeySpec spec = new ScryptKeySpec(
"password".toCharArray(), "salt".getBytes(),
16384, 8, 1, 128);
var keyFact = SecretKeyFactory.getInstance("Scrypt");
byte[] derivedKey = keyFact.generateSecret(spec).getEncoded();
System.out.println("Scrypt: " + Hex.toHexString(derivedKey));
Scrypt: 745731af4484f323968969eda289aeee
 Argon2 is ASIC-resistant KDF, stronger than Scrypt and bcrypt
 Recommended due to better ASIC-resistance
Key Derivation: Argon2
24
pom.xml
<!-- Install Argon2-JVM – fast native Argon2 library for Java -->
<dependency>
<groupId>de.mkammerer</groupId>
<artifactId>argon2-jvm</artifactId>
<version>2.5</version>
</dependency>
Argon2 in Java – Example
25
import de.mkammerer.argon2.Argon2Advanced;
import de.mkammerer.argon2.Argon2Factory;
import org.bouncycastle.util.encoders.Hex;
Argon2Advanced argon2 = Argon2Factory.createAdvanced(
Argon2Factory.Argon2Types.ARGON2id);
byte[] hash = argon2.rawHash(16, 1 << 15,
2, "password", "some salt".getBytes());
System.out.println("Argon2 hash: " + Hex.toHexString(hash));
Argon2 hash:
157f21dd3fdf7bafb76d2923ccaffa0b7be7cbae394709474d2bc66ee7b09d3e
 Clear-text passwords, e.g. store the password directly in the DB
 Never do anti-pattern!
 Simple password hash, e.g. store SHA256(password) in the DB
 Highly insecure, still better than clear-text, dictionary attacks
 Salted hashed passwords, e.g. store HMAC(pass, random_salt)
 Almost secure, GPU / ASIC-crackable
 ASIC-resistant KDF password hash, e.g. Argon2(password)
 Recommended, secure (when the KDF settings are secure)
Password Encryption (Register / Login)
26
 Argon2 is the recommended password-hashing for apps
Encrypting Passwords: Argon2
27
String hash = argon2.hash(8, 1 << 16, 4, "password");
System.out.println("Argon2 hash (random salt): " + hash);
System.out.println("Argon2 verify (correct password): " +
argon2.verify(hash, "password"));
System.out.println("Argon2 verify (wrong password): " +
argon2.verify(hash, "wrong123"));
Argon2 hash (random salt): $argon2id$v=19$m=65536,t=8,p=4$FW2kqbP+nidwHnT3Oc
vSEg$oYlK3rXJvk0Be+od3To131Cnr8JksL39gjnbMlUCCTk
Argon2 verify (correct password): true
Argon2 verify (wrong password): false
Register
Login
Invalid Login
Symmetric Encryption
AES, Block Modes, Authenticated Encryption
encrypt
(secret key)
I am a non-
encrypted
message …
decrypt
(secret key)
I am a non-
encrypted
message …
 Symmetric key ciphers
 Use the same key
(or password) to encrypt
and decrypt data
 Popular symmetric algorithms
 AES, ChaCha20, Twofish, Serpent, RC5, RC6
 Broken algorithms (don't use them!)
 DES, 3DES, RC2, RC4
Symmetric Key Ciphers
29
 Block ciphers
 Split data on blocks (e.g. 128 bits), then encrypt each block
separately, change the internal state, encrypt the next block, …
 Stream ciphers
 Work on sequences of data (encrypts / decrypts byte by byte)
 Block ciphers can be transformed to stream ciphers
 Using block mode of operation (e.g. CBC, CTR, GCM, CFB, …)
 https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Symmetric Key Ciphers
30
 AES – Advanced Encryption Standard (Rijndael)
 Symmetric key block cipher (128-bit blocks)
 Key lengths: 128, 160, 192, 224 and 256 bits
 No significant practical attacks are known for AES
 Modern CPU hardware implements AES instructions
 This speeds-up AES and secure Internet communication
 AES is used by most Internet Web sites for the https:// content
The "AES" Cipher
31
 AES is a "block cipher" – encrypts block by block (e.g. 128 bits)
 Supports several modes of operation (CBC, CTR, GCM, …)
 Some modes of operation (like CBC / CTR) require initial vector (IV)
 Non-secret random salt  used to get different result each time
 Recommended modes: CTR (Counter) or GCM (Galois/Counter)
 CBC may use a padding algorithm (typically PKCS7) to help splitting
the input data into blocks of fixed block-size (e.g. 128 bits)
 May use password to key derivation function, e.g. Argon2(passwd)
 May use MAC to check the password validity, e.g. HMAC(text, key)
AES Cipher Settings
32
The AES Encryption Process
33
input msg random IV+
AES
key+ ciphertext
input msg
MAC
key+ MAC code
input msg key+
AES
ciphertext MAC+IV+
KDF
password key kdf-salt+
The AES Decryption Process
34
original msg
MAC
key+ MAC code
AES
ciphertext IV+
KDF
password key
original msg
decrypt
Decryption
MAC code
compare Encryption
MAC code
key+
kdf-salt+
AES-256-CTR-Argon2-HMAC – Encrypt
35
static Map<String, String> aes256CtrArgon2HMacEncrypt(
String plainText, String password) throws Exception {
// Derive a secret key from the encryption password
SecureRandom rand = new SecureRandom();
byte[] argon2salt = new byte[16];
rand.nextBytes(argon2salt); // Generate 128-bit salt
byte[] argon2hash = Argon2Factory.createAdvanced(
Argon2Factory.Argon2Types.ARGON2id).rawHash(16,
1 << 15, 2, password, argon2salt);
Key secretKey = new SecretKeySpec(argon2hash, "AES");
AES-256-CTR-Argon2-HMAC – Encrypt
36
// AES encryption: {plaintext + IV + secretKey} -> ciphertext
byte[] aesIV = new byte[16];
rand.nextBytes(aesIV); // Generate 128-bit IV (salt)
IvParameterSpec ivSpec = new IvParameterSpec(aesIV);
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
byte[] plainTextBytes = plainText.getBytes("utf8");
byte[] cipherBytes = cipher.doFinal(plainTextBytes);
// Calculate the MAC of the plaintext with the argon2hash
Mac mac = Mac.getInstance("HmacSHA256");
Key macKey = new SecretKeySpec(argon2hash, "HmacSHA256");
mac.init(macKey);
byte[] hmac = mac.doFinal(plainText.getBytes("utf8"));
AES-256-CTR-Argon2-HMAC – Encrypt
37
var encryptedMsg = Map.of(
"kdf", "argon2",
"kdfSalt", Hex.toHexString(argon2salt),
"cipher", "aes-256-ctr",
"cipherIV", Hex.toHexString(aesIV),
"cipherText", Hex.toHexString(cipherBytes),
"mac", Hex.toHexString(hmac)
);
return encryptedMsg;
Encrypted msg: {cipherIV=dd088070cf4f2f6c6560b8fa7fb43f49,
kdf=argon2, cipherText=a847f3b2bc59278107, mac=6c143d139d0d7b29aaa
4e0dc5916908d3c27576f4856e3ef487be6eafb23b39a, kdfSalt=90c6fcc318f
d273f4f661c019b39b8ed, cipher=aes-256-ctr}
AES-256-CTR-Argon2-HMAC – Decrypt
38
static String aes256CtrArgon2HMacDecrypt(Map<String, String>
encryptedMsg, String password) throws Exception {
// Derive the secret key from the encryption password with argon2salt
byte[] argon2salt = Hex.decode(encryptedMsg.get("kdfSalt"));
byte[] argon2hash = Argon2Factory.createAdvanced(
Argon2Factory.Argon2Types.ARGON2id).rawHash(16,
1 << 15, 2, password, argon2salt);
AES-256-CTR-Argon2-HMAC – Decrypt
39
// AES decryption: {cipherText + IV + secretKey} -> plainText
byte[] aesIV = Hex.decode(encryptedMsg.get("cipherIV"));
IvParameterSpec ivSpec = new IvParameterSpec(aesIV);
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
Key secretKey = new SecretKeySpec(argon2hash, "AES");
cipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec);
byte[] cipherTextBytes =
Hex.decode(encryptedMsg.get("cipherText"));
byte[] plainTextBytes = cipher.doFinal(cipherTextBytes);
String plainText = new String(plainTextBytes, "utf8");
AES-256-CTR-Argon2-HMAC – Decrypt
40
// Calculate & check the MAC code: HMAC(plaintext, argon2hash)
Mac mac = Mac.getInstance("HmacSHA256");
Key macKey = new SecretKeySpec(argon2hash, "HmacSHA256");
mac.init(macKey);
byte[] hmac = mac.doFinal(plainText.getBytes("utf8"));
String decodedMac = Hex.toHexString(hmac);
String cipherTextMac = encryptedMsg.get("mac");
if (! decodedMac.equals(cipherTextMac)) throw new
InvalidKeyException("MAC does not match: maybe wrong password");
return plainText;
}
Digital Signatures
ECDSA, EdDSA, Sign / Verify
 Digital signatures provide message signing / verification
 Authentication (proof that known sender have signed the message)
 Integrity (the message cannot be altered after signing)
 Non-repudiation (signer cannot deny message signing)
 Digital signatures are based on public key cryptography
 Messages are signed by someone's private key
 Signatures are verified by the corresponding public key
 May use RSA, DSA, elliptic curves (ECC) like ECDSA / EdDSA
Digital Signatures – Concepts
42
 Uses a pair of keys: public key + private key
 Sign / decrypt by private key
 Verify / encrypt by public key
Public Key Cryptography
43
 Well-known public-key crypto-systems
 RSA – based on discrete logarithms
 ECC – based on elliptic curves
 ECC cryptography is considered more secure
 3072-bit RSA key ≈≈ 256-bit ECC key  ~ 128-bit security level
 Most blockchains (like Bitcoin, Ethereum and EOS) use ECC
 But be warned: ECC is not quantum-safe!
Public Key Crypto Systems
44
 Digital signatures in Java are painful  use external libraries
 Use the "Cava Crypto" library for secp256k1 ECDSA signatures
ECDSA in Java – Example
45
pom.xml
!-- Install Cava Crypto: simple secp256k1 ECDSA library -->
<dependency>
<groupId>net.consensys.cava</groupId>
<artifactId>cava-crypto</artifactId>
<version>0.5.0</version>
</dependency>
ECDSA in Java – Example
46
 Registering the Bouncy Castle crypto provider
 Generating public + private key pair:
Security.addProvider(new BouncyCastleProvider());
// Generate random key-pair
SECP256K1.KeyPair keyPair = SECP256K1.KeyPair.random();
// Load key-pair from existing private key
SECP256K1.KeyPair keyPair = SECP256K1.KeyPair.fromSecretKey(
SECP256K1.SecretKey.fromInteger(new BigInteger(
"207724f0eba0800350f579726c2a8bbd1ac6385f4168e493cfd91efe522959cf", 16)));
ECDSA in Java – Example
47
System.out.println("Private key (256 bits): " +
Hex.toHexString(keyPair.secretKey().bytesArray()));
System.out.println("Public key (512 bits): 04" +
Hex.toHexString(keyPair.publicKey().bytesArray()));
System.out.println("Public key (compressed): " +
compressPubKey(keyPair.publicKey()));
static String compressPubKey(SECP256K1.PublicKey pk) {
BigInteger pubKey = new BigInteger(1, pk.bytesArray());
String pubKeyYPrefix = pubKey.testBit(0) ? "03" : "02";
String pubKeyHex = pubKey.toString(16);
String pubKeyX = pubKeyHex.substring(0, 64);
return pubKeyYPrefix + pubKeyX;
}
 Signing a message with SHA256 + ECDSA with secp256k1
ECDSA in Java – Example
48
String msg = "Message for signing";
byte[] msgHash = Hash.sha2_256(msg.getBytes());
var signature = SECP256K1.signHashed(msgHash, keyPair);
System.out.println("Msg: " + msg);
System.out.println("Msg hash: " + Hex.toHexString(msgHash));
System.out.printf("Signature: [r = %s, s = %s, v = %d]n",
signature.r().toString(16), signature.s().toString(16),
signature.v());
Signature: [r = 3ce2c58b02a06f16c849d6ac1d05e9d6dc41b92929ed2733d3
ddf060e2035c20, s = 292d5d83ffd5a46befeef33a9c6e9fc562d412e0d90934
dfb4ed0a7d80caff61, v = 0]
 Verify ECDSA signature:
ECDSA in Java – Example
49
boolean validSig = SECP256K1.verifyHashed(
msgHash, signature, keyPair.publicKey());
System.out.println("Signature valid (correct key)? " + validSig);
boolean validSigWrongKey = SECP256K1.verifyHashed(
msgHash, signature, SECP256K1.KeyPair.random().publicKey());
System.out.println("Signature valid (wrong key)? " + validSigWrongKey);
Signature valid (wrong key)? false
Signature valid (correct key)? true
ECDSA + secp256k1: Recover Public Key
50
// Recover the public key from msg + signature
SECP256K1.PublicKey recoveredPubKey = SECP256K1.PublicKey.
recoverFromHashAndSignature(msgHash, signature);
System.out.println("Recovered pubKey: 04" +
Hex.toHexString(recoveredPubKey.bytesArray()));
System.out.println("Signature valid ? " +
recoveredPubKey.equals(keyPair.publicKey()));
Recovered pubKey: 0425c919aa487e577cc361f43a9b81f3484286ac6132c9ef
f047ec6eca6c1dcc89200c1bf5d6da42a8206a2f01b585d35ea05c2648050f3dd4
c98fc0b87f5191e5
Signature valid ? true
 EdDSA is elliptic curve-based digital signature scheme
(based on Edwards curves)
 Ed25519 is fast Edwards curve, used for EdDSA signatures
 256-bit public key (252 + 5 fixed bits) and 256-bit private key
 Supported by 3rd party libraries like
 https://github.com/str4d/ed25519-java
 EdDSA is preferred to ECDSA in most modern apps
 Faster and easier to use
EdDSA + Ed25519 Signatures
51
EdDSA in Java – Example
52
 Installing the required library Ed25519-Java using Maven
 Registering the EdDSA-Java crypto provider
Security.addProvider(new EdDSASecurityProvider());
pom.xml
<dependency>
<groupId>net.i2p.crypto</groupId>
<artifactId>eddsa</artifactId>
<version>0.3.0</version>
</dependency>
EdDSA in Java – Example
53
 Generating a random EdDSA public + private key pair
var keyGen = KeyPairGenerator.getInstance("EdDSA");
var keyPair = keyGen.generateKeyPair();
System.out.println("Private key: " +
Hex.toHexString(keyPair.getPrivate().getEncoded()));
System.out.println("Public key: " +
Hex.toHexString(keyPair.getPublic().getEncoded()));
Private key: 302e020100300506032b657004220420b57ea3f12b503be8e7c89
99dd9cb630ecb06cb68e10763fb40331e5131b2a1f0
Public key: 302a300506032b6570032100796295d26f7a69a2a573cf95f99bd5
becb906e757bb55424deb4ed00a99cc572
EdDSA in Java – Example
54
 Signing a message with EdDSA
String msg = "Message for signing";
Signature signer = new EdDSAEngine(
MessageDigest.getInstance("SHA-512"));
signer.initSign(keyPair.getPrivate());
signer.update(msg.getBytes());
byte[] signature = signer.sign();
System.out.println("Signature: " + Hex.toHexString(signature));
Signature: 1256d92d27b5b4e633494b86f5f55dc18155ae4eed35d5f596f1dbb
894acef0df7e2b756ef5e5681260d2f46dd1c26e180591e1ec3f9997f213ddf0ca
55c6703
EdDSA in Java – Example
55
 Verifying EdDSA signature: {msg + signature + pubKey}  bool
Signature verifier =
new EdDSAEngine(MessageDigest.getInstance("SHA-512"));
verifier.initVerify(keyPair.getPublic());
verifier.update(msg.getBytes());
boolean validSig = verifier.verify(signature);
System.out.println("Signature valid (correct key)? " + validSig);
Signature valid (correct key)? true
Live Demos and Code Examples
https://github.com/nakov/Java-Cryptography-Examples
https://nakov.com
Cryptography for Java Developers

Contenu connexe

Tendances

Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinJava User Group Latvia
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Introduction to Node.js
Introduction to Node.jsIntroduction to Node.js
Introduction to Node.jsVikash Singh
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-OnRavi Yasas
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjPavan Kumar J
 
Clean architectures with fast api pycones
Clean architectures with fast api   pyconesClean architectures with fast api   pycones
Clean architectures with fast api pyconesAlvaro Del Castillo
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
Asynchronous processing in big system
Asynchronous processing in big systemAsynchronous processing in big system
Asynchronous processing in big systemNghia Minh
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT ExploitationAkshaeyBhosale
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 

Tendances (20)

Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuth
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn Tutorial
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWT
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
Introduction to Node.js
Introduction to Node.jsIntroduction to Node.js
Introduction to Node.js
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-On
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
Security for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarjSecurity for oauth 2.0 - @topavankumarj
Security for oauth 2.0 - @topavankumarj
 
Clean architectures with fast api pycones
Clean architectures with fast api   pyconesClean architectures with fast api   pycones
Clean architectures with fast api pycones
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
 
Asynchronous processing in big system
Asynchronous processing in big systemAsynchronous processing in big system
Asynchronous processing in big system
 
Vault
VaultVault
Vault
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT Exploitation
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 

Similaire à Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)

[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Jim Manico
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersJavan Rasokat
 
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021StreamNative
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
introduction to jsrsasign
introduction to jsrsasignintroduction to jsrsasign
introduction to jsrsasignKenji Urushima
 
Java @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SPJava @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SPIlan Salviano
 
Jvm operation casual talks
Jvm operation casual talksJvm operation casual talks
Jvm operation casual talksYusaku Watanabe
 
Kraken Front-Trends
Kraken Front-TrendsKraken Front-Trends
Kraken Front-TrendsPayPal
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API LandminesErnie Turner
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Postgres the hardway
Postgres the hardwayPostgres the hardway
Postgres the hardwayDave Pitts
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APIKevin Hakanson
 
End-to-end HTML5 APIs - The Geek Gathering 2013
End-to-end HTML5 APIs - The Geek Gathering 2013End-to-end HTML5 APIs - The Geek Gathering 2013
End-to-end HTML5 APIs - The Geek Gathering 2013Alexandre Morgaut
 
Real World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS ApplicationReal World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS ApplicationBen Hall
 

Similaire à Cryptography for Java Developers: Nakov jProfessionals (Jan 2019) (20)

[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
Gimme Caching - The JCache Way
Gimme Caching - The JCache WayGimme Caching - The JCache Way
Gimme Caching - The JCache Way
 
Testing NodeJS Security
Testing NodeJS SecurityTesting NodeJS Security
Testing NodeJS Security
 
Excelian hyperledger walkthrough-feb17
Excelian hyperledger walkthrough-feb17Excelian hyperledger walkthrough-feb17
Excelian hyperledger walkthrough-feb17
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
 
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021
Simplifying Migration from Kafka to Pulsar - Pulsar Summit NA 2021
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
introduction to jsrsasign
introduction to jsrsasignintroduction to jsrsasign
introduction to jsrsasign
 
Java @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SPJava @ Cloud - Setor Público SP
Java @ Cloud - Setor Público SP
 
Jvm operation casual talks
Jvm operation casual talksJvm operation casual talks
Jvm operation casual talks
 
Kraken Front-Trends
Kraken Front-TrendsKraken Front-Trends
Kraken Front-Trends
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API Landmines
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Node.js vs Play Framework
Node.js vs Play FrameworkNode.js vs Play Framework
Node.js vs Play Framework
 
Postgres the hardway
Postgres the hardwayPostgres the hardway
Postgres the hardway
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
 
End-to-end HTML5 APIs - The Geek Gathering 2013
End-to-end HTML5 APIs - The Geek Gathering 2013End-to-end HTML5 APIs - The Geek Gathering 2013
End-to-end HTML5 APIs - The Geek Gathering 2013
 
Real World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS ApplicationReal World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS Application
 
SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE
 

Plus de Svetlin Nakov

BG-IT-Edu: отворено учебно съдържание за ИТ учители
BG-IT-Edu: отворено учебно съдържание за ИТ учителиBG-IT-Edu: отворено учебно съдържание за ИТ учители
BG-IT-Edu: отворено учебно съдържание за ИТ учителиSvetlin Nakov
 
Programming World in 2024
Programming World in 2024Programming World in 2024
Programming World in 2024Svetlin Nakov
 
AI Tools for Business and Startups
AI Tools for Business and StartupsAI Tools for Business and Startups
AI Tools for Business and StartupsSvetlin Nakov
 
AI Tools for Scientists - Nakov (Oct 2023)
AI Tools for Scientists - Nakov (Oct 2023)AI Tools for Scientists - Nakov (Oct 2023)
AI Tools for Scientists - Nakov (Oct 2023)Svetlin Nakov
 
AI Tools for Entrepreneurs
AI Tools for EntrepreneursAI Tools for Entrepreneurs
AI Tools for EntrepreneursSvetlin Nakov
 
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023Svetlin Nakov
 
AI Tools for Business and Personal Life
AI Tools for Business and Personal LifeAI Tools for Business and Personal Life
AI Tools for Business and Personal LifeSvetlin Nakov
 
Дипломна работа: учебно съдържание по ООП - Светлин Наков
Дипломна работа: учебно съдържание по ООП - Светлин НаковДипломна работа: учебно съдържание по ООП - Светлин Наков
Дипломна работа: учебно съдържание по ООП - Светлин НаковSvetlin Nakov
 
Дипломна работа: учебно съдържание по ООП
Дипломна работа: учебно съдържание по ООПДипломна работа: учебно съдържание по ООП
Дипломна работа: учебно съдържание по ООПSvetlin Nakov
 
Свободно ИТ учебно съдържание за учители по програмиране и ИТ
Свободно ИТ учебно съдържание за учители по програмиране и ИТСвободно ИТ учебно съдържание за учители по програмиране и ИТ
Свободно ИТ учебно съдържание за учители по програмиране и ИТSvetlin Nakov
 
AI and the Professions of the Future
AI and the Professions of the FutureAI and the Professions of the Future
AI and the Professions of the FutureSvetlin Nakov
 
Programming Languages Trends for 2023
Programming Languages Trends for 2023Programming Languages Trends for 2023
Programming Languages Trends for 2023Svetlin Nakov
 
IT Professions and How to Become a Developer
IT Professions and How to Become a DeveloperIT Professions and How to Become a Developer
IT Professions and How to Become a DeveloperSvetlin Nakov
 
GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)Svetlin Nakov
 
IT Professions and Their Future
IT Professions and Their FutureIT Professions and Their Future
IT Professions and Their FutureSvetlin Nakov
 
How to Become a QA Engineer and Start a Job
How to Become a QA Engineer and Start a JobHow to Become a QA Engineer and Start a Job
How to Become a QA Engineer and Start a JobSvetlin Nakov
 
Призвание и цели: моята рецепта
Призвание и цели: моята рецептаПризвание и цели: моята рецепта
Призвание и цели: моята рецептаSvetlin Nakov
 
What Mongolian IT Industry Can Learn from Bulgaria?
What Mongolian IT Industry Can Learn from Bulgaria?What Mongolian IT Industry Can Learn from Bulgaria?
What Mongolian IT Industry Can Learn from Bulgaria?Svetlin Nakov
 
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)How to Become a Software Developer - Nakov in Mongolia (Oct 2022)
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)Svetlin Nakov
 
Blockchain and DeFi Overview (Nakov, Sept 2021)
Blockchain and DeFi Overview (Nakov, Sept 2021)Blockchain and DeFi Overview (Nakov, Sept 2021)
Blockchain and DeFi Overview (Nakov, Sept 2021)Svetlin Nakov
 

Plus de Svetlin Nakov (20)

BG-IT-Edu: отворено учебно съдържание за ИТ учители
BG-IT-Edu: отворено учебно съдържание за ИТ учителиBG-IT-Edu: отворено учебно съдържание за ИТ учители
BG-IT-Edu: отворено учебно съдържание за ИТ учители
 
Programming World in 2024
Programming World in 2024Programming World in 2024
Programming World in 2024
 
AI Tools for Business and Startups
AI Tools for Business and StartupsAI Tools for Business and Startups
AI Tools for Business and Startups
 
AI Tools for Scientists - Nakov (Oct 2023)
AI Tools for Scientists - Nakov (Oct 2023)AI Tools for Scientists - Nakov (Oct 2023)
AI Tools for Scientists - Nakov (Oct 2023)
 
AI Tools for Entrepreneurs
AI Tools for EntrepreneursAI Tools for Entrepreneurs
AI Tools for Entrepreneurs
 
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023
 
AI Tools for Business and Personal Life
AI Tools for Business and Personal LifeAI Tools for Business and Personal Life
AI Tools for Business and Personal Life
 
Дипломна работа: учебно съдържание по ООП - Светлин Наков
Дипломна работа: учебно съдържание по ООП - Светлин НаковДипломна работа: учебно съдържание по ООП - Светлин Наков
Дипломна работа: учебно съдържание по ООП - Светлин Наков
 
Дипломна работа: учебно съдържание по ООП
Дипломна работа: учебно съдържание по ООПДипломна работа: учебно съдържание по ООП
Дипломна работа: учебно съдържание по ООП
 
Свободно ИТ учебно съдържание за учители по програмиране и ИТ
Свободно ИТ учебно съдържание за учители по програмиране и ИТСвободно ИТ учебно съдържание за учители по програмиране и ИТ
Свободно ИТ учебно съдържание за учители по програмиране и ИТ
 
AI and the Professions of the Future
AI and the Professions of the FutureAI and the Professions of the Future
AI and the Professions of the Future
 
Programming Languages Trends for 2023
Programming Languages Trends for 2023Programming Languages Trends for 2023
Programming Languages Trends for 2023
 
IT Professions and How to Become a Developer
IT Professions and How to Become a DeveloperIT Professions and How to Become a Developer
IT Professions and How to Become a Developer
 
GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)GitHub Actions (Nakov at RuseConf, Sept 2022)
GitHub Actions (Nakov at RuseConf, Sept 2022)
 
IT Professions and Their Future
IT Professions and Their FutureIT Professions and Their Future
IT Professions and Their Future
 
How to Become a QA Engineer and Start a Job
How to Become a QA Engineer and Start a JobHow to Become a QA Engineer and Start a Job
How to Become a QA Engineer and Start a Job
 
Призвание и цели: моята рецепта
Призвание и цели: моята рецептаПризвание и цели: моята рецепта
Призвание и цели: моята рецепта
 
What Mongolian IT Industry Can Learn from Bulgaria?
What Mongolian IT Industry Can Learn from Bulgaria?What Mongolian IT Industry Can Learn from Bulgaria?
What Mongolian IT Industry Can Learn from Bulgaria?
 
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)How to Become a Software Developer - Nakov in Mongolia (Oct 2022)
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)
 
Blockchain and DeFi Overview (Nakov, Sept 2021)
Blockchain and DeFi Overview (Nakov, Sept 2021)Blockchain and DeFi Overview (Nakov, Sept 2021)
Blockchain and DeFi Overview (Nakov, Sept 2021)
 

Dernier

Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfTechSoup
 
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRADUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRATanmoy Mishra
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapitolTechU
 
M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxM-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxDr. Santhosh Kumar. N
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational PhilosophyShuvankar Madhu
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICESayali Powar
 
Ultra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxUltra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxDr. Asif Anas
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptxraviapr7
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxKatherine Villaluna
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 
5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...CaraSkikne1
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17Celine George
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17Celine George
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfYu Kanazawa / Osaka University
 

Dernier (20)

Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
 
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRADUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
DUST OF SNOW_BY ROBERT FROST_EDITED BY_ TANMOY MISHRA
 
CapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptxCapTechU Doctoral Presentation -March 2024 slides.pptx
CapTechU Doctoral Presentation -March 2024 slides.pptx
 
M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxM-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptx
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational Philosophy
 
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdfPersonal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
 
Finals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quizFinals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quiz
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICE
 
Ultra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptxUltra structure and life cycle of Plasmodium.pptx
Ultra structure and life cycle of Plasmodium.pptx
 
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptxClinical Pharmacy  Introduction to Clinical Pharmacy, Concept of clinical pptx
Clinical Pharmacy Introduction to Clinical Pharmacy, Concept of clinical pptx
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 
5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...5 charts on South Africa as a source country for international student recrui...
5 charts on South Africa as a source country for international student recrui...
 
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quizPrelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
 

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)

  • 1. Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA Cryptography for Java Developers Dr. Svetlin Nakov Co-Founder, Chief Training & Innovation @ Software University (SoftUni) https://nakov.com Software University (SoftUni) – http://softuni.org
  • 2. Table of Contents 1. About the Speaker 2. What is Cryptography? 3. Cryptography in Java – APIs and Libraries 4. Hashes, MAC Codes and Key Derivation (KDF) 5. Encrypting Passwords: from Plaintext to Argon2 6. Symmetric Encryption: AES (KDF + Block Modes + IV + MAC) 7. Digital Signatures, Elliptic Curves, ECDSA, EdDSA 2
  • 3.  Software engineer, trainer, entrepreneur, PhD, author of 15+ books, blockchain expert  3 successful tech educational initiatives (150,000+ students) About Dr. Svetlin Nakov 3
  • 4. Book "Practical Cryptography for Developers" 4 GitHub: github.com/nakov/pra ctical-cryptography- for-developers-book Book site: https://cryptobook. nakov.com
  • 6.  Cryptography provides security and protection of information  Storing and transmitting data in a secure way  Hashing data (message digest) and MAC codes  Encrypting and decrypting data  Symmetric and asymmetric schemes  Key derivation functions (KDF)  Key agreement schemes, digital certificates  Digital signatures (sign / verify) What is Cryptography? 6
  • 7. Cryptography in Java: JCA, Bouncy Castle, Other Libraries
  • 8.  JDK defines security APIs based on pluggable security providers  Build-in providers (come with JDK) and 3rd party providers  Named algorithms, e.g.  MessageDigest: SHA-256, SHA3- 256, RipeMD160, Skein-1024  Cipher: AES, Blowfish, ECIES  Signature: SHA3-256withECDSA, SHA512withRSA, SHA384withDSA Java Security: Architecture 8
  • 9.  Cryptography in Java is based on the Java Cryptography Architecture (JCA)  The built-in functionality is limited  Typical Java style: lot of boilerplate code  Bouncy Castle is a leading Java crypto library / API / provider  https://www.bouncycastle.org/java.html  Argon2 JVM – fast Argon2 native implementation for Java  https://github.com/phxql/argon2-jvm Cryptography APIs in Java 9
  • 10.  Cava Crypto – excellent simple ECDSA library for secp256k1  https://github.com/ConsenSys/cava  https://github.com/ConsenSys/cava/tree/master/crypto  Web3j / Crypto – a simplified library for secp256k1 signatures  https://github.com/web3j  Ed25519-Java – simple EdDSA and Ed25519 implementation  https://github.com/str4d/ed25519-java Cryptography APIs in Java 10
  • 11.  Use Maven / Gradle to install the Java crypto libraries  Installing the Bouncy Castle crypto provider / API Installing the Libraries 11 pom.xml <!-- Install the Bouncy Castle crypto provider for Java --> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.60</version> </dependency>
  • 13. What is Cryptographic Hash Function? 13  One-way transformation, infeasible to invert  Extremely little chance to find a collision Some text Some text Some text Some text Some text Some text Some text 20c9ad97c081d63397d 7b685a412227a40e23c 8bdc6688c6f37e97cfb c22d2b4d1db1510d8f6 1e6a8866ad7f0e17c02 b14182d37ea7c3c8b9c 2683aeb6b733a1 Text Hash (digest) Cryptographic hash function
  • 14.  SHA-2 (SHA-256, SHA-384, SHA-512)  Secure crypto hash function, the most widely used today (RFC 4634)  Used in Bitcoin, IPFS, many others  SHA-3 (SHA3-256, SHA3-384, SHA3-512) / Keccak-256  Strong cryptographic hash function, more secure than SHA-2  Used in Ethereum and many modern apps Modern Hashes: SHA-2, SHA3 14 SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7 425e73043362938b9824 SHA3-256('hello') = 3338be694f50c5f338814986cdf0686453a888b84f4 24d792af4b9202398f392
  • 15.  BLAKE2 (BLAKE2s – 256-bit, BLAKE2b – 512-bit)  Secure crypto hash function, very fast  RIPEMD-160 (160-bit crypto hash)  Considered weak, just 160-bits, still unbroken  Broken hash algorithms: MD5, SHA-1, MD4, SHA-0, MD2  Git and GitHub still use SHA-1 and suffer of collision attacks Modern Hashes: BLAKE2, RIPEMD-160 15 BLAKE2s('hello') = 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8 997eb00be456f140ca25 RIPEMD-160('hello') = 108f07b8382412612c048d07d13f814118445acd
  • 16.  Calculate SHA-256 hash using the built-in JCA provider: SHA-256 in Java – Example 16 var digest = MessageDigest.getInstance("SHA-256"); digest.update("hello".getBytes()); byte[] hash = digest.digest(); System.out.println("SHA-256('hello') = " + Hex.toHexString(hash)); import java.security.MessageDigest; import org.bouncycastle.util.encoders.Hex; SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
  • 17.  Calculate RIPEMD-160 hash using the Bouncy Castle provider: RIPEMD-160 in Java – Example 17 var digest = MessageDigest.getInstance("RIPEMD160"); digest.update("hello".getBytes()); byte[] hash = digest.digest(); System.out.println("RIPEMD-160('hello') = " + Hex.toHexString(hash)); import java.security.*; import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; // One-time registration of the "BouncyCastle" JCA provider Security.addProvider(new BouncyCastleProvider()); 108f07b8382412612c048d07d13f814118445acd
  • 18. HMAC and Key Derivation (KDF) MAC, HMAC, PBKDF2, Scrypt, Argon2
  • 19.  HMAC = Hash-based Message Authentication Code (RFC 2104)  HMAC(key, msg, hash_func)  hash  Message hash mixed with a secret shared key  Used for message integrity / authentication / key derivation MAC Codes and HMAC 19 HMAC('key', 'hello', SHA-256) = 9307b3b915efb5171ff14d8cb55fbc c798c6c0ef1456d66ded1a6aa723a58b7b HMAC('key', 'hello', RIPEMD-160) = 43ab51f803a68a8b894cb32ee19e6854e9f4e468
  • 20.  Calculate HMAC-SHA-256 hash using the built-in JCA provider: HMAC in Java – Example 20 Mac mac = Mac.getInstance("HmacSHA256"); Key key = new SecretKeySpec("key".getBytes(), "HmacSHA256"); mac.init(key); byte[] hash = mac.doFinal("hello".getBytes()); System.out.println("HMAC-SHA-256: " + Hex.toHexString(hash)); import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import java.security.Key; import org.bouncycastle.util.encoders.Hex; HMAC-SHA-256: 9307b3b915efb5171ff14d8cb55fbcc798c6c0ef1456d66ded1a6aa723a58b7b
  • 21.  Key derivation function (KDF) == function(password)  key  PBKDF2 (Password-Based Key Derivation Function 2, RFC 2898) Key Derivation Functions (KDF) 21 PBEKeySpec spec = new PBEKeySpec("password".toCharArray(), "salt".getBytes(), 1000, 128); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); byte[] derivedKey = keyFactory.generateSecret(spec).getEncoded(); System.out.println("PBKDF2 key: " + Hex.toHexString(derivedKey)); PBKDF2 derived key: 632c2812e46d4604102ba7618e9d6d7d
  • 22.  Scrypt (RFC 7914) is a strong cryptographic key-derivation function  Memory intensive, designed to prevent ASIC and FPGA attacks  key = Scrypt(password, salt, N, r, p, derived-key-len)  N – iterations count (affects memory and CPU usage), e.g. 16384  r – block size (affects memory and CPU usage), e.g. 8  p – parallelism factor (threads to run in parallel), usually 1  Memory used = 128 * N * r * p bytes, e.g. 128 * 16384 * 8 = 16 MB  Parameters for interactive login: N=16384, r=8, p=1 (RAM=16MB)  Parameters for file encryption: N=1048576, r=8, p=1 (RAM=1GB) Key Derivation Functions: Scrypt 22
  • 23. Scrypt in Java – Example 23 // One-time registration of the "BouncyCastle" JCA provider Security.addProvider(new BouncyCastleProvider()); ScryptKeySpec spec = new ScryptKeySpec( "password".toCharArray(), "salt".getBytes(), 16384, 8, 1, 128); var keyFact = SecretKeyFactory.getInstance("Scrypt"); byte[] derivedKey = keyFact.generateSecret(spec).getEncoded(); System.out.println("Scrypt: " + Hex.toHexString(derivedKey)); Scrypt: 745731af4484f323968969eda289aeee
  • 24.  Argon2 is ASIC-resistant KDF, stronger than Scrypt and bcrypt  Recommended due to better ASIC-resistance Key Derivation: Argon2 24 pom.xml <!-- Install Argon2-JVM – fast native Argon2 library for Java --> <dependency> <groupId>de.mkammerer</groupId> <artifactId>argon2-jvm</artifactId> <version>2.5</version> </dependency>
  • 25. Argon2 in Java – Example 25 import de.mkammerer.argon2.Argon2Advanced; import de.mkammerer.argon2.Argon2Factory; import org.bouncycastle.util.encoders.Hex; Argon2Advanced argon2 = Argon2Factory.createAdvanced( Argon2Factory.Argon2Types.ARGON2id); byte[] hash = argon2.rawHash(16, 1 << 15, 2, "password", "some salt".getBytes()); System.out.println("Argon2 hash: " + Hex.toHexString(hash)); Argon2 hash: 157f21dd3fdf7bafb76d2923ccaffa0b7be7cbae394709474d2bc66ee7b09d3e
  • 26.  Clear-text passwords, e.g. store the password directly in the DB  Never do anti-pattern!  Simple password hash, e.g. store SHA256(password) in the DB  Highly insecure, still better than clear-text, dictionary attacks  Salted hashed passwords, e.g. store HMAC(pass, random_salt)  Almost secure, GPU / ASIC-crackable  ASIC-resistant KDF password hash, e.g. Argon2(password)  Recommended, secure (when the KDF settings are secure) Password Encryption (Register / Login) 26
  • 27.  Argon2 is the recommended password-hashing for apps Encrypting Passwords: Argon2 27 String hash = argon2.hash(8, 1 << 16, 4, "password"); System.out.println("Argon2 hash (random salt): " + hash); System.out.println("Argon2 verify (correct password): " + argon2.verify(hash, "password")); System.out.println("Argon2 verify (wrong password): " + argon2.verify(hash, "wrong123")); Argon2 hash (random salt): $argon2id$v=19$m=65536,t=8,p=4$FW2kqbP+nidwHnT3Oc vSEg$oYlK3rXJvk0Be+od3To131Cnr8JksL39gjnbMlUCCTk Argon2 verify (correct password): true Argon2 verify (wrong password): false Register Login Invalid Login
  • 28. Symmetric Encryption AES, Block Modes, Authenticated Encryption encrypt (secret key) I am a non- encrypted message … decrypt (secret key) I am a non- encrypted message …
  • 29.  Symmetric key ciphers  Use the same key (or password) to encrypt and decrypt data  Popular symmetric algorithms  AES, ChaCha20, Twofish, Serpent, RC5, RC6  Broken algorithms (don't use them!)  DES, 3DES, RC2, RC4 Symmetric Key Ciphers 29
  • 30.  Block ciphers  Split data on blocks (e.g. 128 bits), then encrypt each block separately, change the internal state, encrypt the next block, …  Stream ciphers  Work on sequences of data (encrypts / decrypts byte by byte)  Block ciphers can be transformed to stream ciphers  Using block mode of operation (e.g. CBC, CTR, GCM, CFB, …)  https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation Symmetric Key Ciphers 30
  • 31.  AES – Advanced Encryption Standard (Rijndael)  Symmetric key block cipher (128-bit blocks)  Key lengths: 128, 160, 192, 224 and 256 bits  No significant practical attacks are known for AES  Modern CPU hardware implements AES instructions  This speeds-up AES and secure Internet communication  AES is used by most Internet Web sites for the https:// content The "AES" Cipher 31
  • 32.  AES is a "block cipher" – encrypts block by block (e.g. 128 bits)  Supports several modes of operation (CBC, CTR, GCM, …)  Some modes of operation (like CBC / CTR) require initial vector (IV)  Non-secret random salt  used to get different result each time  Recommended modes: CTR (Counter) or GCM (Galois/Counter)  CBC may use a padding algorithm (typically PKCS7) to help splitting the input data into blocks of fixed block-size (e.g. 128 bits)  May use password to key derivation function, e.g. Argon2(passwd)  May use MAC to check the password validity, e.g. HMAC(text, key) AES Cipher Settings 32
  • 33. The AES Encryption Process 33 input msg random IV+ AES key+ ciphertext input msg MAC key+ MAC code input msg key+ AES ciphertext MAC+IV+ KDF password key kdf-salt+
  • 34. The AES Decryption Process 34 original msg MAC key+ MAC code AES ciphertext IV+ KDF password key original msg decrypt Decryption MAC code compare Encryption MAC code key+ kdf-salt+
  • 35. AES-256-CTR-Argon2-HMAC – Encrypt 35 static Map<String, String> aes256CtrArgon2HMacEncrypt( String plainText, String password) throws Exception { // Derive a secret key from the encryption password SecureRandom rand = new SecureRandom(); byte[] argon2salt = new byte[16]; rand.nextBytes(argon2salt); // Generate 128-bit salt byte[] argon2hash = Argon2Factory.createAdvanced( Argon2Factory.Argon2Types.ARGON2id).rawHash(16, 1 << 15, 2, password, argon2salt); Key secretKey = new SecretKeySpec(argon2hash, "AES");
  • 36. AES-256-CTR-Argon2-HMAC – Encrypt 36 // AES encryption: {plaintext + IV + secretKey} -> ciphertext byte[] aesIV = new byte[16]; rand.nextBytes(aesIV); // Generate 128-bit IV (salt) IvParameterSpec ivSpec = new IvParameterSpec(aesIV); Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec); byte[] plainTextBytes = plainText.getBytes("utf8"); byte[] cipherBytes = cipher.doFinal(plainTextBytes); // Calculate the MAC of the plaintext with the argon2hash Mac mac = Mac.getInstance("HmacSHA256"); Key macKey = new SecretKeySpec(argon2hash, "HmacSHA256"); mac.init(macKey); byte[] hmac = mac.doFinal(plainText.getBytes("utf8"));
  • 37. AES-256-CTR-Argon2-HMAC – Encrypt 37 var encryptedMsg = Map.of( "kdf", "argon2", "kdfSalt", Hex.toHexString(argon2salt), "cipher", "aes-256-ctr", "cipherIV", Hex.toHexString(aesIV), "cipherText", Hex.toHexString(cipherBytes), "mac", Hex.toHexString(hmac) ); return encryptedMsg; Encrypted msg: {cipherIV=dd088070cf4f2f6c6560b8fa7fb43f49, kdf=argon2, cipherText=a847f3b2bc59278107, mac=6c143d139d0d7b29aaa 4e0dc5916908d3c27576f4856e3ef487be6eafb23b39a, kdfSalt=90c6fcc318f d273f4f661c019b39b8ed, cipher=aes-256-ctr}
  • 38. AES-256-CTR-Argon2-HMAC – Decrypt 38 static String aes256CtrArgon2HMacDecrypt(Map<String, String> encryptedMsg, String password) throws Exception { // Derive the secret key from the encryption password with argon2salt byte[] argon2salt = Hex.decode(encryptedMsg.get("kdfSalt")); byte[] argon2hash = Argon2Factory.createAdvanced( Argon2Factory.Argon2Types.ARGON2id).rawHash(16, 1 << 15, 2, password, argon2salt);
  • 39. AES-256-CTR-Argon2-HMAC – Decrypt 39 // AES decryption: {cipherText + IV + secretKey} -> plainText byte[] aesIV = Hex.decode(encryptedMsg.get("cipherIV")); IvParameterSpec ivSpec = new IvParameterSpec(aesIV); Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding"); Key secretKey = new SecretKeySpec(argon2hash, "AES"); cipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec); byte[] cipherTextBytes = Hex.decode(encryptedMsg.get("cipherText")); byte[] plainTextBytes = cipher.doFinal(cipherTextBytes); String plainText = new String(plainTextBytes, "utf8");
  • 40. AES-256-CTR-Argon2-HMAC – Decrypt 40 // Calculate & check the MAC code: HMAC(plaintext, argon2hash) Mac mac = Mac.getInstance("HmacSHA256"); Key macKey = new SecretKeySpec(argon2hash, "HmacSHA256"); mac.init(macKey); byte[] hmac = mac.doFinal(plainText.getBytes("utf8")); String decodedMac = Hex.toHexString(hmac); String cipherTextMac = encryptedMsg.get("mac"); if (! decodedMac.equals(cipherTextMac)) throw new InvalidKeyException("MAC does not match: maybe wrong password"); return plainText; }
  • 42.  Digital signatures provide message signing / verification  Authentication (proof that known sender have signed the message)  Integrity (the message cannot be altered after signing)  Non-repudiation (signer cannot deny message signing)  Digital signatures are based on public key cryptography  Messages are signed by someone's private key  Signatures are verified by the corresponding public key  May use RSA, DSA, elliptic curves (ECC) like ECDSA / EdDSA Digital Signatures – Concepts 42
  • 43.  Uses a pair of keys: public key + private key  Sign / decrypt by private key  Verify / encrypt by public key Public Key Cryptography 43
  • 44.  Well-known public-key crypto-systems  RSA – based on discrete logarithms  ECC – based on elliptic curves  ECC cryptography is considered more secure  3072-bit RSA key ≈≈ 256-bit ECC key  ~ 128-bit security level  Most blockchains (like Bitcoin, Ethereum and EOS) use ECC  But be warned: ECC is not quantum-safe! Public Key Crypto Systems 44
  • 45.  Digital signatures in Java are painful  use external libraries  Use the "Cava Crypto" library for secp256k1 ECDSA signatures ECDSA in Java – Example 45 pom.xml !-- Install Cava Crypto: simple secp256k1 ECDSA library --> <dependency> <groupId>net.consensys.cava</groupId> <artifactId>cava-crypto</artifactId> <version>0.5.0</version> </dependency>
  • 46. ECDSA in Java – Example 46  Registering the Bouncy Castle crypto provider  Generating public + private key pair: Security.addProvider(new BouncyCastleProvider()); // Generate random key-pair SECP256K1.KeyPair keyPair = SECP256K1.KeyPair.random(); // Load key-pair from existing private key SECP256K1.KeyPair keyPair = SECP256K1.KeyPair.fromSecretKey( SECP256K1.SecretKey.fromInteger(new BigInteger( "207724f0eba0800350f579726c2a8bbd1ac6385f4168e493cfd91efe522959cf", 16)));
  • 47. ECDSA in Java – Example 47 System.out.println("Private key (256 bits): " + Hex.toHexString(keyPair.secretKey().bytesArray())); System.out.println("Public key (512 bits): 04" + Hex.toHexString(keyPair.publicKey().bytesArray())); System.out.println("Public key (compressed): " + compressPubKey(keyPair.publicKey())); static String compressPubKey(SECP256K1.PublicKey pk) { BigInteger pubKey = new BigInteger(1, pk.bytesArray()); String pubKeyYPrefix = pubKey.testBit(0) ? "03" : "02"; String pubKeyHex = pubKey.toString(16); String pubKeyX = pubKeyHex.substring(0, 64); return pubKeyYPrefix + pubKeyX; }
  • 48.  Signing a message with SHA256 + ECDSA with secp256k1 ECDSA in Java – Example 48 String msg = "Message for signing"; byte[] msgHash = Hash.sha2_256(msg.getBytes()); var signature = SECP256K1.signHashed(msgHash, keyPair); System.out.println("Msg: " + msg); System.out.println("Msg hash: " + Hex.toHexString(msgHash)); System.out.printf("Signature: [r = %s, s = %s, v = %d]n", signature.r().toString(16), signature.s().toString(16), signature.v()); Signature: [r = 3ce2c58b02a06f16c849d6ac1d05e9d6dc41b92929ed2733d3 ddf060e2035c20, s = 292d5d83ffd5a46befeef33a9c6e9fc562d412e0d90934 dfb4ed0a7d80caff61, v = 0]
  • 49.  Verify ECDSA signature: ECDSA in Java – Example 49 boolean validSig = SECP256K1.verifyHashed( msgHash, signature, keyPair.publicKey()); System.out.println("Signature valid (correct key)? " + validSig); boolean validSigWrongKey = SECP256K1.verifyHashed( msgHash, signature, SECP256K1.KeyPair.random().publicKey()); System.out.println("Signature valid (wrong key)? " + validSigWrongKey); Signature valid (wrong key)? false Signature valid (correct key)? true
  • 50. ECDSA + secp256k1: Recover Public Key 50 // Recover the public key from msg + signature SECP256K1.PublicKey recoveredPubKey = SECP256K1.PublicKey. recoverFromHashAndSignature(msgHash, signature); System.out.println("Recovered pubKey: 04" + Hex.toHexString(recoveredPubKey.bytesArray())); System.out.println("Signature valid ? " + recoveredPubKey.equals(keyPair.publicKey())); Recovered pubKey: 0425c919aa487e577cc361f43a9b81f3484286ac6132c9ef f047ec6eca6c1dcc89200c1bf5d6da42a8206a2f01b585d35ea05c2648050f3dd4 c98fc0b87f5191e5 Signature valid ? true
  • 51.  EdDSA is elliptic curve-based digital signature scheme (based on Edwards curves)  Ed25519 is fast Edwards curve, used for EdDSA signatures  256-bit public key (252 + 5 fixed bits) and 256-bit private key  Supported by 3rd party libraries like  https://github.com/str4d/ed25519-java  EdDSA is preferred to ECDSA in most modern apps  Faster and easier to use EdDSA + Ed25519 Signatures 51
  • 52. EdDSA in Java – Example 52  Installing the required library Ed25519-Java using Maven  Registering the EdDSA-Java crypto provider Security.addProvider(new EdDSASecurityProvider()); pom.xml <dependency> <groupId>net.i2p.crypto</groupId> <artifactId>eddsa</artifactId> <version>0.3.0</version> </dependency>
  • 53. EdDSA in Java – Example 53  Generating a random EdDSA public + private key pair var keyGen = KeyPairGenerator.getInstance("EdDSA"); var keyPair = keyGen.generateKeyPair(); System.out.println("Private key: " + Hex.toHexString(keyPair.getPrivate().getEncoded())); System.out.println("Public key: " + Hex.toHexString(keyPair.getPublic().getEncoded())); Private key: 302e020100300506032b657004220420b57ea3f12b503be8e7c89 99dd9cb630ecb06cb68e10763fb40331e5131b2a1f0 Public key: 302a300506032b6570032100796295d26f7a69a2a573cf95f99bd5 becb906e757bb55424deb4ed00a99cc572
  • 54. EdDSA in Java – Example 54  Signing a message with EdDSA String msg = "Message for signing"; Signature signer = new EdDSAEngine( MessageDigest.getInstance("SHA-512")); signer.initSign(keyPair.getPrivate()); signer.update(msg.getBytes()); byte[] signature = signer.sign(); System.out.println("Signature: " + Hex.toHexString(signature)); Signature: 1256d92d27b5b4e633494b86f5f55dc18155ae4eed35d5f596f1dbb 894acef0df7e2b756ef5e5681260d2f46dd1c26e180591e1ec3f9997f213ddf0ca 55c6703
  • 55. EdDSA in Java – Example 55  Verifying EdDSA signature: {msg + signature + pubKey}  bool Signature verifier = new EdDSAEngine(MessageDigest.getInstance("SHA-512")); verifier.initVerify(keyPair.getPublic()); verifier.update(msg.getBytes()); boolean validSig = verifier.verify(signature); System.out.println("Signature valid (correct key)? " + validSig); Signature valid (correct key)? true
  • 56. Live Demos and Code Examples https://github.com/nakov/Java-Cryptography-Examples